feat: refactor kubernetes helm chart

kubernetes/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami/
-  version: 12.11.1
+  version: 14.3.1
-digest: sha256:3c10008175c4f5c1cec38782f5a7316154b89074c77ebbd9bcc4be4f5ff21122
+digest: sha256:cd32cbb4ea4af17b1d9c6bcad0218b90df16c358b1e38490a27ccf758a5abb4d
-generated: "2023-09-14T22:40:43.171275362Z"
+generated: "2024-03-09T04:47:50.450209116+01:00"

kubernetes/Chart.yaml

@@ -1,22 +1,32 @@
 apiVersion: v2
 name: invidious
 description: Invidious is an alternative front-end to YouTube
-version: 1.1.1
+
-appVersion: 0.20.1
+type: application
+
+version: 2.0.0
+appVersion: latest
+
+dependencies:
+  - name: postgresql
+    version: ~14.3.1
+    repository: "https://charts.bitnami.com/bitnami/"
+    condition: postgresql.enabled
+
+engine: gotpl
+
 keywords:
-- youtube
+  - youtube
-- proxy
+  - proxy
-- video
+  - video
-- privacy
+  - privacy
+  
 home: https://invidio.us/
 icon: https://raw.githubusercontent.com/iv-org/invidious/05988c1c49851b7d0094fca16aeaf6382a7f64ab/assets/favicon-32x32.png
+
 sources:
-- https://github.com/iv-org/invidious
+  - https://github.com/iv-org/invidious
+
 maintainers:
-- name: Leon Klingele
+  - name: Leon Klingele
-  email: mail@leonklingele.de
+    email: mail@leonklingele.de
-dependencies:
-- name: postgresql
-  version: ~12.11.0
-  repository: "https://charts.bitnami.com/bitnami/"
-engine: gotpl

kubernetes/templates/_helpers.tpl

@@ -9,8 +9,44 @@ Expand the name of the chart.
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
 */}}
 {{- define "invidious.fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if .Values.fullnameOverride }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- end -}}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "invidious.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "invidious.labels" -}}
+helm.sh/chart: {{ include "invidious.chart" . }}
+{{ include "invidious.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "invidious.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "invidious.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

kubernetes/templates/configmap.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "invidious.fullname" . }}
-  labels:
-    app: {{ template "invidious.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: {{ .Release.Name }}
-data:
-  INVIDIOUS_CONFIG: |
-{{ toYaml .Values.config | indent 4 }}

kubernetes/templates/deployment.yaml

@@ -3,59 +3,79 @@ kind: Deployment
 metadata:
   name: {{ template "invidious.fullname" . }}
   labels:
-    app: {{ template "invidious.name" . }}
+    {{- include "invidious.labels" . | nindent 4 }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: {{ .Release.Name }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
-      app: {{ template "invidious.name" . }}
+      {{- include "invidious.selectorLabels" . | nindent 6 }}
-      release: {{ .Release.Name }}
   template:
     metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        app: {{ template "invidious.name" . }}
+        {{- include "invidious.labels" . | nindent 8 }}
-        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+        {{- with .Values.podLabels }}
-        release: {{ .Release.Name }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      enableServiceLinks: false
       securityContext:
-        runAsUser: {{ .Values.securityContext.runAsUser }}
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-        runAsGroup: {{ .Values.securityContext.runAsGroup }}
-        fsGroup: {{ .Values.securityContext.fsGroup }}
       initContainers:
         - name: wait-for-postgresql
-          image: postgres
+          image: actions/pg_isready
-          args:
+          command:
-          - /bin/sh
+            - /bin/bash
-          - -c
+            - -c
-          - until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.user }}; do echo waiting for database; sleep 2; done;
+            - 'until pg_isready -h "{{ .Values.config.db.host }}" -p "{{ .Values.config.db.port }}" -U "{{ .Values.config.db.user }}"; do echo waiting for database; sleep 2; done'
       containers:
-      - name: {{ .Chart.Name }}
+        - name: {{ .Chart.Name }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          securityContext:
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
+            {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        - containerPort: 3000
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
-        env:
+          ports:
-        - name: INVIDIOUS_CONFIG
+            - name: http
-          valueFrom:
+              containerPort: {{ .Values.config.port }}
-            configMapKeyRef:
+              protocol: TCP
-              key: INVIDIOUS_CONFIG
+          envFrom:
-              name: {{ template "invidious.fullname" . }}
+            - secretRef:
-        securityContext:
+                name: {{ template "invidious.fullname" . }}
-          allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
+          resources:
-          capabilities:
+            {{- toYaml .Values.resources | nindent 12 }}
-            drop:
+          readinessProbe:
-            - ALL
+            httpGet:
-        resources:
+              port: http
-{{ toYaml .Values.resources | indent 10 }}
+              path: /
-        readinessProbe:
+          livenessProbe:
-          httpGet:
+            httpGet:
-            port: 3000
+              port: http
-            path: /
+              path: /
-        livenessProbe:
+          startupProbe:
-          httpGet:
+            httpGet:
-            port: 3000
+              port: http
-            path: /
+              path: /
-          initialDelaySeconds: 15
+            periodSeconds: 5
+            failureThreshold: 30
       restartPolicy: Always
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

