Adding external secret and PVC.
This commit is contained in:
parent
3926e1f79f
commit
8ff2d3478b
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 82 additions and 0 deletions
67
kubernetes/apps/fediverse/peertube/app/externalsecret.yaml
Normal file
67
kubernetes/apps/fediverse/peertube/app/externalsecret.yaml
Normal file
|
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: peertube
|
||||||
|
namespace: fediverse
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: peertube-secret
|
||||||
|
creationPolicy: Owner
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
PEERTUBE_DB_SSLMODE: "false"
|
||||||
|
PEERTUBE_WEBSERVER_HOSTNAME: "khazadtube.tv"
|
||||||
|
PEERTUBE_TRUST_PROXY: "['127.0.0.1', 'loopback', '10.2.0.0/16']"
|
||||||
|
PEERTUBE_SECRET: "{{ .peertube_secret }}"
|
||||||
|
PEERTUBE_SMTP_HOSTNAME: "{{ .mailgun_smtp_hostname }}"
|
||||||
|
PEERTUBE_SMTP_USERNAME: "{{ .mailgun_smtp_user }}"
|
||||||
|
PEERTUBE_SMTP_PASSWORD: "{{ .mailgun_smtp_password }}"
|
||||||
|
PEERTUBE_SMTP_PORT: "587"
|
||||||
|
PEERTUBE_SMTP_FROM: "noreply@khazadtube.tv"
|
||||||
|
PEERTUBE_SMTP_TLS: "false"
|
||||||
|
PEERTUBE_SMTP_DISABLE_STARTTLS: "false"
|
||||||
|
PEERTUBE_ADMIN_EMAIL: "joe@veri.dev"
|
||||||
|
PEERTUBE_REDIS_HOSTNAME: "redis-peertube.fediverse.svc.cluster.local"
|
||||||
|
PEERTUBE_REDIS_PORT: "6379"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_ENABLED: "true"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_ENDPOINT: "{{ .minio_s3_host }}"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_REGION: "us-east-1"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_CREDENTIALS_ACCESS_KEY_ID: "{{ .minio_khazadtube_access_key }}"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_CREDENTIALS_SECRET_ACCESS_KEY: "{{ .minio_khazadtube_secret_key }}"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME: "khazadtube-streaming"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX: ""
|
||||||
|
PEERTUBE_OBJECT_STORAGE_VIDEOS_BUCKET_NAME: "khazadtube-videos"
|
||||||
|
PEERTUBE_OBJECT_STORAGE_VIDEOS_PREFIX: ""
|
||||||
|
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: minio
|
||||||
|
rewrite:
|
||||||
|
- regexp:
|
||||||
|
source: "(.*)"
|
||||||
|
target: "minio_$1"
|
||||||
|
- extract:
|
||||||
|
key: peertube
|
||||||
|
rewrite:
|
||||||
|
- regexp:
|
||||||
|
source: "(.*)"
|
||||||
|
target: "peertube_$1"
|
||||||
|
data:
|
||||||
|
- secretKey: mailgun_smtp_user
|
||||||
|
remoteRef:
|
||||||
|
key: mailgun
|
||||||
|
property: peertube_smtp_user
|
||||||
|
- secretKey: mailgun_smtp_password
|
||||||
|
remoteRef:
|
||||||
|
key: mailgun
|
||||||
|
property: peertube_smtp_password
|
||||||
|
- secretKey: mailgun_smtp_hostname
|
||||||
|
remoteRef:
|
||||||
|
key: mailgun
|
||||||
|
property: smtp_hostname
|
||||||
|
|
@ -4,5 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: fediverse
|
namespace: fediverse
|
||||||
resources:
|
resources:
|
||||||
|
- ./externalsecret.yaml
|
||||||
# - ./helmrelease.yaml
|
# - ./helmrelease.yaml
|
||||||
|
# - ./ingress.yaml
|
||||||
- ./postgresCluster.yaml
|
- ./postgresCluster.yaml
|
||||||
|
- ./pvc.yaml
|
||||||
|
|
|
||||||
12
kubernetes/apps/fediverse/peertube/app/pvc.yaml
Normal file
12
kubernetes/apps/fediverse/peertube/app/pvc.yaml
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: peertube-config
|
||||||
|
namespace: fediverse
|
||||||
|
spec:
|
||||||
|
accessModes: ["ReadWriteMany"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Gi
|
||||||
|
storageClassName: ceph-filesystem
|
||||||
Reference in a new issue