Merge pull request 'chore: new helm chart implementation' (#10085) from lilithmooncohen/calckey:add-helm-chart into main
Reviewed-on: https://codeberg.org/calckey/calckey/pulls/10085
This commit is contained in:
commit
f990745a42
21 changed files with 935 additions and 246 deletions
82
.config/helm_values_example.yml
Normal file
82
.config/helm_values_example.yml
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: 512Mi
|
||||||
|
limits:
|
||||||
|
cpu: 1
|
||||||
|
memory: 1Gi
|
||||||
|
|
||||||
|
calckey:
|
||||||
|
domain: example.tld
|
||||||
|
smtp:
|
||||||
|
from_address: noreply@example.tld
|
||||||
|
port: 587
|
||||||
|
server: smtp.gmail.com
|
||||||
|
useImplicitSslTls: false
|
||||||
|
login: me@example.tld
|
||||||
|
password: CHANGEME
|
||||||
|
objectStorage:
|
||||||
|
baseUrl: https://example-bucket.nyc3.cdn.digitaloceanspaces.com
|
||||||
|
access_key: CHANGEME
|
||||||
|
access_secret: CHANGEME
|
||||||
|
bucket: example-bucket
|
||||||
|
endpoint: nyc3.digitaloceanspaces.com:443
|
||||||
|
region: nyc3
|
||||||
|
allowedPrivateNetworks: []
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
hosts:
|
||||||
|
- host: example.tld
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: ImplementationSpecific
|
||||||
|
tls:
|
||||||
|
- secretName: example-tld-certificate
|
||||||
|
hosts:
|
||||||
|
- example.tld
|
||||||
|
|
||||||
|
elasticsearch:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
auth:
|
||||||
|
password: CHANGEME
|
||||||
|
postgresPassword: CHANGEME
|
||||||
|
primary:
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
storageClass: vultr-block-storage
|
||||||
|
size: 25Gi
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 0.25
|
||||||
|
memory: 256Mi
|
||||||
|
limits:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: 512Mi
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
redis:
|
||||||
|
auth:
|
||||||
|
password: CHANGEME
|
||||||
|
master:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 0.25
|
||||||
|
memory: 256Mi
|
||||||
|
limits:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: 256Mi
|
||||||
|
persistence:
|
||||||
|
storageclass: vultr-block-storage
|
||||||
|
size: 10Gi
|
||||||
|
replica:
|
||||||
|
replicaCount: 0
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -23,6 +23,7 @@ coverage
|
||||||
/.config/*
|
/.config/*
|
||||||
!/.config/example.yml
|
!/.config/example.yml
|
||||||
!/.config/docker_example.env
|
!/.config/docker_example.env
|
||||||
|
!/.config/helm_values_example.yml
|
||||||
|
|
||||||
#docker dev config
|
#docker dev config
|
||||||
/dev/docker-compose.yml
|
/dev/docker-compose.yml
|
||||||
|
|
23
chart/.helmignore
Normal file
23
chart/.helmignore
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
|
@ -1,3 +1,38 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
name: misskey
|
name: calckey
|
||||||
version: 0.0.0
|
description: A fun, new, open way to experience social media https://calckey.org
|
||||||
|
|
||||||
|
# A chart can be either an 'application' or a 'library' chart.
|
||||||
|
#
|
||||||
|
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||||
|
# to be deployed.
|
||||||
|
#
|
||||||
|
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||||
|
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||||
|
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||||
|
type: application
|
||||||
|
|
||||||
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
|
# to the chart and its templates, including the app version.
|
||||||
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
|
version: 0.1.0
|
||||||
|
|
||||||
|
# This is the version number of the application being deployed. This version number should be
|
||||||
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
|
# It is recommended to use it with quotes.
|
||||||
|
appVersion: "rc"
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- name: elasticsearch
|
||||||
|
version: 19.0.1
|
||||||
|
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
|
||||||
|
condition: elasticsearch.enabled
|
||||||
|
- name: postgresql
|
||||||
|
version: 11.1.3
|
||||||
|
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
|
||||||
|
condition: postgresql.enabled
|
||||||
|
- name: redis
|
||||||
|
version: 16.13.2
|
||||||
|
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
|
||||||
|
condition: redis.enabled
|
||||||
|
|
83
chart/README.md
Normal file
83
chart/README.md
Normal file
|
@ -0,0 +1,83 @@
|
||||||
|
# calckey
|
||||||
|
|
||||||
|
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: rc](https://img.shields.io/badge/AppVersion-rc-informational?style=flat-square)
|
||||||
|
|
||||||
|
A fun, new, open way to experience social media https://calckey.org
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
| Repository | Name | Version |
|
||||||
|
|------------|------|---------|
|
||||||
|
| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | elasticsearch | 19.0.1 |
|
||||||
|
| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | postgresql | 11.1.3 |
|
||||||
|
| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | redis | 16.13.2 |
|
||||||
|
|
||||||
|
## Values
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| affinity | object | `{}` | |
|
||||||
|
| autoscaling.enabled | bool | `false` | |
|
||||||
|
| autoscaling.maxReplicas | int | `100` | |
|
||||||
|
| autoscaling.minReplicas | int | `1` | |
|
||||||
|
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
||||||
|
