kube-cascade/tubearchivist/tubearchivist.yaml

---
# Source: tubearchivist/charts/redis/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
  name: tubearchivist-redis
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
---
# Source: tubearchivist/charts/elasticsearch/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tubearchivist-elasticsearch
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: elasticsearch
    helm.sh/chart: elasticsearch-19.5.12
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
data:
  my_elasticsearch.yml: |-
    path:
      repo: /usr/share/elasticsearch/data/snapshot
---
# Source: tubearchivist/charts/redis/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tubearchivist-redis-configuration
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
data:
  redis.conf: |-
    # User-supplied common configuration:
    # Enable AOF https://redis.io/topics/persistence#append-only-file
    appendonly yes
    # Disable RDB persistence, AOF persistence already enabled.
    save ""
    # Enable Redis Json module
    loadmodule /opt/redis-stack/lib/rejson.so
    # End of common configuration
  master.conf: |-
    dir /data
    # User-supplied master configuration:
    rename-command FLUSHDB ""
    rename-command FLUSHALL ""
    # End of master configuration
  replica.conf: |-
    dir /data
    # User-supplied replica configuration:
    rename-command FLUSHDB ""
    rename-command FLUSHALL ""
    # End of replica configuration
---
# Source: tubearchivist/charts/redis/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tubearchivist-redis-health
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
data:
  ping_readiness_local.sh: |-
    #!/bin/bash

    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
    [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
    response=$(
      timeout -s 3 $1 \
      redis-cli \
        -h localhost \
        -p $REDIS_PORT \
        ping
    )
    if [ "$?" -eq "124" ]; then
      echo "Timed out"
      exit 1
    fi
    if [ "$response" != "PONG" ]; then
      echo "$response"
      exit 1
    fi
  ping_liveness_local.sh: |-
    #!/bin/bash

    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
    [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
    response=$(
      timeout -s 3 $1 \
      redis-cli \
        -h localhost \
        -p $REDIS_PORT \
        ping
    )
    if [ "$?" -eq "124" ]; then
      echo "Timed out"
      exit 1
    fi
    responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
    if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then
      echo "$response"
      exit 1
    fi
  ping_readiness_master.sh: |-
    #!/bin/bash

    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
    [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
    response=$(
      timeout -s 3 $1 \
      redis-cli \
        -h $REDIS_MASTER_HOST \
        -p $REDIS_MASTER_PORT_NUMBER \
        ping
    )
    if [ "$?" -eq "124" ]; then
      echo "Timed out"
      exit 1
    fi
    if [ "$response" != "PONG" ]; then
      echo "$response"
      exit 1
    fi
  ping_liveness_master.sh: |-
    #!/bin/bash

    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
    [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
    response=$(
      timeout -s 3 $1 \
      redis-cli \
        -h $REDIS_MASTER_HOST \
        -p $REDIS_MASTER_PORT_NUMBER \
        ping
    )
    if [ "$?" -eq "124" ]; then
      echo "Timed out"
      exit 1
    fi
    responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
    if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then
      echo "$response"
      exit 1
    fi
  ping_readiness_local_and_master.sh: |-
    script_dir="$(dirname "$0")"
    exit_status=0
    "$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
    "$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
    exit $exit_status
  ping_liveness_local_and_master.sh: |-
    script_dir="$(dirname "$0")"
    exit_status=0
    "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
    "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
    exit $exit_status
---
# Source: tubearchivist/charts/redis/templates/scripts-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tubearchivist-redis-scripts
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
data:
  start-master.sh: |
    #!/bin/bash

    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
    if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
    fi
    if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
    fi
    ARGS=("--port" "${REDIS_PORT}")
    ARGS+=("--protected-mode" "no")
    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
    ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
    exec redis-server "${ARGS[@]}"
  start-replica.sh: |
    #!/bin/bash

    get_port() {
        hostname="$1"
        type="$2"

        port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
        port=${!port_var}

        if [ -z "$port" ]; then
            case $type in
                "SENTINEL")
                    echo 26379
                    ;;
                "REDIS")
                    echo 6379
                    ;;
            esac
        else
            echo $port
        fi
    }

    get_full_hostname() {
        hostname="$1"
        full_hostname="${hostname}.${HEADLESS_SERVICE}"
        echo "${full_hostname}"
    }

