will/porthole
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename tline to porthole

Browse Source
This commit is contained in:
OpenCode Test
2025-12-24 11:03:53 -08:00
parent e1a64aa092
commit 2a334c56ac
20 changed files with 42 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helm/porthole/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
name: porthole
description: Timeline media library (porthole)
type: application
version: 0.1.0
appVersion: "0.0.0"

154
helm/porthole/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,154 @@
{{- define "tline.name" -}}
{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "tline.fullname" -}}
{{- if .Values.global.fullnameOverride -}}
{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name (include "tline.name" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- define "tline.labels" -}}
app.kubernetes.io/name: {{ include "tline.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | quote }}
{{- end -}}
{{- define "tline.selectorLabels" -}}
app.kubernetes.io/name: {{ include "tline.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "tline.componentName" -}}
{{- printf "%s-%s" (include "tline.fullname" .) .component | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "tline.storageClass" -}}
{{- $sc := .storageClass | default "" -}}
{{- if $sc -}}
{{- $sc -}}
{{- else if .Values.global.storageClass -}}
{{- .Values.global.storageClass -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "tline.affinity" -}}
{{- $class := .schedulingClass | default "compute" -}}
{{- $sched := index .Values.scheduling $class -}}
{{- if $sched.affinity -}}
{{- toYaml $sched.affinity -}}
{{- end -}}
{{- end -}}
{{- define "tline.tolerations" -}}
{{- $class := .schedulingClass | default "compute" -}}
{{- $sched := index .Values.scheduling $class -}}
{{- if $sched.tolerations -}}
{{- toYaml $sched.tolerations -}}
{{- end -}}
{{- end -}}
{{- define "tline.secretName" -}}
{{- if .Values.secrets.existingSecret -}}
{{- .Values.secrets.existingSecret -}}
{{- else -}}
{{- printf "%s-secrets" (include "tline.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "tline.databaseUrl" -}}
{{- if .Values.app.databaseUrl -}}
{{- .Values.app.databaseUrl -}}
{{- else if not .Values.postgres.enabled -}}
{{- fail "app.databaseUrl is required when postgres.enabled=false" -}}
{{- else if .Values.secrets.existingSecret -}}
{{- fail "app.databaseUrl is required when secrets.existingSecret is set (password not available in values)" -}}
{{- else -}}
{{- $svc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "postgres") -}}
{{- printf "postgres://%s:%s@%s:%d/%s" .Values.secrets.postgres.user .Values.secrets.postgres.password $svc (.Values.postgres.service.port | int) .Values.secrets.postgres.database -}}
{{- end -}}
{{- end -}}
{{- define "tline.redisUrl" -}}
{{- if .Values.app.redisUrl -}}
{{- .Values.app.redisUrl -}}
{{- else if not .Values.redis.enabled -}}
{{- fail "app.redisUrl is required when redis.enabled=false" -}}
{{- else -}}
{{- $svc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "redis") -}}
{{- printf "redis://%s:%d" $svc (.Values.redis.service.port | int) -}}
{{- end -}}
{{- end -}}
{{- define "tline.minioInternalEndpoint" -}}
{{- if .Values.app.minio.internalEndpoint -}}
{{- .Values.app.minio.internalEndpoint -}}
{{- else if not .Values.minio.enabled -}}
{{- fail "app.minio.internalEndpoint is required when minio.enabled=false" -}}
{{- else -}}
{{- $svc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") -}}
{{- printf "http://%s:%d" $svc (.Values.minio.service.s3Port | int) -}}
{{- end -}}
{{- end -}}
{{- define "tline.minioPublicEndpointTs" -}}
{{- if .Values.app.minio.publicEndpointTs -}}
{{- .Values.app.minio.publicEndpointTs -}}
{{- else if and .Values.global.tailscale.enabled .Values.global.tailscale.tailnetFQDN -}}
{{- $label := .Values.minio.ingressS3.hostnameLabel -}}
{{- if .Values.minio.tailscaleServiceS3.enabled -}}
{{- $label = .Values.minio.tailscaleServiceS3.hostnameLabel -}}
{{- end -}}
{{- printf "https://%s.%s" $label .Values.global.tailscale.tailnetFQDN -}}
{{- else if .Values.minio.enabled -}}
{{- $svc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") -}}
{{- printf "http://%s:%d" $svc (.Values.minio.service.s3Port | int) -}}
{{- else -}}
{{- fail "app.minio.publicEndpointTs is required when minio.enabled=false and no tailscale tailnetFQDN is set" -}}
{{- end -}}
{{- end -}}
{{- define "tline.image" -}}
{{- $repo := .repository | default "" -}}
{{- $tag := .tag | default "" -}}
{{- if or (not $repo) (not $tag) -}}
{{- fail "image repository and tag must be set" -}}
{{- end -}}
{{- printf "%s:%s" $repo $tag -}}
{{- end -}}
{{- define "tline.migrateImage" -}}
{{- $repo := .Values.jobs.migrate.image.repository | default .Values.images.worker.repository -}}
{{- $tag := .Values.jobs.migrate.image.tag | default .Values.images.worker.tag -}}
{{- $policy := .Values.jobs.migrate.image.pullPolicy | default .Values.images.worker.pullPolicy -}}
{{- if or (not $repo) (not $tag) -}}
{{- fail "migrate image repository/tag must be set (jobs.migrate.image or images.worker)" -}}
{{- end -}}
{{- dict "image" (printf "%s:%s" $repo $tag) "pullPolicy" $policy | toYaml -}}
{{- end -}}
{{- define "tline.registrySecretName" -}}
{{- if .Values.registrySecret.name -}}
{{- .Values.registrySecret.name -}}
{{- else -}}
{{- printf "%s-registry" (include "tline.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "tline.imagePullSecrets" -}}
{{- $secrets := .Values.imagePullSecrets | default (list) -}}
{{- if .Values.registrySecret.create -}}
{{- $secrets = append $secrets (include "tline.registrySecretName" .) -}}
{{- end -}}
{{- if gt (len $secrets) 0 -}}
imagePullSecrets:
{{- range $name := $secrets }}
- name: {{ $name | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