| calckey.allowedPrivateNetworks | list | `[]` | If you want to allow calckey to connect to private ips, enter the cidrs here. |
|
||||||
|
| calckey.domain | string | `"calckey.local"` | |
|
||||||
|
| calckey.isManagedHosting | bool | `true` | |
|
||||||
|
| calckey.objectStorage.access_key | string | `""` | |
|
||||||
|
| calckey.objectStorage.access_secret | string | `""` | |
|
||||||
|
| calckey.objectStorage.baseUrl | string | `""` | |
|
||||||
|
| calckey.objectStorage.bucket | string | `""` | |
|
||||||
|
| calckey.objectStorage.endpoint | string | `""` | |
|
||||||
|
| calckey.objectStorage.managed | bool | `true` | |
|
||||||
|
| calckey.objectStorage.prefix | string | `"files"` | |
|
||||||
|
| calckey.objectStorage.region | string | `""` | |
|
||||||
|
| calckey.reservedUsernames[0] | string | `"root"` | |
|
||||||
|
| calckey.reservedUsernames[1] | string | `"admin"` | |
|
||||||
|
| calckey.reservedUsernames[2] | string | `"administrator"` | |
|
||||||
|
| calckey.reservedUsernames[3] | string | `"me"` | |
|
||||||
|
| calckey.reservedUsernames[4] | string | `"system"` | |
|
||||||
|
| calckey.smtp.from_address | string | `"notifications@example.com"` | |
|
||||||
|
| calckey.smtp.login | string | `""` | |
|
||||||
|
| calckey.smtp.managed | bool | `true` | |
|
||||||
|
| calckey.smtp.password | string | `""` | |
|
||||||
|
| calckey.smtp.port | int | `587` | |
|
||||||
|
| calckey.smtp.server | string | `"smtp.mailgun.org"` | |
|
||||||
|
| calckey.smtp.useImplicitSslTls | bool | `false` | |
|
||||||
|
| elasticsearch | object | `{"auth":null,"enabled":false,"hostname":"","port":9200,"ssl":false}` | https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters |
|
||||||
|
| fullnameOverride | string | `""` | |
|
||||||
|
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||||
|
| image.repository | string | `"docker.io/thatonecalculator/calckey"` | |
|
||||||
|
| image.tag | string | `""` | |
|
||||||
|
| imagePullSecrets | list | `[]` | |
|
||||||
|
| ingress.annotations | object | `{}` | |
|
||||||
|
| ingress.className | string | `""` | |
|
||||||
|
| ingress.enabled | bool | `false` | |
|
||||||
|
| ingress.hosts[0].host | string | `"chart-example.local"` | |
|
||||||
|
| ingress.hosts[0].paths[0].path | string | `"/"` | |
|
||||||
|
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
|
||||||
|
| ingress.tls | list | `[]` | |
|
||||||
|
| nameOverride | string | `""` | |
|
||||||
|
| nodeSelector | object | `{}` | |
|
||||||
|
| podAnnotations | object | `{}` | |
|
||||||
|
| podSecurityContext | object | `{}` | |
|
||||||
|
| postgresql.auth.database | string | `"calckey_production"` | |
|
||||||
|
| postgresql.auth.password | string | `""` | |
|
||||||
|
| postgresql.auth.username | string | `"calckey"` | |
|
||||||
|
| postgresql.enabled | bool | `true` | disable if you want to use an existing db; in which case the values below must match those of that external postgres instance |
|
||||||
|
| redis.auth.password | string | `""` | you must set a password; the password generated by the redis chart will be rotated on each upgrade: |
|
||||||
|
| redis.enabled | bool | `true` | |
|
||||||
|
| redis.hostname | string | `""` | |
|
||||||
|
| redis.port | int | `6379` | |
|
||||||
|
| replicaCount | int | `1` | |
|
||||||
|
| resources | object | `{}` | |
|
||||||
|
| securityContext | object | `{}` | |
|
||||||
|
| service.port | int | `80` | |
|
||||||
|
| service.type | string | `"ClusterIP"` | |
|
||||||
|
| serviceAccount.annotations | object | `{}` | |
|
||||||
|
| serviceAccount.create | bool | `true` | |
|
||||||
|
| serviceAccount.name | string | `""` | |
|
||||||
|
| tolerations | list | `[]` | |
|
||||||
|
|
||||||
|
----------------------------------------------
|
||||||
|
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
|
|
@ -1,162 +0,0 @@
|
||||||
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
||||||
# Misskey configuration
|
|
||||||
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
||||||
|
|
||||||
# ┌─────┐
|
|
||||||
#───┘ URL └─────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
# Final accessible URL seen by a user.
|
|
||||||
# url: https://example.tld/
|
|
||||||
|
|
||||||
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
|
||||||
# URL SETTINGS AFTER THAT!
|
|
||||||
|
|
||||||
# ┌───────────────────────┐
|
|
||||||
#───┘ Port and TLS settings └───────────────────────────────────
|
|
||||||
|
|
||||||
#
|
|
||||||
# Misskey supports two deployment options for public.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Option 1: With Reverse Proxy
|
|
||||||
#
|
|
||||||
# +----- https://example.tld/ ------------+
|
|
||||||
# +------+ |+-------------+ +----------------+|
|
|
||||||
# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
|
|
||||||
# +------+ |+-------------+ +----------------+|
|
|
||||||
# +---------------------------------------+
|
|
||||||
#
|
|
||||||
# You need to setup reverse proxy. (eg. nginx)
|
|
||||||
# You do not define 'https' section.
|
|
||||||
|
|
||||||
# Option 2: Standalone
|
|
||||||
#
|
|
||||||
# +- https://example.tld/ -+
|
|
||||||
# +------+ | +---------------+ |
|
|
||||||
# | User | ---> | | Misskey (443) | |
|
|
||||||
# +------+ | +---------------+ |
|
|
||||||
# +------------------------+
|
|
||||||
#
|
|
||||||
# You need to run Misskey as root.
|
|
||||||
# You need to set Certificate in 'https' section.
|
|
||||||
|
|
||||||
# To use option 1, uncomment below line.
|
|
||||||
port: 3000 # A port that your Misskey server should listen.