    REDISPORT=$(get_port "$HOSTNAME" "REDIS")

    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
    if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
    fi
    if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
    fi

    echo "" >> /opt/bitnami/redis/etc/replica.conf
    echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
    echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
    ARGS=("--port" "${REDIS_PORT}")
    ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
    ARGS+=("--protected-mode" "no")
    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
    ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
    exec redis-server "${ARGS[@]}"
---
# Source: tubearchivist/charts/elasticsearch/templates/master/svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
  name: tubearchivist-elasticsearch-master-hl
  namespace: "tubearchivist"
  labels: 
    app.kubernetes.io/name: elasticsearch
    helm.sh/chart: elasticsearch-19.5.12
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: master
spec:
  type: ClusterIP
  publishNotReadyAddresses: true
  ports:
    - name: tcp-rest-api
      port: 9200
      targetPort: rest-api
    - name: tcp-transport
      port: 9300
      targetPort: transport
  selector:
    app.kubernetes.io/name: elasticsearch
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/component: master
---
# Source: tubearchivist/charts/elasticsearch/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: tubearchivist-elasticsearch
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: elasticsearch
    helm.sh/chart: elasticsearch-19.5.12
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: master
  annotations:
spec:
  type: ClusterIP
  sessionAffinity: None
  ports:
    - name: tcp-rest-api
      port: 9200
      targetPort: rest-api
      nodePort: null
    - name: tcp-transport
      port: 9300
      nodePort: null
  selector:
    app.kubernetes.io/name: elasticsearch
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/component: master
---
# Source: tubearchivist/charts/redis/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: tubearchivist-redis-headless
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
  annotations:
    
spec:
  type: ClusterIP
  clusterIP: None
  ports:
    - name: tcp-redis
      port: 6379
      targetPort: redis
  selector:
    app.kubernetes.io/name: redis
    app.kubernetes.io/instance: tubearchivist
---
# Source: tubearchivist/charts/redis/templates/master/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: tubearchivist-redis-master
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: master
spec:
  type: ClusterIP
  internalTrafficPolicy: Cluster
  sessionAffinity: None
  ports:
    - name: tcp-redis
      port: 6379
      targetPort: redis
      nodePort: null
  selector:
    app.kubernetes.io/name: redis
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/component: master
---
# Source: tubearchivist/charts/redis/templates/replicas/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: tubearchivist-redis-replicas
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: replica
spec:
  type: ClusterIP
  internalTrafficPolicy: Cluster
  sessionAffinity: None
  ports:
    - name: tcp-redis
      port: 6379
      targetPort: redis
      nodePort: null
  selector:
    app.kubernetes.io/name: redis
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/component: replica
---
# Source: tubearchivist/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
  name: tubearchivist
  labels:
    app.kubernetes.io/service: tubearchivist
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: tubearchivist
    app.kubernetes.io/version: v0.3.4
    helm.sh/chart: tubearchivist-0.8.6
  annotations:
spec:
  type: ClusterIP
  ports:
    - port: 4180
      targetPort: 4180
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/name: tubearchivist
---
# Source: tubearchivist/templates/common.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tubearchivist
  labels:
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: tubearchivist
    app.kubernetes.io/version: v0.3.4
    helm.sh/chart: tubearchivist-0.8.6
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: tubearchivist
      app.kubernetes.io/instance: tubearchivist
  template:
    metadata:
      labels:
        app.kubernetes.io/name: tubearchivist
        app.kubernetes.io/instance: tubearchivist
    spec:
      
