From 3cde5e28a8d946c1110697946b180027204b5d2c Mon Sep 17 00:00:00 2001 From: Leon Klingele Date: Mon, 3 Feb 2020 23:19:18 +0100 Subject: Add support to run on Kubernetes, add Helm chart See relevant README.md for more details. --- kubernetes/.gitignore | 1 + kubernetes/Chart.lock | 6 ++++ kubernetes/Chart.yaml | 22 +++++++++++++++ kubernetes/README.md | 42 ++++++++++++++++++++++++++++ kubernetes/templates/_helpers.tpl | 16 +++++++++++ kubernetes/templates/configmap.yaml | 11 ++++++++ kubernetes/templates/deployment.yaml | 53 ++++++++++++++++++++++++++++++++++++ kubernetes/templates/hpa.yaml | 18 ++++++++++++ kubernetes/templates/service.yaml | 16 +++++++++++ kubernetes/values.yaml | 51 ++++++++++++++++++++++++++++++++++ 10 files changed, 236 insertions(+) create mode 100644 kubernetes/.gitignore create mode 100644 kubernetes/Chart.lock create mode 100644 kubernetes/Chart.yaml create mode 100644 kubernetes/README.md create mode 100644 kubernetes/templates/_helpers.tpl create mode 100644 kubernetes/templates/configmap.yaml create mode 100644 kubernetes/templates/deployment.yaml create mode 100644 kubernetes/templates/hpa.yaml create mode 100644 kubernetes/templates/service.yaml create mode 100644 kubernetes/values.yaml (limited to 'kubernetes') diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore new file mode 100644 index 00000000..0ad51707 --- /dev/null +++ b/kubernetes/.gitignore @@ -0,0 +1 @@ +/charts/*.tgz diff --git a/kubernetes/Chart.lock b/kubernetes/Chart.lock new file mode 100644 index 00000000..1799798b --- /dev/null +++ b/kubernetes/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 8.3.0 +digest: sha256:1feec3c396cbf27573dc201831ccd3376a4a6b58b2e7618ce30a89b8f5d707fd +generated: "2020-02-07T13:39:38.624846+01:00" diff --git a/kubernetes/Chart.yaml b/kubernetes/Chart.yaml new file mode 100644 index 00000000..0d7791d7 --- /dev/null +++ b/kubernetes/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: invidious +description: Invidious is an alternative front-end to YouTube +version: 1.0.0 +appVersion: 0.20.1 +keywords: +- youtube +- proxy +- video +- privacy +home: https://invidio.us/ +icon: https://raw.githubusercontent.com/omarroth/invidious/05988c1c49851b7d0094fca16aeaf6382a7f64ab/assets/favicon-32x32.png +sources: +- https://github.com/omarroth/invidious +maintainers: +- name: Leon Klingele + email: mail@leonklingele.de +dependencies: +- name: postgresql + version: ~8.3.0 + repository: "https://kubernetes-charts.storage.googleapis.com/" +engine: gotpl diff --git a/kubernetes/README.md b/kubernetes/README.md new file mode 100644 index 00000000..163e9cd7 --- /dev/null +++ b/kubernetes/README.md @@ -0,0 +1,42 @@ +# Invidious Helm chart + +Easily deploy Invidious to Kubernetes. + +## Installing Helm chart + +```sh +# Build Helm dependencies +$ helm dep build + +# Add PostgreSQL init scripts +$ kubectl create configmap invidious-postgresql-init \ + --from-file=../config/sql/channels.sql \ + --from-file=../config/sql/videos.sql \ + --from-file=../config/sql/channel_videos.sql \ + --from-file=../config/sql/users.sql \ + --from-file=../config/sql/session_ids.sql \ + --from-file=../config/sql/nonces.sql \ + --from-file=../config/sql/annotations.sql \ + --from-file=../config/sql/playlists.sql \ + --from-file=../config/sql/playlist_videos.sql \ + --from-file=../config/sql/privacy.sql + +# Install Helm app to your Kubernetes cluster +$ helm install invidious ./ +``` + +## Upgrading + +```sh +# Upgrading is easy, too! +$ helm upgrade invidious ./ +``` + +## Uninstall + +```sh +# Get rid of everything (except database) +$ helm delete invidious + +# To also delete the database, remove all invidious-postgresql PVCs +``` diff --git a/kubernetes/templates/_helpers.tpl b/kubernetes/templates/_helpers.tpl new file mode 100644 index 00000000..52158b78 --- /dev/null +++ b/kubernetes/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "invidious.