diff --git a/peertube/application.yaml b/peertube/application.yaml new file mode 100644 index 0000000..3a87ee4 --- /dev/null +++ b/peertube/application.yaml @@ -0,0 +1,253 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: peertube-werts + namespace: argocd +spec: + destination: + name: in-cluster + namespace: peertube-werts + project: default + source: + chart: peertube + repoURL: https://ananace.gitlab.io/charts + targetRevision: 0.3.4 + helm: + values: | + image: + repository: chocobozzz/peertube + pullPolicy: IfNotPresent + ## Overrides the image tag whose default is the chart appVersion. + # tag: production-bullseye + config: + serverName: tube.werts.us + ## Generate with somethingl like `openssl rand -hex 32` - will auto-generate if left blank + secret: 1165b3438b487d6dc52fc9d63ff78ef46a7e568a8daebdafd6f416d899aefbc6 + + admin: + email: peertube@strudelline.net + + ## Mail transfer setup, need to provide a hostname for SMTP + mail: + transport: smtp + # sendmail: + hostname: smtp.mailgun.org + port: 465 + username: peertube@strudelline.net + fromAddress: peertube@strudelline.net + + ## Password can be set either directly or with an existing secret. + # password: + + existingSecret: peertube-smtp + existingSecretKey: smtp-password + + ## Data storage on S3 - will still require persistence even if enabled. + objectStorage: + enabled: true + + endpoint: https://minio.strudelline.net + region: syno-cascade-1 + # uploadACL: public-read + maxUploadPart: 128MB + + accessKey: 3MvLDZE2XiK5XlbE + secretKey: xmA9bJGlcFArtwHStJnqQTyZQjiyR1jv + + streaming: + bucket_name: peertube-streaming + # prefix: + base_url: https://minio.strudelline.net/peertube-streaming + + videos: + bucket_name: peertube-videos + # prefix: + base_url: https://minio.strudelline.net/peertube-videos + + ## Main persistent storage, will be used for uploads, processing, plugins, etc + persistence: + enabled: true + + size: 16Gi + storageClass: local-path + + ## Additional configuration to set on the main production.yaml configuration. + ## See https://github.com/Chocobozzz/PeerTube/blob/develop/config/production.yaml.example + ## + extraConfig: + ## It's recommended to limit this to only your internal cluster network + trust_proxy: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/24 + - fc00::/7 + # - loopback + + instance: + description: "WerTube" + + ## Extra environment variables to set on Peertube + ## + extraEnv: + - name: http_proxy + value: http://172.16.17.180:4080 + - name: https_proxy + value: http://172.16.17.180:4080 + - name: HTTP_PROXY + value: http://172.16.17.180:4080 + - name: HTTPS_PROXY + value: http://172.16.17.180:4080 + # - name: TZ + # value: Europe/Stockholm + extraSecret: {} + # PEERTUBE_INSTANCE_TERMS: "These are some very secret terms-of-service" + + ## Extra values to set on the pod spec. + ## Can be used for setting things like host aliases, overhead, custom schedulers, etc + ## + extraPodSpec: {} + + ## Self-deployed PostgreSQL database + ## See: https://github.com/bitnami/charts/tree/master/bitnami/postgresql + ## + postgresql: + enabled: false + + auth: + database: peertube + username: peertube + + # existingSecret: + # secretKeys: + # userPasswordKey: password + + persistence: + enabled: true + + ## Externally managed PostgreSQL, required if postgresql.enabled=false + ## + externalPostgresql: + host: peertube-db-primary.peertube-werts.svc + port: 5432 + + database: peertube-db + username: peertube-db + # password: + # ssl: true + + existingSecret: peertube-db-pguser-peertube-db + existingSecretKey: password + + ## Self-deployed Redis database + ## See: https://github.com/bitnami/charts/tree/master/bitnami/redis + ## + redis: + enabled: true + architecture: standalone + + auth: + enabled: true + password: peertube-98fuhaewulfh + + # existingSecret: redis-secret + # existingSecretPasswordKey: redis-password + + master: + kind: Deployment + persistence: + enabled: true + + ## Externally managed Redis, required if redis.enabled=false + ## + externalRedis: + host: + # port: 6379 + # db: 0 + + # password: + + # existingSecret: + # existingSecretKey: redis-password + + ## Default probes, using ping API to avoid excessive echo + ## + livenessProbe: + httpGet: + path: /api/v1/ping + port: http + readinessProbe: + httpGet: + path: /api/v1/ping + port: http + + serviceAccount: + ## Specifies whether a service account should be created + create: true + ## Annotations to add to the service account + annotations: {} + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + # name: + + podAnnotations: {} + + podSecurityContext: + fsGroup: 999 + + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 999 + # capabilities: + # drop: + # - ALL + + service: + type: ClusterIP + port: 80 + rtmpPort: 1935 + + ingress: + enabled: true + className: istio + paths: + - path: / + pathType: Prefix + #tls: + #- hosts: + # - tube.werts.us + # secretName: wildcard-tls + + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 10 + syncOptions: + - CreateNamespace=true diff --git a/wildcard-tls/wildcard-tls.yaml b/wildcard-tls/wildcard-tls.yaml index 8a163e6..dcad63d 100644 --- a/wildcard-tls/wildcard-tls.yaml +++ b/wildcard-tls/wildcard-tls.yaml @@ -13,6 +13,7 @@ spec: - '*.strudelline.net' - '*.notes.strudelline.net' - '*.notes.werts.us' + - '*.minio.strudelline.net' - notes.werts.us - notes.strudelline.net - werts.us