      serviceAccountName: default
      automountServiceAccountToken: true
      dnsPolicy: ClusterFirst
      enableServiceLinks: true
      securityContext:
        sysctls:
        - name: net.ipv4.tcp_rmem
          value: "4096 87380 33554432"
        - name: net.ipv4.tcp_wmem
          value: "4096 65536 33554432"
      initContainers:
      - name: killswitch
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -j DROP
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
      containers:
        - name: tubearchivist
          image: "bbilly1/tubearchivist:v0.4.5"
          imagePullPolicy: IfNotPresent
          env:
            - name: ELASTIC_PASSWORD
              value: changeme
            - name: ES_URL
              value: http://tubearchivist-elasticsearch:9200
            - name: HOST_GID
              value: "100"
            - name: HOST_UID
              value: "1029"
            - name: REDIS_HOST
              value: tubearchivist-redis-master
            - name: TA_AUTH_PROXY_LOGOUT_URL
              value: https://tubearchivist.strudelline.net/oauth2/sign_out
            - name: TA_AUTH_PROXY_USERNAME_HEADER
              value: HTTP_X_FORWARDED_PREFERRED_USERNAME
            - name: TA_ENABLE_AUTH_PROXY
              value: "true"
            - name: TA_HOST
              value: tubearchivist.strudelline.net
            - name: TA_PASSWORD
              value: changeme
            - name: TA_USERNAME
              value: james
            - name: TA_MEDIA_DIR
              value: /youtube
          ports:
            - name: http-insecure
              containerPort: 8000
              protocol: TCP
          volumeMounts:
            - name: cache
              mountPath: /cache
            - name: youtube
              mountPath: /youtube
          livenessProbe:
            failureThreshold: 3
            initialDelaySeconds: 0
            periodSeconds: 10
            tcpSocket:
              port: 8000
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            initialDelaySeconds: 0
            periodSeconds: 10
            tcpSocket:
              port: 8000
            timeoutSeconds: 1
          startupProbe:
            failureThreshold: 30
            initialDelaySeconds: 0
            periodSeconds: 5
            tcpSocket:
              port: 8000
            timeoutSeconds: 1
        - name: vpn
          image: xjasonlyu/tun2socks:latest
          command: ["sh","-c"]
          args:
          - |
              mkdir -p /dev/net
              mknod /dev/net/tun c 10 200
              exec /entrypoint.sh
          env:
          - name: TUN
            value: tun0
          - name: PROXY
            value: socks5://172.16.17.180:1080
          - name: TUN_EXCLUDED_ROUTES
            value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
          securityContext:
            capabilities:
              add: ["NET_ADMIN","SYS_TIME"]
        - name: oauth2-proxy
          image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
          imagePullPolicy: IfNotPresent
          env:
          - name: OAUTH2_PROXY_CLIENT_ID
            valueFrom:
              secretKeyRef:
                name: oidc-client
                key: client_id
          - name: OAUTH2_PROXY_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
                name: oidc-client
                key: client_secret
          - name: OAUTH2_PROXY_COOKIE_SECRET
            valueFrom:
              secretKeyRef:
                name: oauth2-proxy
                key: cookie_secret
          - name: OAUTH2_PROXY_UPSTREAMS
            value: http://localhost:8000
          args:
          - --http-address=0.0.0.0:4180
          - --whitelist-domain=strudelline.net:*
          - --whitelist-domain=.strudelline.net:*
          - --cookie-domain=strudelline.net
          - --email-domain=werts.us
          - --email-domain=strudelline.net
          - --email-domain=andariese.net
          - --skip-auth-route=GET=^/api/
          - --skip-auth-route=OPTIONS=^/api/
          - --cookie-secure
          - --skip-provider-button
          - --set-xauthrequest
          - --pass-user-headers
          - --provider=oidc
          - --oidc-issuer-url=https://auth.werts.us/realms/werts
          - --cookie-csrf-per-request
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /ping
              port: http
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          ports:
          - containerPort: 4180
            name: http
            protocol: TCP
      volumes:
        - name: cache
          nfs:
            server: 172.16.18.1
            path: /volume1/youtube/tubearchivist-cache
        - name: youtube
          nfs:
            server: 172.16.18.1
            path: /volume1/youtube
---
# Source: tubearchivist/charts/elasticsearch/templates/master/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: tubearchivist-elasticsearch-master
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: elasticsearch
    helm.sh/chart: elasticsearch-19.5.12
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: master
    ## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
    app: master
spec:
  replicas: 1
  podManagementPolicy: Parallel
  selector:
    matchLabels:
      app.kubernetes.io/name: elasticsearch
      app.kubernetes.io/instance: tubearchivist
      app.kubernetes.io/component: master
  serviceName: tubearchivist-elasticsearch-master-hl
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: elasticsearch
        helm.sh/chart: elasticsearch-19.5.12
        app.kubernetes.io/instance: tubearchivist
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: master
        ## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
        app: master
      annotations:
    spec:
      serviceAccountName: default
      
