config for invidious on k3s

2025-10-15 04:36:20 +05:30
parent c8cd3b9d49
commit b9a7e42658
6 changed files with 190 additions and 0 deletions
--- a/clusters/default/media/invidious/invidious-config.yml
+++ b/clusters/default/media/invidious/invidious-config.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: invidious-config
+  namespace: media
+data:
+  invidious.yml: |
+    db:
+      dbname: invidious
+      user: kemal
+      password: ${INVIDIOUS_DB_PASSWORD}
+      host: localhost
+      port: 5432
+    check_tables: true
+    invidious_companion:
+    - private_url: "http://localhost:8282/companion"
+    invidious_companion_key: ${INVIDIOUS_COMPANION_KEY}
+    hmac_key: ${INVIDIOUS_HMAC_KEY}
--- a/clusters/default/media/invidious/invidious-db-secrets.yml
+++ b/clusters/default/media/invidious/invidious-db-secrets.yml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: invidious-db-secrets
+  namespace: media
+spec:
+  encryptedData:
+    postgres-db: AgA3wmrLcXT6zd9/GthzLyIDkc5CoyqBFJN7BbMO8lTdn6i+JIiMSf/pEWcla03EUmiqCRlUcaTVVlcCuzIeN9ayfjCDYSbxGjpKvdQmQEXZFf+5CQVcYZjIv6F2I33ZNvHelQFsHaypugx8rhnoIx/UYEA2S5hGoafqXTHJ3YYKUhbynsRi9NRRF2HFvuRQ/cgl0cvwbjtoZSTE9IEP4yNlUC8mDhZDkW3nmX+irVrAqO9sQxJl4/2pMimYCiP4cWbeMV1lulFucI0uL5tycm6CDtOAB5Z7Ysmkwx9ww1nnTr75zBJPydhQab9OUBFe19xIaRNNJVzohXzT39yWY3urdva19Racz7vSduyIVQ8ijWwo6qxOmwUc9Q5dcWU703wAuNl8mzEomy3HKvF57JxY0U2CEId/Q4WgOAmCShTkIqDzTrLUeEFQkrPppCq8Y/jKVDHWxmsP/OaFMTiCs/c9E/Ph5b3J2bVRls/sMGlNy4Q/4tvNt5yYL2I0GrFmNiF6Qb+zgMb5AXv0nPmTBCxksz4dpI99poMbV3DH6yU4CaYFNW3BdyZHygAXb22Kd5R6SGPqwdxduYd3MC6uedTGVFVTRpotnq2JIBLXZG+VB9wiav7P5VKjgBSy+ZnnqnqYbYdaRKPzGHv2wpl0qvEWzWxi8yYh0YKh7GsMlA9lrxPWFum7n98/h9fz+2Y9hdf9zcgVwtqKowc=
+    postgres-password: AgA8wn9Rs8BChdpPT2I4EYohTIJeN7lqxD9EYKsEjB/OyHvOfQ1DGnnEGs5TWiJHYJIvg0X+WvwKyB30EYHTIcfp+yd4iR/PIZJuTlpWTaZ2x/MhLPwb1zZgxaQD4H3c0EGWy+0bTwgudDfOBMVIbz3azZQRKOyHE6/nOvSY98lvIWvkkARBSY0MYDEUdb06+TA6wwT7y02tlWFu8SAbsmPtIDTX47/vkEVaHP1nB5J4bdgHCvxJx1HDcfR/K1bM8bKfYA4TSGFDFioTtJqPjRbrSGTI7R9xGDxBoUAiURt0jzR6DxanzyEOFf0tcs5VkybvKx40O+qX7BFb8XLi6AY5FL0MQmUDd+xmQRUozJaJtxRgR/4B/aauDxHJm2zxGgY3UwJ/4/AfBieRmHdIK2JlGoeRA+42aFJxtiEVfcXiyf3ZGh/iSSw7/78i+jhD74OhgNICTRsHI+J+ABASm6CG1TSByiSTdkpe+ZGjU/nV+IA0XBFvulqEY67IfXsTFhTaHadWZpS5FTnZdSWras4xb595IwtfXqQ2W0t+6PTOJNWpSRm6aSbyLeDCbA9VjK58nSR2lonA4xMxLmWczWIfrq3G/s5QOVTWwsVMIPdhTXAvApevqlpNZOxvNqCsCLsLnqR4+KSApRO1PYpMD50LrakVsXf0ETOanu6XWuK8J84pLyLJyDNu20mVAfmCYzbPM7eZOkNCR6Da6g==
+    postgres-user: AgAiCUAQ1lnZPmopNXDU1lKXdbuGrV6+EjGQRoxnyUolfcxg/4g+a654kyXajQlogYkm41WLgWWhvmulZ5vDlD16IftUuEhornBZgllJS57UIbTq2GDB7cAfqeGh3o0IqtMwu2kaHtssVwIeKpuYkBM3ZfmWWdLXL5ba4mk02PqJRDnfUojINc9Ap7bpHhmhzo3X3JVT9LuLPvhMch2t9e6j6ViVKPKWmS07KDxW8vC6vJJecc+WnsZLd2NGdD3LWyWLWyvMYzaf+hkCD2Ly881cCoyvLsN3HkUfCisgBbfxbbf0abZ9ltCDbGpSYfrOMi1Nd2C9WHPfU5veUl9f9uZ25+SqhU5rBkDnlm5O9aCK0PCFoZJvrZiMpcqp4XtKxLSkvSO25ZhDrF18JYeg9az1RSZNchD+VUyG1bYyVdRzHYAG3uRoa47hPBP/P6hyMHnuiGA6UwNwq4zesiGJ2A2kD3wJnqzwqemoh06Rz16qhQhNn0F9Rm4soW2JXgLxUWyPvPiEd2+oZn89vUQgkPSAP3XVVjq6JKrADU4KgfkJ/eXLIqF13Vmurff8S2WtitBRy4ZcixoL7kruHnHb3UypTyDx60c9TQKc04xYbqV5xM2XIwrwRVZCmUsvEf7Kw0NotQeEkhxP9rcLgDey7iPkyxgguyrVZeKEAE+y33V7iM3BLWjW7fB7trPizkaLLFsUTHMmWw==