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "invidious.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/templates/configmap.yaml b/kubernetes/templates/configmap.yaml new file mode 100644 index 00000000..58542a31 --- /dev/null +++ b/kubernetes/templates/configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "invidious.fullname" . }} + labels: + app: {{ template "invidious.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} +data: + INVIDIOUS_CONFIG: | +{{ toYaml .Values.config | indent 4 }} diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml new file mode 100644 index 00000000..34156127 --- /dev/null +++ b/kubernetes/templates/deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "invidious.fullname" . }} + labels: + app: {{ template "invidious.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "invidious.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "invidious.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 3000 + env: + - name: INVIDIOUS_CONFIG + valueFrom: + configMapKeyRef: + key: INVIDIOUS_CONFIG + name: {{ template "invidious.fullname" . }} + securityContext: + allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }} + capabilities: + drop: + - ALL + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + httpGet: + port: 3000 + path: / + livenessProbe: + httpGet: + port: 3000 + path: / + restartPolicy: Always diff --git a/kubernetes/templates/hpa.yaml b/kubernetes/templates/hpa.yaml new file mode 100644 index 00000000..c6fbefe2 --- /dev/null +++ b/kubernetes/templates/hpa.yaml @@ -0,0 +1,18 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "invidious.fullname" . }} + labels: + app: {{ template "invidious.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "invidious.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + targetCPUUtilizationPercentage: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} +{{- end }} diff --git a/kubernetes/templates/service.yaml b/kubernetes/templates/service.yaml new file mode 100644 index 00000000..56bdea2e --- /dev/null +++ b/kubernetes/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "invidious.fullname" . }} + labels: + app: {{ template "invidious.name" . }} + chart: {{ .Chart.Name }} + release: {{ .Release.Name }} +spec: + ports: + - name: http + port: 3000 + targetPort: 3000 + selector: + app: {{ template "invidious.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/values.yaml b/kubernetes/values.yaml new file mode 100644 index 00000000..ce32b257 --- /dev/null +++ b/kubernetes/values.yaml @@ -0,0 +1,51 @@ +name: invidious + +image: + repository: omarroth/invidious + tag: latest + pullPolicy: Always + +replicaCount: 1 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 16 + targetCPUUtilizationPercentage: 50 + +resources: {} + #requests: + # cpu: 100m + # memory: 64Mi + #limits: + # cpu: 800m + # memory: 512Mi + +securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + +# See https://github.com/helm/charts/tree/master/stable/postgresql +postgresql: + postgresqlUsername: kemal + postgresqlPassword: kemal + postgresqlDatabase: invidious + initdbUsername: kemal + initdbPassword: kemal + initdbScriptsConfigMap: invidious-postgresql-init + +# Adapted from ../config/config.yml +config: + channel_threads: 1 + feed_threads: 1 + db: + user: kemal + password: kemal + host: invidious-postgresql + port: 5432 + dbname: invidious + full_refresh: false + https_only: false + domain: -- cgit v1.2.3 From c80c5631f0483c32c3b86bad3584c349a61b4b92 Mon Sep 17 00:00:00 2001 From: leonklingele Date: Sun, 1 Mar 2020 17:06:45 +0100 Subject: docker: do not require password for PostgreSQL superuser, docker,kubernetes: create "privacy" type before using it, travis: do not run "docker-compose up" in detached mode (#1042) * docker: do not require password for PostgreSQL superuser A password is now required by the postgres Docker image which makes initial setup (and our CI build) fail with the following error: postgres_1 | Error: Database is uninitialized and superuser password is not specified. postgres_1 | You must specify POSTGRES_PASSWORD for the superuser. Use postgres_1 | "-e POSTGRES_PASSWORD=password" to set it in "docker run". postgres_1 | postgres_1 | You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections postgres_1 | without a password. This is *not* recommended. See PostgreSQL postgres_1 | documentation about "trust": postgres_1 | https://www.postgresql.org/docs/current/auth-trust.html See https://github.com/docker-library/postgres/issues/681. * docker,kubernetes: create PostgreSQL "privacy" type before using it Fixes the following error when setting up the database: postgres_1 | 2020-02-21 01:01:22.371 UTC [172] ERROR: type "privacy" does not exist at character 200 postgres_1 | 2020-02-21 01:01:22.371 UTC [172] STATEMENT: CREATE TABLE public.playlists postgres_1 | ( postgres_1 | title text, postgres_1 | id text primary key, postgres_1 | author text, postgres_1 | description text, postgres_1 | video_count integer, postgres_1 | created timestamptz, postgres_1 | updated timestamptz, postgres_1 | privacy privacy, postgres_1 | index int8[] postgres_1 | ); postgres_1 | ERROR: type "privacy" does not exist postgres_1 | LINE 10: privacy privacy, * travis: do not run "docker-compose up" in detached mode Rather, allow database to finish its setup procedure and grant Invidious time to launch. --- .travis.yml | 2 +- docker/Dockerfile.postgres | 3 +++ kubernetes/README.md | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) (limited to 'kubernetes') diff --git a/.travis.yml b/.travis.yml index 314abc73..8b83db2a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,7 @@ jobs: install: - docker-compose build script: - - docker-compose up -d + - docker-compose up - sleep 15 # Wait for cluster to become ready, TODO: do not sleep - HEADERS="$(curl -I -s http://localhost:3000/)" - STATUS="$(echo $HEADERS | head -n1)" diff --git a/docker/Dockerfile.postgres b/docker/Dockerfile.postgres index 720bdff8..3b25b802 100644 --- a/docker/Dockerfile.postgres +++ b/docker/Dockerfile.postgres @@ -1,6 +1,9 @@ FROM postgres:10 ENV POSTGRES_USER postgres +# Do not require a PostgreSQL superuser password. +# See https://github.com/docker-library/postgres/issues/681. +ENV POSTGRES_HOST_AUTH_METHOD trust ADD ./config/sql /config/sql ADD ./docker/entrypoint.postgres.sh /entrypoint.sh diff --git a/kubernetes/README.md b/kubernetes/README.md index 163e9cd7..1c62f469 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -17,9 +17,9 @@ $ kubectl create configmap invidious-postgresql-init \ --from-file=../config/sql/session_ids.sql \ --from-file=../config/sql/nonces.sql \ --from-file=../config/sql/annotations.sql \ + --from-file=../config/sql/privacy.sql \ --from-file=../config/sql/playlists.sql \ - --from-file=../config/sql/playlist_videos.sql \ - --from-file=../config/sql/privacy.sql + --from-file=../config/sql/playlist_videos.sql # Install Helm app to your Kubernetes cluster $ helm install invidious ./ -- cgit v1.2.3 From 