      affinity:
        podAffinity:
          
        podAntiAffinity:
          
        nodeAffinity:
          
      securityContext:
        fsGroup: 1001
      initContainers:
        ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
        - name: sysctl
          image: docker.io/bitnami/bitnami-shell:11-debian-11-r87
          imagePullPolicy: "IfNotPresent"
          command:
            - /bin/bash
            - -ec
            - |
              CURRENT=`sysctl -n vm.max_map_count`;
              DESIRED="262144";
              if [ "$DESIRED" -gt "$CURRENT" ]; then
                  sysctl -w vm.max_map_count=262144;
              fi;
              CURRENT=`sysctl -n fs.file-max`;
              DESIRED="65536";
              if [ "$DESIRED" -gt "$CURRENT" ]; then
                  sysctl -w fs.file-max=65536;
              fi;
          securityContext:
            privileged: true
            runAsUser: 0
          resources:
            limits: {}
            requests: {}
      containers:
        - name: elasticsearch
          image: docker.io/bitnami/elasticsearch:8.6.0
          imagePullPolicy: "IfNotPresent"
          securityContext:
            runAsNonRoot: true
            runAsUser: 1001
          env:
            - name: BITNAMI_DEBUG
              value: "false"
            - name: MY_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: ELASTICSEARCH_IS_DEDICATED_NODE
              value: "no"
            - name: ELASTICSEARCH_NODE_ROLES
              value: "master"
            - name: ELASTICSEARCH_TRANSPORT_PORT_NUMBER
              value: "9300"
            - name: ELASTICSEARCH_HTTP_PORT_NUMBER
              value: "9200"
            - name: ELASTICSEARCH_CLUSTER_NAME
              value: "elastic"
            - name: ELASTICSEARCH_CLUSTER_HOSTS
              value: "tubearchivist-elasticsearch-master-hl.tubearchivist.svc.cluster.local,"
            - name: ELASTICSEARCH_TOTAL_NODES
              value: "1"
            - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
              value: tubearchivist-elasticsearch-master-0 
            - name: ELASTICSEARCH_MINIMUM_MASTER_NODES
              value: "1"
            - name: ELASTICSEARCH_ADVERTISED_HOSTNAME
              value: "$(MY_POD_NAME).tubearchivist-elasticsearch-master-hl.tubearchivist.svc.cluster.local"
            - name: ELASTICSEARCH_HEAP_SIZE
              value: "128m"
            - name: discovery.type
              value: single-node
            - name: xpack.security.enabled
              value: "true"
            - name: ELASTIC_PASSWORD
              value: changeme
          ports:
            - name: rest-api
              containerPort: 9200
            - name: transport
              containerPort: 9300
          livenessProbe:
            failureThreshold: 5
            initialDelaySeconds: 90
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
            exec:
              command:
                - /opt/bitnami/scripts/elasticsearch/healthcheck.sh
          readinessProbe:
            failureThreshold: 5
            initialDelaySeconds: 90
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
            exec:
              command:
                - /opt/bitnami/scripts/elasticsearch/healthcheck.sh
          resources:
            limits:
              cpu: 1000m
              memory: 1Gi
            requests:
              cpu: 1000m
              memory: 1Gi
          volumeMounts:
            - name: data
              mountPath: /bitnami/elasticsearch/data
            - mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
              name: config
              subPath: my_elasticsearch.yml
            - mountPath: /usr/share/elasticsearch/data/snapshot
              name: snapshot
      volumes:
        - name: config
          configMap:
            name: tubearchivist-elasticsearch
        - emptyDir: {}
          name: snapshot
  volumeClaimTemplates:
    - metadata:
        name: "data"
        annotations:
      spec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: "1Gi"
---
# Source: tubearchivist/charts/redis/templates/master/application.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: tubearchivist-redis-master
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: master
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: redis
      app.kubernetes.io/instance: tubearchivist
      app.kubernetes.io/component: master
  serviceName: tubearchivist-redis-headless
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: redis
        helm.sh/chart: redis-17.7.3
        app.kubernetes.io/instance: tubearchivist
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: master
      annotations:
        checksum/configmap: 6a77e4814a2ada8d778312f1dbb23d2bc70b3c58426f248621921d7e1d399cc5
        checksum/health: dcc4f80ad839504f4e0a945663bae8a4d4cbcb10b20f7dc02a2018d3f89cb4df
        checksum/scripts: 88b6fade24db5b2cf1750b4ef7faee863ae3eb70c54c2caaa39770511845c95d
        checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    spec:
      