|
|
||||||
|
|
||||||
# To use option 2, uncomment below lines.
|
|
||||||
#port: 443
|
|
||||||
|
|
||||||
#https:
|
|
||||||
# # path for certification
|
|
||||||
# key: /etc/letsencrypt/live/example.tld/privkey.pem
|
|
||||||
# cert: /etc/letsencrypt/live/example.tld/fullchain.pem
|
|
||||||
|
|
||||||
# ┌──────────────────────────┐
|
|
||||||
#───┘ PostgreSQL configuration └────────────────────────────────
|
|
||||||
|
|
||||||
db:
|
|
||||||
host: localhost
|
|
||||||
port: 5432
|
|
||||||
|
|
||||||
# Database name
|
|
||||||
db: misskey
|
|
||||||
|
|
||||||
# Auth
|
|
||||||
user: example-misskey-user
|
|
||||||
pass: example-misskey-pass
|
|
||||||
|
|
||||||
# Whether disable Caching queries
|
|
||||||
#disableCache: true
|
|
||||||
|
|
||||||
# Extra Connection options
|
|
||||||
#extra:
|
|
||||||
# ssl: true
|
|
||||||
|
|
||||||
# ┌─────────────────────┐
|
|
||||||
#───┘ Redis configuration └─────────────────────────────────────
|
|
||||||
|
|
||||||
redis:
|
|
||||||
host: localhost
|
|
||||||
port: 6379
|
|
||||||
#pass: example-pass
|
|
||||||
#prefix: example-prefix
|
|
||||||
#db: 1
|
|
||||||
|
|
||||||
# ┌─────────────────────────────┐
|
|
||||||
#───┘ Elasticsearch configuration └─────────────────────────────
|
|
||||||
|
|
||||||
#elasticsearch:
|
|
||||||
# host: localhost
|
|
||||||
# port: 9200
|
|
||||||
# ssl: false
|
|
||||||
# user:
|
|
||||||
# pass:
|
|
||||||
|
|
||||||
# ┌───────────────┐
|
|
||||||
#───┘ ID generation └───────────────────────────────────────────
|
|
||||||
|
|
||||||
# You can select the ID generation method.
|
|
||||||
# You don't usually need to change this setting, but you can
|
|
||||||
# change it according to your preferences.
|
|
||||||
|
|
||||||
# Available methods:
|
|
||||||
# aid ... Short, Millisecond accuracy
|
|
||||||
# meid ... Similar to ObjectID, Millisecond accuracy
|
|
||||||
# ulid ... Millisecond accuracy
|
|
||||||
# objectid ... This is left for backward compatibility
|
|
||||||
|
|
||||||
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
|
||||||
# ID SETTINGS AFTER THAT!
|
|
||||||
|
|
||||||
id: "aid"
|
|
||||||
# ┌─────────────────────┐
|
|
||||||
#───┘ Other configuration └─────────────────────────────────────
|
|
||||||
|
|
||||||
# Whether disable HSTS
|
|
||||||
#disableHsts: true
|
|
||||||
|
|
||||||
# Number of worker processes
|
|
||||||
#clusterLimit: 1
|
|
||||||
|
|
||||||
# Job concurrency per worker
|
|
||||||
# deliverJobConcurrency: 128
|
|
||||||
# inboxJobConcurrency: 16
|
|
||||||
|
|
||||||
# Job rate limiter
|
|
||||||
# deliverJobPerSec: 128
|
|
||||||
# inboxJobPerSec: 16
|
|
||||||
|
|
||||||
# Job attempts
|
|
||||||
# deliverJobMaxAttempts: 12
|
|
||||||
# inboxJobMaxAttempts: 8
|
|
||||||
|
|
||||||
# IP address family used for outgoing request (ipv4, ipv6 or dual)
|
|
||||||
#outgoingAddressFamily: ipv4
|
|
||||||
|
|
||||||
# Syslog option
|
|
||||||
#syslog:
|
|
||||||
# host: localhost
|
|
||||||
# port: 514
|
|
||||||
|
|
||||||
# Proxy for HTTP/HTTPS
|
|
||||||
#proxy: http://127.0.0.1:3128
|
|
||||||
|
|
||||||
#proxyBypassHosts: [
|
|
||||||
# 'example.com',
|
|
||||||
# '192.0.2.8'
|
|
||||||
#]
|
|
||||||
|
|
||||||
# Proxy for SMTP/SMTPS
|
|
||||||
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
|
|
||||||
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
|
|
||||||
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
|
|
||||||
|
|
||||||
# Media Proxy
|
|
||||||
#mediaProxy: https://example.com/proxy
|
|
||||||
|
|
||||||
#allowedPrivateNetworks: [
|
|
||||||
# '127.0.0.1/32'
|
|
||||||
#]
|
|
||||||
|
|
||||||
# Upload or download file size limits (bytes)
|
|
||||||
#maxFileSize: 262144000
|
|
|
@ -1,8 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ include "misskey.fullname" . }}-configuration
|
|
||||||
data:
|
|
||||||
default.yml: |-
|
|
||||||
{{ .Files.Get "files/default.yml"|nindent 4 }}
|
|
||||||
url: {{ .Values.url }}
|
|
|
@ -1,47 +0,0 @@
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "misskey.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "misskey.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "misskey.selectorLabels" . | nindent 6 }}
|
|
||||||
replicas: 1
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "misskey.selectorLabels" . | nindent 8 }}
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: misskey
|
|
||||||
image: {{ .Values.image }}
|
|
||||||
env:
|
|
||||||
- name: NODE_ENV
|
|
||||||
value: {{ .Values.environment }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: {{ include "misskey.fullname" . }}-configuration
|
|
||||||
mountPath: /misskey/.config
|
|
||||||
readOnly: true
|
|
||||||
ports:
|
|
||||||
- containerPort: 3000
|
|
||||||
- name: postgres
|
|
||||||
image: postgres:14-alpine
|
|
||||||
env:
|
|
||||||
- name: POSTGRES_USER
|
|
||||||
value: "example-misskey-user"
|
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: "example-misskey-pass"
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: "misskey"
|
|
||||||
ports:
|
|
||||||
- containerPort: 5432
|
|
||||||
- name: redis
|
|
||||||
image: redis:alpine
|
|
||||||
ports:
|
|
||||||
- containerPort: 6379
|
|
||||||
volumes:
|
|
||||||
- name: {{ include "misskey.fullname" . }}-configuration
|
|
||||||
configMap:
|
|
||||||
