Adding external secret and PVC.

2023-11-01 16:23:04 -05:00 · 2023-11-01 16:23:04 -05:00 · 8ff2d3478b
commit 8ff2d3478b
parent 3926e1f79f
3 changed files with 82 additions and 0 deletions
--- a/kubernetes/apps/fediverse/peertube/app/externalsecret.yaml
+++ b/kubernetes/apps/fediverse/peertube/app/externalsecret.yaml
@ -0,0 +1,67 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: peertube
+  namespace: fediverse
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: peertube-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        PEERTUBE_DB_SSLMODE: "false"
+        PEERTUBE_WEBSERVER_HOSTNAME: "khazadtube.tv"
+        PEERTUBE_TRUST_PROXY: "['127.0.0.1', 'loopback', '10.2.0.0/16']"
+        PEERTUBE_SECRET: "{{ .peertube_secret }}"
+        PEERTUBE_SMTP_HOSTNAME: "{{ .mailgun_smtp_hostname }}"
+        PEERTUBE_SMTP_USERNAME: "{{ .mailgun_smtp_user }}"
+        PEERTUBE_SMTP_PASSWORD: "{{ .mailgun_smtp_password }}"
+        PEERTUBE_SMTP_PORT: "587"
+        PEERTUBE_SMTP_FROM: "noreply@khazadtube.tv"
+        PEERTUBE_SMTP_TLS: "false"
+        PEERTUBE_SMTP_DISABLE_STARTTLS: "false"
+        PEERTUBE_ADMIN_EMAIL: "joe@veri.dev"
+        PEERTUBE_REDIS_HOSTNAME: "redis-peertube.fediverse.svc.cluster.local"
+        PEERTUBE_REDIS_PORT: "6379"
+        PEERTUBE_OBJECT_STORAGE_ENABLED: "true"
+        PEERTUBE_OBJECT_STORAGE_ENDPOINT: "{{ .minio_s3_host }}"
+        PEERTUBE_OBJECT_STORAGE_REGION: "us-east-1"
+        PEERTUBE_OBJECT_STORAGE_CREDENTIALS_ACCESS_KEY_ID: "{{ .minio_khazadtube_access_key }}"
+        PEERTUBE_OBJECT_STORAGE_CREDENTIALS_SECRET_ACCESS_KEY: "{{ .minio_khazadtube_secret_key }}"
+        PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME: "khazadtube-streaming"
+        PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX: ""
+        PEERTUBE_OBJECT_STORAGE_VIDEOS_BUCKET_NAME: "khazadtube-videos"
+        PEERTUBE_OBJECT_STORAGE_VIDEOS_PREFIX: ""
+
+  dataFrom:
+    - extract:
+        key: minio
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "minio_$1"
+    - extract:
+        key: peertube
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "peertube_$1"
+  data:
+    - secretKey: mailgun_smtp_user
+      remoteRef:
+        key: mailgun
+        property: peertube_smtp_user
+    - secretKey: mailgun_smtp_password
+      remoteRef:
+        key: mailgun
+        property: peertube_smtp_password
+    - secretKey: mailgun_smtp_hostname
+      remoteRef:
+        key: mailgun
+        property: smtp_hostname
--- a/kubernetes/apps/fediverse/peertube/app/kustomization.yaml
+++ b/kubernetes/apps/fediverse/peertube/app/kustomization.yaml
@ -4,5 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: fediverse
 resources:
+  - ./externalsecret.yaml
  # - ./helmrelease.yaml
+  # - ./ingress.yaml
  - ./postgresCluster.yaml
+  - ./pvc.yaml
--- a/kubernetes/apps/fediverse/peertube/app/pvc.yaml
+++ b/kubernetes/apps/fediverse/peertube/app/pvc.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: peertube-config
+  namespace: fediverse
+spec:
+  accessModes: ["ReadWriteMany"]
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ceph-filesystem