      securityContext:
        fsGroup: 1001
      serviceAccountName: tubearchivist-redis
      affinity:
        podAffinity:
          
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: redis
                    app.kubernetes.io/instance: tubearchivist
                    app.kubernetes.io/component: master
                topologyKey: kubernetes.io/hostname
              weight: 1
        nodeAffinity:
          
      terminationGracePeriodSeconds: 30
      containers:
        - name: redis
          image: docker.io/redis/redis-stack-server:6.2.6-v3
          imagePullPolicy: "IfNotPresent"
          securityContext:
            runAsUser: 1001
          command:
            - /bin/bash
          args:
            - -c
            - /opt/bitnami/scripts/start-scripts/start-master.sh
          env:
            - name: BITNAMI_DEBUG
              value: "false"
            - name: REDIS_REPLICATION_MODE
              value: master
            - name: ALLOW_EMPTY_PASSWORD
              value: "yes"
            - name: REDIS_TLS_ENABLED
              value: "no"
            - name: REDIS_PORT
              value: "6379"
          ports:
            - name: redis
              containerPort: 6379
          livenessProbe:
            initialDelaySeconds: 20
            periodSeconds: 5
            # One second longer than command timeout should prevent generation of zombie processes.
            timeoutSeconds: 6
            successThreshold: 1
            failureThreshold: 5
            exec:
              command:
                - sh
                - -c
                - /health/ping_liveness_local.sh 5
          readinessProbe:
            initialDelaySeconds: 20
            periodSeconds: 5
            timeoutSeconds: 2
            successThreshold: 1
            failureThreshold: 5
            exec:
              command:
                - sh
                - -c
                - /health/ping_readiness_local.sh 1
          resources:
            limits: {}
            requests: {}
          volumeMounts:
            - name: start-scripts
              mountPath: /opt/bitnami/scripts/start-scripts
            - name: health
              mountPath: /health
            - name: redis-data
              mountPath: /data
            - name: config
              mountPath: /opt/bitnami/redis/mounted-etc
            - name: redis-tmp-conf
              mountPath: /opt/bitnami/redis/etc/
            - name: tmp
              mountPath: /tmp
      volumes:
        - name: start-scripts
          configMap:
            name: tubearchivist-redis-scripts
            defaultMode: 0755
        - name: health
          configMap:
            name: tubearchivist-redis-health
            defaultMode: 0755
        - name: config
          configMap:
            name: tubearchivist-redis-configuration
        - name: redis-tmp-conf
          emptyDir: {}
        - name: tmp
          emptyDir: {}
  volumeClaimTemplates:
    - metadata:
        name: redis-data
        labels:
          app.kubernetes.io/name: redis
          app.kubernetes.io/instance: tubearchivist
          app.kubernetes.io/component: master
      spec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: "1Gi"
---
# Source: tubearchivist/charts/redis/templates/replicas/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: tubearchivist-redis-replicas
  namespace: "tubearchivist"
  labels:
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-17.7.3
    app.kubernetes.io/instance: tubearchivist
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: replica
spec:
  replicas: 0
  selector:
    matchLabels:
      app.kubernetes.io/name: redis
      app.kubernetes.io/instance: tubearchivist
      app.kubernetes.io/component: replica
  serviceName: tubearchivist-redis-headless
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: redis
        helm.sh/chart: redis-17.7.3
        app.kubernetes.io/instance: tubearchivist
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: replica
      annotations:
        checksum/configmap: 6a77e4814a2ada8d778312f1dbb23d2bc70b3c58426f248621921d7e1d399cc5
        checksum/health: dcc4f80ad839504f4e0a945663bae8a4d4cbcb10b20f7dc02a2018d3f89cb4df
        checksum/scripts: 88b6fade24db5b2cf1750b4ef7faee863ae3eb70c54c2caaa39770511845c95d
        checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    spec:
      