name: {{ include "misskey.fullname" . }}-configuration
|
|
22
chart/templates/NOTES.txt
Normal file
22
chart/templates/NOTES.txt
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
1. Get the application URL by running these commands:
|
||||||
|
{{- if .Values.ingress.enabled }}
|
||||||
|
{{- range $host := .Values.ingress.hosts }}
|
||||||
|
{{- range .paths }}
|
||||||
|
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else if contains "NodePort" .Values.service.type }}
|
||||||
|
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "calckey.fullname" . }})
|
||||||
|
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||||
|
echo http://$NODE_IP:$NODE_PORT
|
||||||
|
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||||
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||||
|
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "calckey.fullname" . }}'
|
||||||
|
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "calckey.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||||
|
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||||
|
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||||
|
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "calckey.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
|
||||||
|
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||||
|
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
|
||||||
|
{{- end }}
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ include "misskey.fullname" . }}
|
|
||||||
annotations:
|
|
||||||
dev.okteto.com/auto-ingress: "true"
|
|
||||||
spec:
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- port: 3000
|
|
||||||
protocol: TCP
|
|
||||||
name: http
|
|
||||||
selector:
|
|
||||||
{{- include "misskey.selectorLabels" . | nindent 4 }}
|
|
|
@ -1,7 +1,7 @@
|
||||||
{{/*
|
{{/*
|
||||||
Expand the name of the chart.
|
Expand the name of the chart.
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "misskey.name" -}}
|
{{- define "calckey.name" -}}
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ Create a default fully qualified app name.
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
If release name contains chart name it will be used as a full name.
|
If release name contains chart name it will be used as a full name.
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "misskey.fullname" -}}
|
{{- define "calckey.fullname" -}}
|
||||||
{{- if .Values.fullnameOverride }}
|
{{- if .Values.fullnameOverride }}
|
||||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
|
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
|
||||||
{{/*
|
{{/*
|
||||||
Create chart name and version as used by the chart label.
|
Create chart name and version as used by the chart label.
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "misskey.chart" -}}
|
{{- define "calckey.chart" -}}
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Common labels
|
Common labels
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "misskey.labels" -}}
|
{{- define "calckey.labels" -}}
|
||||||
helm.sh/chart: {{ include "misskey.chart" . }}
|
helm.sh/chart: {{ include "calckey.chart" . }}
|
||||||
{{ include "misskey.selectorLabels" . }}
|
{{ include "calckey.selectorLabels" . }}
|
||||||
{{- if .Chart.AppVersion }}
|
{{- if .Chart.AppVersion }}
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -45,18 +45,274 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
{{/*
|
{{/*
|
||||||
Selector labels
|
Selector labels
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "misskey.selectorLabels" -}}
|
{{- define "calckey.selectorLabels" -}}
|
||||||
app.kubernetes.io/name: {{ include "misskey.name" . }}
|
app.kubernetes.io/name: {{ include "calckey.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Create the name of the service account to use
|
Create the name of the service account to use
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "misskey.serviceAccountName" -}}
|
{{- define "calckey.serviceAccountName" -}}
|
||||||
{{- if .Values.serviceAccount.create }}
|
{{- if .Values.serviceAccount.create }}
|
||||||
{{- default (include "misskey.fullname" .) .Values.serviceAccount.name }}
|
{{- default (include "calckey.fullname" .) .Values.serviceAccount.name }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- default "default" .Values.serviceAccount.name }}
|
{{- default "default" .Values.serviceAccount.name }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified name for dependent services.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "calckey.elasticsearch.fullname" -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name "elasticsearch" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "calckey.redis.fullname" -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "calckey.postgresql.fullname" -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
config/default.yml content
|
||||||
|
*/}}
|
||||||
|
{{- define "calckey.configDir.default.yml" -}}
|
||||||
|
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
||||||
|
# Calckey configuration
|
||||||
|
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
||||||
|
|
||||||
|
# ┌─────┐
|
||||||
|
#───┘ URL └─────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
# Final accessible URL seen by a user.
|
||||||
|
url: "https://{{ .Values.calckey.domain }}/"
