diff --git a/cluster/apps/invidious/invidious-configmap.yml b/cluster/apps/invidious/invidious-configmap.yml new file mode 100644 index 0000000..f90edb5 --- /dev/null +++ b/cluster/apps/invidious/invidious-configmap.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: invidious-config + namespace: default +data: + config.yml: | + db: + dbname: invidious + user: kemal + password: ${DB_PASSWORD} + host: invidious-db-service + port: 5432 + check_tables: true + signature_server: inv-sig-helper:12999 + visitor_data: ${VISITOR_DATA} + po_token: ${PO_TOKEN} + port: 3000 diff --git a/cluster/apps/invidious/invidious-db.yml b/cluster/apps/invidious/invidious-db.yml new file mode 100644 index 0000000..7a78ec0 --- /dev/null +++ b/cluster/apps/invidious/invidious-db.yml @@ -0,0 +1,45 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious-db + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: invidious-db + template: + metadata: + labels: + app: invidious-db + spec: + initContainers: + - name: init-cleanup + image: busybox + command: ["rm", "-rf", "/var/lib/postgresql/data/lost+found"] + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + containers: + - name: postgres + image: postgres:14 + env: + - name: POSTGRES_DB + value: invidious + - name: POSTGRES_USER + value: kemal + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: invidious-postgres-secret + key: password + ports: + - containerPort: 5432 + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: longhorn-invidious-config diff --git a/cluster/apps/invidious/invidious-helper.yml b/cluster/apps/invidious/invidious-helper.yml new file mode 100644 index 0000000..13117b3 --- /dev/null +++ b/cluster/apps/invidious/invidious-helper.yml @@ -0,0 +1,30 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: inv-sig-helper + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: inv-sig-helper + template: + metadata: + labels: + app: inv-sig-helper + spec: + containers: + - name: inv-sig-helper + image: quay.io/invidious/inv-sig-helper:master-9073c15 + args: ["--tcp", "0.0.0.0:12999"] + env: + - name: RUST_LOG + value: "info" + ports: + - containerPort: 12999 + securityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL diff --git a/cluster/apps/invidious/invidious-pvc.yml b/cluster/apps/invidious/invidious-pvc.yml new file mode 100644 index 0000000..45b9d87 --- /dev/null +++ b/cluster/apps/invidious/invidious-pvc.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: longhorn-invidious-config + namespace: default +spec: + accessModes: + - ReadWriteMany + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/cluster/apps/invidious/invidious-svc.yml b/cluster/apps/invidious/invidious-svc.yml new file mode 100644 index 0000000..8eef5b1 --- /dev/null +++ b/cluster/apps/invidious/invidious-svc.yml @@ -0,0 +1,57 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-db-service + namespace: default +spec: + selector: + app: invidious-db + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 + +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious + namespace: default +spec: + selector: + app: invidious + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + +--- +apiVersion: v1 +kind: Service +metadata: + name: inv-sig-helper + namespace: default +spec: + selector: + app: inv-sig-helper + ports: + - protocol: TCP + port: 12999 + targetPort: 12999 + +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-service + namespace: default +spec: + type: NodePort + selector: + app: invidious + ports: + - port: 3000 + targetPort: 3000 + nodePort: 3111 + protocol: TCP diff --git a/cluster/apps/invidious/invidious.yml b/cluster/apps/invidious/invidious.yml new file mode 100644 index 0000000..064adb0 --- /dev/null +++ b/cluster/apps/invidious/invidious.yml @@ -0,0 +1,77 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: invidious + template: + metadata: + labels: + app: invidious + spec: + initContainers: + - name: wait-for-db + image: busybox + command: + - sh + - -c + - | + until nc -z -v -w30 invidious-db-service 5432; do + echo "Waiting for database to be ready..." + sleep 2 + done + - name: wait-for-helper + image: busybox + command: + - sh + - -c + - | + until nc -z -v -w30 inv-sig-helper 12999; do + echo "Waiting for helper to be ready..." + sleep 2 + done + containers: + - name: invidious-server + image: quay.io/invidious/invidious:2025.04.04-0c07e9d + ports: + - containerPort: 3000 + env: + - name: hmac_key + valueFrom: + secretKeyRef: + name: invidious-hmac-key + key: key + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: invidious-postgres-secret + key: password + - name: VISITOR_DATA + valueFrom: + secretKeyRef: + name: invidious-secret + key: visitor-data + - name: PO_TOKEN + valueFrom: + secretKeyRef: + name: invidious-secret + key: po-token + - name: INVIDIOUS_CONFIG + valueFrom: + configMapKeyRef: + name: invidious-config + key: config.yml + - name: INVIDIOUS_PORT + value: "3000" + volumeMounts: + - name: config-volume + mountPath: /etc/invidious + volumes: + - name: config-volume + configMap: + name: invidious-config