216 lines
6.4 KiB
YAML
216 lines
6.4 KiB
YAML
ryot:
|
|
controllers:
|
|
main:
|
|
type: deployment
|
|
replicas: 1
|
|
strategy: Recreate
|
|
revisionHistoryLimit: 3
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: ghcr.io/ignisda/ryot
|
|
tag: v7.12.2
|
|
pullPolicy: IfNotPresent
|
|
env:
|
|
- name: TZ
|
|
value: US/Central
|
|
- name: AUDIO_BOOKS_AUDIBLE_LOCAL
|
|
value: us
|
|
- name: BOOKS_GOOGLE_BOOKS_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: google_books
|
|
- name: BOOKS_OPENLIBRARY_COVER_IMAGE_SIZE
|
|
value: "M"
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-postgresql-16-cluster-app
|
|
key: uri
|
|
- name: DISABLE_TELEMETRY
|
|
value: true
|
|
- name: FILE_STORAGE_S3_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-minio-user-secret
|
|
key: AWS_ACCESS_KEY_ID
|
|
- name: FILE_STORAGE_S3_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-minio-user-secret
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: FILE_STORAGE_S3_BUCKET_NAME
|
|
value: ryot
|
|
- name: FILE_STORAGE_S3_REGION
|
|
value: us-east-1
|
|
- name: FILE_STORAGE_S3_URL
|
|
value: https://ryot-storage-cl01tl.boreal-beaufort.ts.net
|
|
- name: FRONTEND_DASHBOARD_MESSAGE
|
|
value: Ryot
|
|
- name: FRONTEND_OIDC_BUTTON_LABEL
|
|
value: Authentik Login
|
|
- name: FRONTEND_URL
|
|
value: https://ryot-cl01tl.boreal-beaufort.ts.net
|
|
- name: INTEGRATION_SYNC_EVERY_MINUTES
|
|
value: 5
|
|
- name: MEDIA_MONITORING_REMOVE_AFTER_DAYS
|
|
value: 30
|
|
- name: MOVIES_AND_SHOWS_TMDB_ACCESS_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: tmdb
|
|
- name: MOVIES_AND_SHOWS_TMDB_LOCALE
|
|
value: en
|
|
- name: PODCASTS_ITUNES_LOCALE
|
|
value: en_us
|
|
- name: PODCASTS_LISTENNOTES_API_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: listennotes
|
|
- name: SCHEDULER_RATE_LIMIT_NUM
|
|
value: 5
|
|
- name: SERVER_ADMIN_ACCESS_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: admin_token
|
|
- name: SERVER_OIDC_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-oidc-secret
|
|
key: client_id
|
|
- name: SERVER_OIDC_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-oidc-secret
|
|
key: client_secret
|
|
- name: SERVER_OIDC_ISSUER_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-oidc-secret
|
|
key: issuer_url
|
|
- name: SERVER_DISABLE_BACKGROUND_JOBS
|
|
value: false
|
|
- name: SERVER_GRAPHQL_PLAYGROUND_ENABLED
|
|
value: true
|
|
- name: SERVER_MAX_FILE_SIZE
|
|
value: 70
|
|
- name: SERVER_PROGRESS_UPDATE_THRESHOLD
|
|
value: 2
|
|
- name: SERVER_SLEEP_BEFORE_STARTUP_SECONDS
|
|
value: 0
|
|
- name: USERS_ALLOW_REGISTRATION
|
|
value: true
|
|
- name: USERS_DISABLE_LOCAL_AUTH
|
|
value: false
|
|
- name: USERS_JWT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: jwt_secret
|
|
- name: USERS_TOKEN_VALID_FOR_DAYS
|
|
value: 90
|
|
- name: VIDEO_GAMES_IGDB_IMAGE_SIZE
|
|
value: t_original
|
|
- name: VIDEO_GAMES_TWITCH_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: twitch_client_id
|
|
- name: VIDEO_GAMES_TWITCH_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ryot-key-secret
|
|
key: twitch_client_secret
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
serviceAccount:
|
|
create: true
|
|
service:
|
|
main:
|
|
controller: main
|
|
ports:
|
|
http:
|
|
port: 80
|
|
targetPort: 8000
|
|
protocol: HTTP
|
|
ingress:
|
|
tailscale:
|
|
enabled: true
|
|
className: tailscale
|
|
hosts:
|
|
- host: ryot-cl01tl
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
service:
|
|
name: ryot
|
|
port: 80
|
|
tls:
|
|
- hosts:
|
|
- ryot-cl01tl
|
|
minio:
|
|
existingSecret:
|
|
name: ryot-minio-root-secret
|
|
tenant:
|
|
name: minio-ryot
|
|
configuration:
|
|
name: ryot-minio-config-secret
|
|
pools:
|
|
- servers: 3
|
|
name: pool
|
|
volumesPerServer: 2
|
|
size: 10Gi
|
|
storageClassName: ceph-block
|
|
mountPath: /export
|
|
subPath: /data
|
|
metrics:
|
|
enabled: true
|
|
port: 9000
|
|
protocol: http
|
|
certificate:
|
|
requestAutoCert: false
|
|
ingress:
|
|
api:
|
|
enabled: true
|
|
ingressClassName: tailscale
|
|
annotations:
|
|
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
|
tls:
|
|
- secretName: ryot-storage-cl01tl
|
|
hosts:
|
|
- ryot-storage-cl01tl
|
|
host: ryot-storage-cl01tl
|
|
path: /
|
|
pathType: Prefix
|
|
console:
|
|
enabled: true
|
|
ingressClassName: tailscale
|
|
tls:
|
|
- secretName: minio-ryot-cl01tl
|
|
hosts:
|
|
- minio-ryot-cl01tl
|
|
host: minio-ryot-cl01tl
|
|
path: /
|
|
pathType: Prefix
|
|
postgres-16-cluster:
|
|
mode: standalone
|
|
cluster:
|
|
walStorage:
|
|
storageClass: local-path
|
|
storage:
|
|
storageClass: local-path
|
|
monitoring:
|
|
enabled: true
|
|
backup:
|
|
enabled: true
|
|
endpointURL: https://nyc3.digitaloceanspaces.com
|
|
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ryot/ryot-postgresql-16-cluster
|
|
endpointCredentials: ryot-postgresql-16-cluster-backup-secret
|
|
backupIndex: 1
|