infra/kube-cascade
3
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add minio to wildcard tls

Browse Source
This commit is contained in:
James Andariese 2023-08-12 00:55:53 -05:00
parent f64aba9d12
commit f4050481ce
2 changed files with 254 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
peertube/application.yaml Normal file
View File

@ -0,0 +1,253 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: peertube-werts
namespace: argocd
spec:
destination:
name: in-cluster
namespace: peertube-werts
project: default
source:
chart: peertube
repoURL: https://ananace.gitlab.io/charts
targetRevision: 0.3.4
helm:
values: |
image:
repository: chocobozzz/peertube
pullPolicy: IfNotPresent
## Overrides the image tag whose default is the chart appVersion.
# tag: production-bullseye
config:
serverName: tube.werts.us
## Generate with somethingl like `openssl rand -hex 32` - will auto-generate if left blank
secret: 1165b3438b487d6dc52fc9d63ff78ef46a7e568a8daebdafd6f416d899aefbc6
admin:
email: peertube@strudelline.net
## Mail transfer setup, need to provide a hostname for SMTP
mail:
transport: smtp
# sendmail:
hostname: smtp.mailgun.org
port: 465
username: peertube@strudelline.net
fromAddress: peertube@strudelline.net
## Password can be set either directly or with an existing secret.
# password:
existingSecret: peertube-smtp
existingSecretKey: smtp-password
## Data storage on S3 - will still require persistence even if enabled.
objectStorage:
enabled: true
endpoint: https://minio.strudelline.net
region: syno-cascade-1
# uploadACL: public-read
maxUploadPart: 128MB
accessKey: 3MvLDZE2XiK5XlbE
secretKey: xmA9bJGlcFArtwHStJnqQTyZQjiyR1jv
streaming:
bucket_name: peertube-streaming
# prefix:
base_url: https://minio.strudelline.net/peertube-streaming
videos:
bucket_name: peertube-videos
# prefix:
base_url: https://minio.strudelline.net/peertube-videos
## Main persistent storage, will be used for uploads, processing, plugins, etc
persistence:
enabled: true
size: 16Gi
storageClass: local-path
## Additional configuration to set on the main production.yaml configuration.
## See https://github.com/Chocobozzz/PeerTube/blob/develop/config/production.yaml.example
##
extraConfig:
## It's recommended to limit this to only your internal cluster network
trust_proxy:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/24
- fc00::/7
# - loopback
instance:
description: "WerTube"
## Extra environment variables to set on Peertube
##
extraEnv:
- name: http_proxy
value: http://172.16.17.180:4080
- name: https_proxy
value: http://172.16.17.180:4080
- name: HTTP_PROXY
value: http://172.16.17.180:4080
- name: HTTPS_PROXY
value: http://172.16.17.180:4080
# - name: TZ
# value: Europe/Stockholm
extraSecret: {}
# PEERTUBE_INSTANCE_TERMS: "These are some very secret terms-of-service"
## Extra values to set on the pod spec.
## Can be used for setting things like host aliases, overhead, custom schedulers, etc
##
extraPodSpec: {}
## Self-deployed PostgreSQL database
## See: https://github.com/bitnami/charts/tree/master/bitnami/postgresql
##
postgresql:
enabled: false
auth:
database: peertube
username: peertube
# existingSecret:
# secretKeys:
# userPasswordKey: password
persistence:
enabled: true
## Externally managed PostgreSQL, required if postgresql.enabled=false
##
externalPostgresql:
host: peertube-db-primary.peertube-werts.svc
port: 5432
database: peertube-db
username: peertube-db
# password:
# ssl: true
existingSecret: peertube-db-pguser-peertube-db
existingSecretKey: password
## Self-deployed Redis database
## See: https://github.com/bitnami/charts/tree/master/bitnami/redis
##
redis:
enabled: true
architecture: standalone
auth:
enabled: true
password: peertube-98fuhaewulfh
# existingSecret: redis-secret
# existingSecretPasswordKey: redis-password
master:
kind: Deployment
persistence:
enabled: true
## Externally managed Redis, required if redis.enabled=false
##
externalRedis:
host:
# port: 6379
# db: 0
# password:
# existingSecret:
# existingSecretKey: redis-password
## Default probes, using ping API to avoid excessive echo
##
livenessProbe:
httpGet:
path: /api/v1/ping
port: http
readinessProbe:
httpGet:
path: /api/v1/ping
port: http
serviceAccount:
## Specifies whether a service account should be created
create: true
## Annotations to add to the service account
annotations: {}
## The name of the service account to use.
## If not set and create is true, a name is generated using the fullname template
# name:
podAnnotations: {}
podSecurityContext:
fsGroup: 999
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 999
# capabilities:
# drop:
# - ALL
service:
type: ClusterIP
port: 80
rtmpPort: 1935
ingress:
enabled: true
className: istio
paths:
- path: /
pathType: Prefix
#tls:
#- hosts:
# - tube.werts.us
# secretName: wildcard-tls
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
limit: 10
syncOptions:
- CreateNamespace=true

1
wildcard-tls/wildcard-tls.yaml
View File

@ -13,6 +13,7 @@ spec:
- '*.strudelline.net'
- '*.notes.strudelline.net'
- '*.notes.werts.us'
- '*.minio.strudelline.net'
- notes.werts.us
- notes.strudelline.net
- werts.us