61150c74d21bc98e4b819602bbca67ca23b82dc0 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Tue, 14 Apr 2020 18:08:58 -0500 Subject: Move privacy type into playlists.sql --- README.md | 1 - config/sql/playlists.sql | 11 +++++++++++ config/sql/privacy.sql | 10 ---------- docker/entrypoint.postgres.sh | 1 - kubernetes/README.md | 1 - 5 files changed, 11 insertions(+), 13 deletions(-) delete mode 100644 config/sql/privacy.sql (limited to 'kubernetes') diff --git a/README.md b/README.md index 3d453208..d8cc1c6e 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,6 @@ $ psql invidious kemal < /home/invidious/invidious/config/sql/users.sql $ psql invidious kemal < /home/invidious/invidious/config/sql/session_ids.sql $ psql invidious kemal < /home/invidious/invidious/config/sql/nonces.sql $ psql invidious kemal < /home/invidious/invidious/config/sql/annotations.sql -$ psql invidious kemal < /home/invidious/invidious/config/sql/privacy.sql $ psql invidious kemal < /home/invidious/invidious/config/sql/playlists.sql $ psql invidious kemal < /home/invidious/invidious/config/sql/playlist_videos.sql $ exit diff --git a/config/sql/playlists.sql b/config/sql/playlists.sql index 46ff30ec..468496cb 100644 --- a/config/sql/playlists.sql +++ b/config/sql/playlists.sql @@ -1,3 +1,14 @@ +-- Type: public.privacy + +-- DROP TYPE public.privacy; + +CREATE TYPE public.privacy AS ENUM +( + 'Public', + 'Unlisted', + 'Private' +); + -- Table: public.playlists -- DROP TABLE public.playlists; diff --git a/config/sql/privacy.sql b/config/sql/privacy.sql deleted file mode 100644 index 4356813e..00000000 --- a/config/sql/privacy.sql +++ /dev/null @@ -1,10 +0,0 @@ --- Type: public.privacy - --- DROP TYPE public.privacy; - -CREATE TYPE public.privacy AS ENUM -( - 'Public', - 'Unlisted', - 'Private' -); diff --git a/docker/entrypoint.postgres.sh b/docker/entrypoint.postgres.sh index 1588c56c..be6f6782 100755 --- a/docker/entrypoint.postgres.sh +++ b/docker/entrypoint.postgres.sh @@ -19,7 +19,6 @@ if [ ! -f /var/lib/postgresql/data/setupFinished ]; then su postgres -c 'psql invidious kemal < config/sql/session_ids.sql' su postgres -c 'psql invidious kemal < config/sql/nonces.sql' su postgres -c 'psql invidious kemal < config/sql/annotations.sql' - su postgres -c 'psql invidious kemal < config/sql/privacy.sql' su postgres -c 'psql invidious kemal < config/sql/playlists.sql' su postgres -c 'psql invidious kemal < config/sql/playlist_videos.sql' touch /var/lib/postgresql/data/setupFinished diff --git a/kubernetes/README.md b/kubernetes/README.md index 1c62f469..35478f99 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -17,7 +17,6 @@ $ kubectl create configmap invidious-postgresql-init \ --from-file=../config/sql/session_ids.sql \ --from-file=../config/sql/nonces.sql \ --from-file=../config/sql/annotations.sql \ - --from-file=../config/sql/privacy.sql \ --from-file=../config/sql/playlists.sql \ --from-file=../config/sql/playlist_videos.sql -- cgit v1.2.3 From da9133c3c35388f9175b6e4ea650a545bb73f191 Mon Sep 17 00:00:00 2001 From: Dennis Zhang Date: Sat, 5 Sep 2020 13:46:51 -0700 Subject: add service values --- kubernetes/Chart.yaml | 2 +- kubernetes/templates/service.yaml | 6 +++++- kubernetes/values.yaml | 5 +++++ 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'kubernetes') diff --git a/kubernetes/Chart.yaml b/kubernetes/Chart.yaml index 0d7791d7..bb0838ad 100644 --- a/kubernetes/Chart.yaml +++ b/kubernetes/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: invidious description: Invidious is an alternative front-end to YouTube -version: 1.0.0 +version: 1.1.0 appVersion: 0.20.1 keywords: - youtube diff --git