|
||||||
|
|
||||||
|
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
||||||
|
# URL SETTINGS AFTER THAT!
|
||||||
|
|
||||||
|
# ┌───────────────────────┐
|
||||||
|
#───┘ Port and TLS settings └───────────────────────────────────
|
||||||
|
|
||||||
|
#
|
||||||
|
# Misskey requires a reverse proxy to support HTTPS connections.
|
||||||
|
#
|
||||||
|
# +----- https://example.tld/ ------------+
|
||||||
|
# +------+ |+-------------+ +----------------+|
|
||||||
|
# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
|
||||||
|
# +------+ |+-------------+ +----------------+|
|
||||||
|
# +---------------------------------------+
|
||||||
|
#
|
||||||
|
# You need to set up a reverse proxy. (e.g. nginx)
|
||||||
|
# An encrypted connection with HTTPS is highly recommended
|
||||||
|
# because tokens may be transferred in GET requests.
|
||||||
|
|
||||||
|
# The port that your Misskey server should listen on.
|
||||||
|
port: 3000
|
||||||
|
|
||||||
|
# ┌──────────────────────────┐
|
||||||
|
#───┘ PostgreSQL configuration └────────────────────────────────
|
||||||
|
|
||||||
|
db:
|
||||||
|
{{- if .Values.postgresql.enabled }}
|
||||||
|
host: {{ template "calckey.postgresql.fullname" . }}
|
||||||
|
port: '5432'
|
||||||
|
{{- else }}
|
||||||
|
host: {{ .Values.postgresql.postgresqlHostname }}
|
||||||
|
port: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
# Database name
|
||||||
|
db: {{ .Values.postgresql.auth.database }}
|
||||||
|
|
||||||
|
# Auth
|
||||||
|
user: {{ .Values.postgresql.auth.username }}
|
||||||
|
pass: "{{ .Values.postgresql.auth.password }}"
|
||||||
|
|
||||||
|
# Whether disable Caching queries
|
||||||
|
#disableCache: true
|
||||||
|
|
||||||
|
# Extra Connection options
|
||||||
|
#extra:
|
||||||
|
# ssl: true
|
||||||
|
|
||||||
|
# ┌─────────────────────┐
|
||||||
|
#───┘ Redis configuration └─────────────────────────────────────
|
||||||
|
|
||||||
|
redis:
|
||||||
|
{{- if .Values.redis.enabled }}
|
||||||
|
host: {{ template "calckey.redis.fullname" . }}-master
|
||||||
|
{{- else }}
|
||||||
|
host: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
|
||||||
|
{{- end }}
|
||||||
|
port: {{ .Values.redis.port | default "6379" | quote }}
|
||||||
|
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
||||||
|
pass: {{ .Values.redis.auth.password | quote }}
|
||||||
|
#prefix: example-prefix
|
||||||
|
#db: 1
|
||||||
|
|
||||||
|
# ┌─────────────────────┐
|
||||||
|
#───┘ Sonic configuration └─────────────────────────────────────
|
||||||
|
|
||||||
|
#sonic:
|
||||||
|
# host: localhost
|
||||||
|
# port: 1491
|
||||||
|
# auth: SecretPassword
|
||||||
|
# collection: notes
|
||||||
|
# bucket: default
|
||||||
|
|
||||||
|
# ┌─────────────────────────────┐
|
||||||
|
#───┘ Elasticsearch configuration └─────────────────────────────
|
||||||
|
|
||||||
|
{{- if .Values.elasticsearch.enabled }}
|
||||||
|
elasticsearch:
|
||||||
|
host: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
|
||||||
|
port: 9200
|
||||||
|
ssl: false
|
||||||
|
{{- else if .Values.elasticsearch.hostname }}
|
||||||
|
elasticsearch:
|
||||||
|
host: {{ .Values.elasticsearch.hostname | quote }}
|
||||||
|
port: {{ .Values.elasticsearch.port }}
|
||||||
|
ssl: {{ .Values.elasticsearch.ssl }}
|
||||||
|
{{- if .Values.elasticsearch.auth }}
|
||||||
|
user: {{ .Values.elasticsearch.auth.username | quote }}
|
||||||
|
pass: {{ .Values.elasticsearch.auth.password | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
# ┌───────────────┐
|
||||||
|
#───┘ ID generation └───────────────────────────────────────────
|
||||||
|
|
||||||
|
# You can select the ID generation method.
|
||||||
|
# You don't usually need to change this setting, but you can
|
||||||
|
# change it according to your preferences.
|
||||||
|
|
||||||
|
# Available methods:
|
||||||
|
# aid ... Short, Millisecond accuracy
|
||||||
|
# meid ... Similar to ObjectID, Millisecond accuracy
|
||||||
|
# ulid ... Millisecond accuracy
|
||||||
|
# objectid ... This is left for backward compatibility
|
||||||
|
|
||||||
|
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
||||||
|
# ID SETTINGS AFTER THAT!
|
||||||
|
|
||||||
|
id: 'aid'