+  template:
+    metadata:
+      name: invidious-db-secrets
+      namespace: media
+    type: Opaque
--- a/clusters/default/media/invidious/invidious-pvc.yml
+++ b/clusters/default/media/invidious/invidious-pvc.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: invidious-longhorn
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
--- a/clusters/default/media/invidious/invidious-secrets.yml
+++ b/clusters/default/media/invidious/invidious-secrets.yml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: invidious-secrets
+  namespace: media
+spec:
+  encryptedData:
+    INVIDIOUS_COMPANION_KEY: AgADzaTr1SfMN71XtE8WY/03cJcCi4cBM93oLl0xVkgEVz1Rcwa2Stzp204me+06eDe11baegDYw5vk/dBEOT3CSnPbDkKWjjrCQYxWfx/hi6VwVWRHNX+JC7nQwPNrof7GxwGQIyLiEPXjckn/hf45ujzX381oWpKh5EAXtKyczf6x5ACUOWmo7+f8NVM15d2TgxPNrX/ayifwo9Chk2NiujRR0VvLR3AivbuFLoWFyX5Pxv0GNQD/mqQMOiNu6hpQp5X6vuPPYDP+Z+9am3mMc2dkxDlhCc9HkF95eHaHVFpFZVk3dBN1nQZKzU2BAAdLujOroHY5XykpfJ+xPUJ/5Qz2i0nWjosMJ4KaWZe4S6mgpOPI9AymCrGZrWufy6JRIauWNMlT+T/+mZD/Ln2PbJtaBbTq4b6pffZiW6LHrxtxS2tdn75ZtHfzWA+q7qfHQnsqFQ0T0dbJpHk2pq942Jr0WdGqSVBDwqGdJfpLqsivv0tglOcakdKWG6fZZO9fxP9a/Fo8am3Yo9G46WG4WPCrVuFRwm26Nte9idMoLFJtGxfCEhbngzETE3J0qNvt78LTWRhG0wO3uKL3k6f1w3aWYp4/DmSSMcBU6+xXXCbCqdxR9zmI2HtMfCbdaghxinJU/K3xmJRJoTa5fjt7V6RNKejRwwxRYZzne9nUSLjib9PwkXeVPvYEzA5BRFNUP20GyaMJZ/4obWP66d0QI
+    INVIDIOUS_DB_PASSWORD: AgAryk5AACMNHG20BmHC/WAmuOLm/SemOGMJ+kDDqc1wDYzrWytvlQ73OhsMNuI+OWUTBNN3AZ5G/mnLGIFymDbA2NxFjBRWCDDRzGixKoMbjZqmMjqsm861RMmcBxbC4LnIfIICghjC9CyST13tztS3QNKRWPmkabdbbDuMSZ5U1QJAPUXnFs6MtKlhpwfh538lFKHRgF3U8sfKw8HYA25o170frQWrlqt38pHHh3LuAiAfGLn2D+qLY8ynvmW35UK/S682+cvyQwazNKI6Mkg/x2Xr3AUstnlhuwlTvn/QVsFL1EYjNnPlqtfcXHIZb8aPJ1L+zz9UaTwmSi1JqdtpCEEajHzogAvbvGj8FgwzDQfbudSB/GgL8kYv4BcYFe+6UxmaFUwFg5yECR98ueWw1CmW2Sy/i6TPKsGkyoIi+ip7lpNzO/G6cFSHqwgT01Wdsq9JXyuAXVQHhwdBoQiTeoFWgbEIc5HxvgKuWOlVNpUyaA7o8DofApjRVQmN+mWsRqAaeWIzoCGzqEKynyvG1dAdtVK4fK0GZieAt16oJjTi3Ilf8JOACw9WJltIP1GD0bQioSvvsb2dMGjSDO2FcfnwuGHfEM+EA9KSwsQI5Hlgb979clyQn6fCSJS6/pCfjGozydCsLI9GiSnOuKs29laAjNeQgSs2WYKykkkjpekyqo9hZDbI5tVm95Na5Zeh5dp+RqlYJ4Si3A==
+    INVIDIOUS_HMAC_KEY: AgBHpwItvaGulTBI3AjKagYIpztLqLc022YYV9GlivFfNvdBrroS10vVou9mXdSnGtnSTYiC8Kiee3YtSYow6WsAXku8dk3gL3QgZQ8q+3XYzY8MpiVXvEu2KJYY72dBXmW9xgcYTXLpn0QRYie5O9m+f90IKvo01W+xZ+yTX72aBhHX1pzJfGz53TaJEdfRTGQsGFJxKzaeDwjuWWVQ1ssfAhL7+qjLlllu6l7fyEAd5d2yjxiaMQ4w3ibiaBa5BetVngdZFVTdux67WorzqdswefgsU3PAoHtUdkJAvofb3SbCQPBEwFH13Zu3NA5eBwp1jQ+dRAWL4dFqpso/75F1Ta1ogmKeHwGDX+lKS3p9L1mUA+/6ZzUs7B90BmKn5sc/4s0ktuZD9u5Q7eP6xn3v3dRMVpzcxfqyGqDQzyldBx5sO3j5NtGRb5MbH3HFdYA59/39smguu5Cm+ulVeStcSz7ire/xD03rZIcH2bcgqllb86MT8jlx7OsvPzx/DWfNUB3MnCYgUi+XaE53b7i1mf/L1uKVdRtztcFV5VP7xJLbCeRRwhImas7ap935xTRf04HI4p7spTTtXL+x40D6IM1JyV9hgBbix4mwmbHAxar8sZkoVdeP2kEl/jIRD80TtlmX6BoJ6D+EKwDjJWhWsywhN/F5NHhXr9kOv/PYi4HHlb1sE8oRTo4kGM1cpdG8tqfGpCFTKEHSR8WRZsZ3
+  template:
+    metadata:
+      name: invidious-secrets
+      namespace: media
+    type: Opaque
--- a/clusters/default/media/invidious/invidious-svc.yml
+++ b/clusters/default/media/invidious/invidious-svc.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: invidious-service