      securityContext:
        fsGroup: 1001
      serviceAccountName: tubearchivist-redis
      affinity:
        podAffinity:
          
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: redis
                    app.kubernetes.io/instance: tubearchivist
                    app.kubernetes.io/component: replica
                topologyKey: kubernetes.io/hostname
              weight: 1
        nodeAffinity:
          
      terminationGracePeriodSeconds: 30
      containers:
        - name: redis
          image: docker.io/redis/redis-stack-server:6.2.6-v3
          imagePullPolicy: "IfNotPresent"
          securityContext:
            runAsUser: 1001
          command:
            - /bin/bash
          args:
            - -c
            - /opt/bitnami/scripts/start-scripts/start-replica.sh
          env:
            - name: BITNAMI_DEBUG
              value: "false"
            - name: REDIS_REPLICATION_MODE
              value: replica
            - name: REDIS_MASTER_HOST
              value: tubearchivist-redis-master-0.tubearchivist-redis-headless.tubearchivist.svc.cluster.local
            - name: REDIS_MASTER_PORT_NUMBER
              value: "6379"
            - name: ALLOW_EMPTY_PASSWORD
              value: "yes"
            - name: REDIS_TLS_ENABLED
              value: "no"
            - name: REDIS_PORT
              value: "6379"
          ports:
            - name: redis
              containerPort: 6379
          startupProbe:
            failureThreshold: 22
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
            tcpSocket:
              port: redis
          livenessProbe:
            initialDelaySeconds: 20
            periodSeconds: 5
            timeoutSeconds: 6
            successThreshold: 1
            failureThreshold: 5
            exec:
              command:
                - sh
                - -c
                - /health/ping_liveness_local_and_master.sh 5
          readinessProbe:
            initialDelaySeconds: 20
            periodSeconds: 5
            timeoutSeconds: 2
            successThreshold: 1
            failureThreshold: 5
            exec:
              command:
                - sh
                - -c
                - /health/ping_readiness_local_and_master.sh 1
          resources:
            limits: {}
            requests: {}
          volumeMounts:
            - name: start-scripts
              mountPath: /opt/bitnami/scripts/start-scripts
            - name: health
              mountPath: /health
            - name: redis-data
              mountPath: /data
            - name: config
              mountPath: /opt/bitnami/redis/mounted-etc
            - name: redis-tmp-conf
              mountPath: /opt/bitnami/redis/etc
      volumes:
        - name: start-scripts
          configMap:
            name: tubearchivist-redis-scripts
            defaultMode: 0755
        - name: health
          configMap:
            name: tubearchivist-redis-health
            defaultMode: 0755
        - name: config
          configMap:
            name: tubearchivist-redis-configuration
        - name: redis-tmp-conf
          emptyDir: {}
  volumeClaimTemplates:
    - metadata:
        name: redis-data
        labels:
          app.kubernetes.io/name: redis
          app.kubernetes.io/instance: tubearchivist
          app.kubernetes.io/component: replica
      spec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: "8Gi"