kubernetes/templates/hpa.yaml

@@ -4,9 +4,7 @@ kind: HorizontalPodAutoscaler
 metadata:
   name: {{ template "invidious.fullname" . }}
   labels:
-    app: {{ template "invidious.name" . }}
+    {{- include "invidious.labels" . | nindent 4 }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: {{ .Release.Name }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1

kubernetes/templates/ingress.yaml

@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "invidious.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "invidious.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}

kubernetes/templates/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "invidious.fullname" . }}
+  labels:
+    {{- include "invidious.labels" . | nindent 4 }}
+stringData:
+  INVIDIOUS_CONFIG: |
+    {{- toYaml .Values.config | nindent 4 }}

kubernetes/templates/service.yaml

@@ -3,18 +3,16 @@ kind: Service
 metadata:
   name: {{ template "invidious.fullname" . }}
   labels:
-    app: {{ template "invidious.name" . }}
+    {{- include "invidious.labels" . | nindent 4 }}
-    chart: {{ .Chart.Name }}
-    release: {{ .Release.Name }}
 spec:
   type: {{ .Values.service.type }}
+  {{- with .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
   ports:
   - name: http
     port: {{ .Values.service.port }}
-    targetPort: 3000
+    targetPort: http
+    protocol: TCP
   selector:
-    app: {{ template "invidious.name" . }}
+    {{- include "invidious.selectorLabels" . | nindent 4 }}
-    release: {{ .Release.Name }}
-{{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-{{- end }}

kubernetes/values.yaml

@@ -5,6 +5,10 @@ image:
   tag: latest
   pullPolicy: Always
 
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
 replicaCount: 1
 
 autoscaling:
@@ -16,26 +20,55 @@ autoscaling:
 service:
   type: ClusterIP
   port: 3000
-  #loadBalancerIP:
+  # loadBalancerIP:
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
 
 resources: {}
-  #requests:
+  # requests:
-  #  cpu: 100m
+  #   cpu: 100m
-  #  memory: 64Mi
+  #   memory: 64Mi
-  #limits:
+  # limits:
-  #  cpu: 800m
+  #   cpu: 800m
-  #  memory: 512Mi
+  #   memory: 512Mi
 
-securityContext:
+podSecurityContext:
-  allowPrivilegeEscalation: false
   runAsUser: 1000
   runAsGroup: 1000
   fsGroup: 1000
 
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+
 # See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
 postgresql:
+  enabled: true
   image:
-    tag: 13
+    tag: 16
   auth:
     username: kemal
     password: kemal
@@ -48,14 +81,15 @@ postgresql:
 
 # Adapted from ../config/config.yml
 config:
-  channel_threads: 1
-  feed_threads: 1
   db:
     user: kemal
     password: kemal
     host: invidious-postgresql
     port: 5432
     dbname: invidious
-  full_refresh: false
+  port: 3000
+  domain: ""
   https_only: false
-  domain:
+  channel_threads: 1
+  full_refresh: false
+  feed_threads: 1