+  namespace: media
+spec:
+  type: LoadBalancer
+  selector:
+    app: invidious
+  ports:
+  - port: 3111
+    targetPort: 3000
+    protocol: TCP
--- a/clusters/default/media/invidious/invidious.yml
+++ b/clusters/default/media/invidious/invidious.yml
@@ -0,0 +1,111 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: invidious
+  namespace: media
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: invidious
+  template:
+    metadata:
+      labels:
+        app: invidious
+    spec:
+      initContainers:
+      - name: substitute-config
+        image: alpine
+        envFrom:
+        - secretRef:
+            name: invidious-secrets
+        command:
+        - sh
+        - -c
+        - apk add gettext && envsubst < /mnt/init/invidious.yml > /mnt/invidious.yml
+        volumeMounts:
+        - name: invidious-config
+          mountPath: /mnt/init/invidious.yml
+          subPath: invidious.yml
+        - name: tmp
+          mountPath: /mnt
+          subPath: invidious.yml
+      - name: clean-db-dir
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          rm -rf /var/lib/postgresql/data/lost+found
+        volumeMounts:
+        - name: postgres-data
+          mountPath: /var/lib/postgresql/data
+      - name: postgres
+        image: postgres:15.14
+        restartPolicy: Always
+        env:
+        - name: POSTGRES_DB
+          valueFrom:
+            secretKeyRef:
+              name: invidious-db-secrets
+              key: postgres-db
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: invidious-db-secrets
+              key: postgres-user
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: invidious-db-secrets
+              key: postgres-password
+        volumeMounts:
+        - name: postgres-data
+          mountPath: /var/lib/postgresql/data
+      - name: inv-companion
+        image: quay.io/invidious/invidious-companion@sha256:919112d8c7b40315f815eba5a70ebe55718cdbac2dc9cb4ae2acafbbafb47d8b
+        restartPolicy: Always
+        env:
+        - name: SERVER_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: invidious-secrets
+              key: INVIDIOUS_COMPANION_KEY
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+      containers:
+      - name: invidious
+        image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06
+        command:
+        - sh
+        - -c
+        - |
+          export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" &&
+          exec /invidious/invidious
+        env:
+        - name: INVIDIOUS_PORT
+          value: "3000"
+        ports:
+        - containerPort: 3000
+        volumeMounts:
+        - name: logging
+          mountPath: /var/log/invidious
+        - name: tmp
+          mountPath: /mnt
+          subPath: invidious.yml
+      volumes:
+      - name: logging
+        emptyDir: {}
+      - name: tmp
+        emptyDir: {}
+      - name: invidious-config
+        configMap:
+          name: invidious-config
+      - name: postgres-data
+        persistentVolumeClaim:
+          claimName: invidious-longhorn