a/kubernetes/templates/service.yaml b/kubernetes/templates/service.yaml index 56bdea2e..01454d4e 100644 --- a/kubernetes/templates/service.yaml +++ b/kubernetes/templates/service.yaml @@ -7,10 +7,14 @@ metadata: chart: {{ .Chart.Name }} release: {{ .Release.Name }} spec: + type: {{ .Values.service.type }} ports: - name: http - port: 3000 + port: {{ .Values.service.port }} targetPort: 3000 selector: app: {{ template "invidious.name" . }} release: {{ .Release.Name }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} diff --git a/kubernetes/values.yaml b/kubernetes/values.yaml index ce32b257..7f3dcdfd 100644 --- a/kubernetes/values.yaml +++ b/kubernetes/values.yaml @@ -13,6 +13,11 @@ autoscaling: maxReplicas: 16 targetCPUUtilizationPercentage: 50 +service: + type: clusterIP + port: 3000 + # loadBalancerIP: + resources: {} #requests: # cpu: 100m -- cgit v1.2.3 From 8408ceffe8b9a8e081ec2b2bdd621a9ab612be43 Mon Sep 17 00:00:00 2001 From: Dennis Zhang Date: Sat, 5 Sep 2020 17:12:21 -0700 Subject: also add initial delay --- kubernetes/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) (limited to 'kubernetes') diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml index 34156127..eec407b0 100644 --- a/kubernetes/templates/deployment.yaml +++ b/kubernetes/templates/deployment.yaml @@ -50,4 +50,5 @@ spec: httpGet: port: 3000 path: / + initialDelaySeconds: 15 restartPolicy: Always -- cgit v1.2.3 From b860c69fd7a7bc641ff7a2b0a7390af32b8d40f7 Mon Sep 17 00:00:00 2001 From: Dennis Zhang Date: Sat, 5 Sep 2020 19:51:58 -0700 Subject: Add initContainer to check for postgres up --- kubernetes/templates/deployment.yaml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'kubernetes') diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml index eec407b0..d63747a7 100644 --- a/kubernetes/templates/deployment.yaml +++ b/kubernetes/templates/deployment.yaml @@ -23,6 +23,13 @@ spec: runAsUser: {{ .Values.securityContext.runAsUser }} runAsGroup: {{ .Values.securityContext.runAsGroup }} fsGroup: {{ .Values.securityContext.fsGroup }} + initContainers: + - name: wait-for-postgresql + image: postgres + args: + - /bin/sh + - -c + - until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.port }}; do echo waiting for database; sleep 2; done; containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" -- cgit v1.2.3 From 4a56ba34d4840fcad2f97f2b68191b7f1388f7c8 Mon Sep 17 00:00:00 2001 From: Dennis Zhang Date: Sun, 6 Sep 2020 00:37:05 -0700 Subject: Fix pg_is ready user --- kubernetes/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kubernetes') diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml index d63747a7..bb0b832f 100644 --- a/kubernetes/templates/deployment.yaml +++ b/kubernetes/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: args: - /bin/sh - -c - - until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.port }}; do echo waiting for database; sleep 2; done; + - until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.user }}; do echo waiting for database; sleep 2; done; containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" -- cgit v1.2.3 From fa3eb185aba77a59896a64f67113178b371e0b32 Mon Sep 17 00:00:00 2001 From: Dennis Zhang Date: Sun, 6 Sep 2020 00:37:43 -0700 Subject: Remove space --- kubernetes/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kubernetes') diff --git a/kubernetes/values.yaml b/kubernetes/values.yaml index 7f3dcdfd..4d037022 100644 --- a/kubernetes/values.yaml +++ b/kubernetes/values.yaml @@ -16,7 +16,7 @@ autoscaling: service: type: clusterIP port: 3000 - # loadBalancerIP: + #loadBalancerIP: resources: {} #requests: -- cgit v1.2.3