|
||||||
|
|
||||||
|
# ┌─────────────────────┐
|
||||||
|
#───┘ Other configuration └─────────────────────────────────────
|
||||||
|
|
||||||
|
# Max note length, should be < 8000.
|
||||||
|
#maxNoteLength: 3000
|
||||||
|
|
||||||
|
# Maximum lenght of an image caption or file comment (default 1500, max 8192)
|
||||||
|
#maxCaptionLength: 1500
|
||||||
|
|
||||||
|
# Reserved usernames that only the administrator can register with
|
||||||
|
reservedUsernames:
|
||||||
|
{{ .Values.calckey.reservedUsernames | toYaml }}
|
||||||
|
|
||||||
|
# Whether disable HSTS
|
||||||
|
#disableHsts: true
|
||||||
|
|
||||||
|
# Number of worker processes
|
||||||
|
#clusterLimit: 1
|
||||||
|
|
||||||
|
# Job concurrency per worker
|
||||||
|
# deliverJobConcurrency: 128
|
||||||
|
# inboxJobConcurrency: 16
|
||||||
|
|
||||||
|
# Job rate limiter
|
||||||
|
# deliverJobPerSec: 128
|
||||||
|
# inboxJobPerSec: 16
|
||||||
|
|
||||||
|
# Job attempts
|
||||||
|
# deliverJobMaxAttempts: 12
|
||||||
|
# inboxJobMaxAttempts: 8
|
||||||
|
|
||||||
|
# IP address family used for outgoing request (ipv4, ipv6 or dual)
|
||||||
|
#outgoingAddressFamily: ipv4
|
||||||
|
|
||||||
|
# Syslog option
|
||||||
|
#syslog:
|
||||||
|
# host: localhost
|
||||||
|
# port: 514
|
||||||
|
|
||||||
|
# Proxy for HTTP/HTTPS
|
||||||
|
#proxy: http://127.0.0.1:3128
|
||||||
|
|
||||||
|
#proxyBypassHosts: [
|
||||||
|
# 'example.com',
|
||||||
|
# '192.0.2.8'
|
||||||
|
#]
|
||||||
|
|
||||||
|
# Proxy for SMTP/SMTPS
|
||||||
|
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
|
||||||
|
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
|
||||||
|
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
|
||||||
|
|
||||||
|
# Media Proxy
|
||||||
|
#mediaProxy: https://example.com/proxy
|
||||||
|
|
||||||
|
# Proxy remote files (default: false)
|
||||||
|
#proxyRemoteFiles: true
|
||||||
|
|
||||||
|
allowedPrivateNetworks:
|
||||||
|
{{ .Values.calckey.allowedPrivateNetworks | toYaml }}
|
||||||
|
|
||||||
|
# TWA
|
||||||
|
#twa:
|
||||||
|
# nameSpace: android_app
|
||||||
|
# packageName: tld.domain.twa
|
||||||
|
# sha256CertFingerprints: ['AB:CD:EF']
|
||||||
|
|
||||||
|
# Upload or download file size limits (bytes)
|
||||||
|
#maxFileSize: 262144000
|
||||||
|
|
||||||
|
# Managed hosting settings
|
||||||
|
# !!!!!!!!!!
|
||||||
|
# >>>>>> NORMAL SELF-HOSTERS, STAY AWAY! <<<<<<
|
||||||
|
# >>>>>> YOU DON'T NEED THIS! <<<<<<
|
||||||
|
# !!!!!!!!!!
|
||||||
|
# Each category is optional, but if each item in each category is mandatory!
|
||||||
|
# If you mess this up, that's on you, you've been warned...
|
||||||
|
|
||||||
|
#maxUserSignups: 100
|
||||||
|
isManagedHosting: {{ .Values.calckey.isManagedHosting }}
|
||||||
|
deepl:
|
||||||
|
managed: false
|
||||||
|
# authKey: ''
|
||||||
|
# isPro: false
|
||||||
|
#
|
||||||
|
email:
|
||||||
|
managed: {{ .Values.calckey.smtp.managed }}
|
||||||
|
address: {{ .Values.calckey.smtp.from_address | quote }}
|
||||||
|
host: {{ .Values.calckey.smtp.server | quote }}
|
||||||
|
port: {{ .Values.calckey.smtp.port }}
|
||||||
|
user: {{ .Values.calckey.smtp.login | quote }}
|
||||||
|
pass: {{ .Values.calckey.smtp.password | quote }}
|
||||||
|
useImplicitSslTls: {{ .Values.calckey.smtp.useImplicitSslTls }}
|
||||||
|
objectStorage:
|
||||||
|
managed: {{ .Values.calckey.objectStorage.managed }}
|
||||||
|
baseUrl: {{ .Values.calckey.objectStorage.baseUrl | quote }}
|
||||||
|
bucket: {{ .Values.calckey.objectStorage.bucket | quote }}
|
||||||
|
prefix: {{ .Values.calckey.objectStorage.prefix | quote }}
|
||||||
|
endpoint: {{ .Values.calckey.objectStorage.endpoint | quote }}
|
||||||
|
region: {{ .Values.calckey.objectStorage.region | quote }}
|
||||||
|
accessKey: {{ .Values.calckey.objectStorage.access_key | quote }}
|
||||||
|
secretKey: {{ .Values.calckey.objectStorage.access_secret | quote }}
|
||||||
|
useSsl: true
|
||||||
|
connnectOverProxy: false
|
||||||
|
setPublicReadOnUpload: true
|
||||||
|
s3ForcePathStyle: true
|
||||||
|
|
||||||
|
# !!!!!!!!!!
|
||||||
|
# >>>>>> AGAIN, NORMAL SELF-HOSTERS, STAY AWAY! <<<<<<
|
||||||
|
# >>>>>> YOU DON'T NEED THIS, ABOVE SETTINGS ARE FOR MANAGED HOSTING ONLY! <<<<<<
|
||||||
|
# !!!!!!!!!!
|
||||||
|
|
||||||
|
# Seriously. Do NOT fill out the above settings if you're self-hosting.
|
||||||
|
# They're much better off being set from the control panel.
|
||||||
|
{{- end }}
|
||||||
|
|
78
chart/templates/deployment.yaml
Normal file
78
chart/templates/deployment.yaml
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "calckey.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
{{- if not .Values.autoscaling.enabled }}
|
||||||
|
replicas: {{ .Values.replicaCount }}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "calckey.selectorLabels" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
checksum/secret-config: {{ include ( print $.Template.BasePath "/secret-config.yaml" ) . | sha256sum | quote }}
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.selectorLabels" . | nindent 8 }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ include "calckey.serviceAccountName" . }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
secret:
|
||||||
|
secretName: {{ template "calckey.fullname" . }}-config
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||||
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
env:
|
||||||
|
- name: "NODE_ENV"
|
||||||
|
value: "production"
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /calckey/.config
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 3000
|
||||||
|
protocol: TCP
|
||||||
|
startupProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
failureThreshold: 30
|
||||||
|
periodSeconds: 10
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
|
{{- with .Values.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
28
chart/templates/hpa.yaml
Normal file
28
chart/templates/hpa.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{{- if .Values.autoscaling.enabled }}
|
||||||
|
apiVersion: autoscaling/v2beta1
|
||||||
|
kind: HorizontalPodAutoscaler
|
||||||
|
metadata:
|
||||||
|
name: {{ include "calckey.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
scaleTargetRef:
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: {{ include "calckey.fullname" . }}
|
||||||
|
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||||
|
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||||
|
metrics:
|
||||||
|
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||||
|
- type: Resource
|
||||||
|
resource:
|
||||||
|
name: cpu
|
||||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||||
|
- type: Resource
|
||||||
|
resource:
|
||||||
|
name: memory
|
||||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
61
chart/templates/ingress.yaml
Normal file
61
chart/templates/ingress.yaml
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
{{- if .Values.ingress.enabled -}}
|
||||||
|
{{- $fullName := include "calckey.fullname" . -}}
|
||||||
|
{{- $svcPort := .Values.service.port -}}
|
||||||
|
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
|
||||||
|
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||||
|
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||||
|
apiVersion: networking.k8s.io/v1beta1
|
||||||
|
{{- else -}}
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
{{- end }}
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||||
|
ingressClassName: {{ .Values.ingress.className }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.ingress.tls }}
|
||||||
|
tls:
|
||||||
|
{{- range .Values.ingress.tls }}
|
||||||
|
- hosts:
|
||||||
|
{{- range .hosts }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
secretName: {{ .secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.ingress.hosts }}
|
||||||
|
- host: {{ .host | quote }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
{{- range .paths }}
|
||||||
|
- path: {{ .path }}
|
||||||
|
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
||||||
|
pathType: {{ .pathType }}
|
||||||
|
{{- end }}
|
||||||
|
backend:
|
||||||
|
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||||
|
service:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
port:
|
||||||
|
number: {{ $svcPort }}
|
||||||
|
{{- else }}
|
||||||
|
serviceName: {{ $fullName }}
|
||||||
|
servicePort: {{ $svcPort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
9
chart/templates/secret-config.yaml
Normal file
9
chart/templates/secret-config.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ template "calckey.fullname" . }}-config
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
default.yml: {{ include "calckey.configDir.default.yml" . | b64enc }}
|
15
chart/templates/service.yaml
Normal file
15
chart/templates/service.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "calckey.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.service.type }}
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
{{- include "calckey.selectorLabels" . | nindent 4 }}
|
12
chart/templates/serviceaccount.yaml
Normal file
12
chart/templates/serviceaccount.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "calckey.serviceAccountName" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
15
chart/templates/tests/test-connection.yaml
Normal file
15
chart/templates/tests/test-connection.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: "{{ include "calckey.fullname" . }}-test-connection"
|
||||||
|
labels:
|
||||||
|
{{- include "calckey.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": test
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wget
|
||||||
|
image: busybox
|
||||||
|
command: ['wget']
|
||||||
|
args: ['{{ include "calckey.fullname" . }}:{{ .Values.service.port }}']
|
||||||
|
restartPolicy: Never
|
158
chart/values.yaml
Normal file
158
chart/values.yaml
Normal file
|
@ -0,0 +1,158 @@
|
||||||
|
# Default values for calckey.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
image:
|
||||||
|
repository: docker.io/thatonecalculator/calckey
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
# Overrides the image tag whose default is the chart appVersion.
|
||||||
|
tag: ""
|
||||||
|
|
||||||
|
calckey:
|
||||||
|
isManagedHosting: true
|
||||||
|
domain: calckey.local
|
||||||
|
|
||||||
|
smtp:
|
||||||
|
managed: true
|
||||||
|
from_address: notifications@example.com
|
||||||
|
port: 587
|
||||||
|
server: smtp.mailgun.org
|
||||||
|
useImplicitSslTls: false
|
||||||
|
login: ""
|
||||||
|
password: ""
|
||||||
|
|
||||||
|
objectStorage:
|
||||||
|
managed: true
|
||||||
|
access_key: ""
|
||||||
|
access_secret: ""
|
||||||
|
baseUrl: "" # e.g. "https://my-bucket.nyc3.cdn.digitaloceanspaces.com"
|
||||||
|
bucket: "" # e.g. "my-bucket"
|
||||||
|
prefix: files
|
||||||
|
endpoint: "" # e.g. "nyc3.digitaloceanspaces.com:443"
|
||||||
|
region: "" # e.g. "nyc3"
|
||||||
|
|
||||||
|
# -- If you want to allow calckey to connect to private ips, enter the cidrs here.
|
||||||
|
allowedPrivateNetworks: []
|
||||||
|
# - "10.0.0.0/8"
|
||||||
|
|
||||||
|
reservedUsernames:
|
||||||
|
- root
|
||||||
|
- admin
|
||||||
|
- administrator
|
||||||
|
- me
|
||||||
|
- system
|
||||||
|
|
||||||
|
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
|
||||||
|
postgresql:
|
||||||
|
# -- disable if you want to use an existing db; in which case the values below
|
||||||
|
# must match those of that external postgres instance
|
||||||
|
enabled: true
|
||||||
|
# postgresqlHostname: preexisting-postgresql
|
||||||
|
# postgresqlPort: 5432
|
||||||
|
auth:
|
||||||
|
database: calckey_production
|
||||||
|
username: calckey
|
||||||
|
# you must set a password; the password generated by the postgresql chart will
|
||||||
|
# be rotated on each upgrade:
|
||||||
|
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
|
||||||
|
password: ""
|
||||||
|
|
||||||
|
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
|
||||||
|
redis:
|
||||||
|
# disable if you want to use an existing redis instance; in which case the
|
||||||
|
# values below must match those of that external redis instance
|
||||||
|
enabled: true
|
||||||
|
hostname: ""
|
||||||
|
port: 6379
|
||||||
|
auth:
|
||||||
|
# -- you must set a password; the password generated by the redis chart will be
|
||||||
|
# rotated on each upgrade:
|
||||||
|
password: ""
|
||||||
|
|
||||||
|
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
|
||||||
|
elasticsearch:
|
||||||
|
# disable if you want to use an existing redis instance; in which case the
|
||||||
|
# values below must match those of that external elasticsearch instance
|
||||||
|
enabled: false
|
||||||
|
hostname: ""
|
||||||
|
port: 9200
|
||||||
|
ssl: false
|
||||||
|
auth: {}
|
||||||
|
# username: ""
|
||||||
|
# password: ""
|
||||||
|
# @ignored
|
||||||
|
image:
|
||||||
|
tag: 7
|
||||||
|
|
||||||
|
imagePullSecrets: []
|
||||||
|
nameOverride: ""
|
||||||
|
fullnameOverride: ""
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# Specifies whether a service account should be created
|
||||||
|
create: true
|
||||||
|
# Annotations to add to the service account
|
||||||
|
annotations: {}
|
||||||
|
# The name of the service account to use.
|
||||||
|
# If not set and create is true, a name is generated using the fullname template
|
||||||
|
name: ""
|
||||||
|
|
||||||
|
podAnnotations: {}
|
||||||
|
|
||||||
|
podSecurityContext: {}
|
||||||
|
# fsGroup: 2000
|
||||||
|
|
||||||
|
securityContext: {}
|
||||||
|
# capabilities:
|
||||||
|
# drop:
|
||||||
|
# - ALL
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# runAsUser: 1000
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
|
port: 80
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
className: ""
|
||||||
|
annotations: {}
|
||||||
|
# kubernetes.io/ingress.class: nginx
|
||||||
|
# kubernetes.io/tls-acme: "true"
|
||||||
|
hosts:
|
||||||
|
- host: chart-example.local
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: ImplementationSpecific
|
||||||
|
tls: []
|
||||||
|
# - secretName: chart-example-tls
|
||||||
|
# hosts:
|
||||||
|
# - chart-example.local
|
||||||
|
|
||||||
|
resources: {}
|
||||||
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||||
|
# choice for the user. This also increases chances charts run on environments with little
|
||||||
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||||
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||||
|
# limits:
|
||||||
|
# cpu: 100m
|
||||||
|
# memory: 128Mi
|
||||||
|
# requests:
|
||||||
|
# cpu: 100m
|
||||||
|
# memory: 128Mi
|
||||||
|
|
||||||
|
autoscaling:
|
||||||
|
enabled: false
|
||||||
|
minReplicas: 1
|
||||||
|
maxReplicas: 100
|
||||||
|
targetCPUUtilizationPercentage: 80
|
||||||
|
# targetMemoryUtilizationPercentage: 80
|
||||||
|
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
affinity: {}
|
|
@ -1,3 +0,0 @@
|
||||||
url: https://example.tld/
|
|
||||||
image: okteto.dev/misskey
|
|
||||||
environment: production
|
|
45
kubernetes-README.md
Normal file
45
kubernetes-README.md
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# Running a Calckey instance with Kubernetes and Helm
|
||||||
|
|
||||||
|
This is a [Helm](https://helm.sh/) chart directory in the root of the project
|
||||||
|
that you can use to deploy calckey to a Kubernetes cluster
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
1. Copy the example helm values and make your changes:
|
||||||
|
```shell
|
||||||
|
cp .config/helm_values_example.yml .config/helm_values.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Update helm dependencies:
|
||||||
|
```shell
|
||||||
|
cd chart
|
||||||
|
helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done;
|
||||||
|
cd ../
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Create the calckey helm release (also used to update existing deployment):
|
||||||
|
```shell
|
||||||
|
helm upgrade \
|
||||||
|
--install \
|
||||||
|
--namespace calckey \
|
||||||
|
--create-namespace \
|
||||||
|
calckey chart/ \
|
||||||
|
-f .config/helm_values.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
4. Watch your calckey instance spin up:
|
||||||
|
```shell
|
||||||
|
kubectl -n calckey get po -w
|
||||||
|
```
|
||||||
|
|
||||||
|
5. Initial the admin user and managed config:
|
||||||
|
```shell
|
||||||
|
export CALCKEY_USERNAME="my_desired_admin_handle" && \
|
||||||
|
export CALCKEY_PASSWORD="myDesiredInitialPassword" && \
|
||||||
|
export CALCKEY_HOST="calckey.example.com" && \
|
||||||
|
export CALCKEY_TOKEN=$(curl -X POST https://$CALCKEY_HOST/api/admin/accounts/create -H "Content-Type: application/json" -d "{ \"username\":\"$CALCKEY_USERNAME\", \"password\":\"$CALCKEY_PASSWORD\" }" | jq -r '.token') && \
|
||||||
|
echo "Save this token: ${CALCKEY_TOKEN}" && \
|
||||||
|
curl -X POST -H "Authorization: Bearer $CALCKEY_TOKEN" https://$CALCKEY_HOST/api/admin/accounts/hosted
|
||||||
|
```
|
||||||
|
|
||||||
|
6. Enjoy!
|
Loading…
Reference in a new issue