17
helm/porthole/templates/configmap.yaml.tpl Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "config") }}
labels:
{{ include "tline.labels" . | indent 4 }}
data:
APP_NAME: {{ .Values.app.name | quote }}
NEXT_PUBLIC_APP_NAME: {{ .Values.app.name | quote }}
QUEUE_NAME: {{ .Values.app.queueName | quote }}
DATABASE_URL: {{ include "tline.databaseUrl" . | quote }}
REDIS_URL: {{ include "tline.redisUrl" . | quote }}
MINIO_INTERNAL_ENDPOINT: {{ include "tline.minioInternalEndpoint" . | quote }}
MINIO_PUBLIC_ENDPOINT_TS: {{ include "tline.minioPublicEndpointTs" . | quote }}
MINIO_REGION: {{ .Values.app.minio.region | quote }}
MINIO_BUCKET: {{ .Values.app.minio.bucket | quote }}
MINIO_PRESIGN_EXPIRES_SECONDS: {{ .Values.app.minio.presignExpiresSeconds | quote }}

64
helm/porthole/templates/cronjob-cleanup-staging.yaml.tpl Normal file
View File

@@ -0,0 +1,64 @@
{{- if and .Values.cronjobs.cleanupStaging.enabled .Values.minio.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "cleanup-staging") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: cleanup-staging
spec:
schedule: {{ .Values.cronjobs.cleanupStaging.schedule | quote }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 1
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 12 }}
app.kubernetes.io/component: cleanup-staging
spec:
restartPolicy: Never
{{ include "tline.imagePullSecrets" . | indent 10 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 12 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 12 }}
{{- end }}
containers:
- name: cleanup
image: {{ printf "%s:%s" .Values.cronjobs.cleanupStaging.image.repository .Values.cronjobs.cleanupStaging.image.tag | quote }}
imagePullPolicy: {{ .Values.cronjobs.cleanupStaging.image.pullPolicy }}
command:
- sh
- -c
- |
set -eu
echo "Configuring mc alias..."
{{- $minioSvc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") -}}
{{- $minioEndpoint := printf "http://%s:%d" $minioSvc (.Values.minio.service.s3Port | int) -}}
mc alias set local {{ $minioEndpoint | quote }} "$MINIO_ACCESS_KEY_ID" "$MINIO_SECRET_ACCESS_KEY"
echo "Removing staged objects older than {{ .Values.cronjobs.cleanupStaging.olderThanDays }}d..."
mc rm --recursive --force --older-than "{{ .Values.cronjobs.cleanupStaging.olderThanDays }}d" "local/{{ .Values.app.minio.bucket }}/staging" || true
env:
- name: MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_ACCESS_KEY_ID
- name: MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_SECRET_ACCESS_KEY
resources:
{{ toYaml .Values.cronjobs.cleanupStaging.resources | indent 16 }}
{{- end }}

120
helm/porthole/templates/ingress-tailscale.yaml.tpl Normal file
View File

@@ -0,0 +1,120 @@
{{- if and .Values.global.tailscale.enabled .Values.web.enabled .Values.web.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "web") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: web
annotations:
{{- if .Values.global.tailscale.proxyGroup.enabled }}
tailscale.com/proxy-group: {{ .Values.global.tailscale.proxyGroup.name | quote }}
{{- end }}
{{- if .Values.web.ingress.funnel }}
tailscale.com/funnel: "true"
{{- end }}
{{- if .Values.web.ingress.tags }}
tailscale.com/tags: {{ join "," .Values.web.ingress.tags | quote }}
{{- end }}
{{- with .Values.web.ingress.extraAnnotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.global.tailscale.ingressClassName }}
tls:
- hosts:
- {{ .Values.web.ingress.hostnameLabel | quote }}
rules:
- host: {{ .Values.web.ingress.hostnameLabel | quote }}
http:
paths:
- path: {{ .Values.web.ingress.path }}
pathType: {{ .Values.web.ingress.pathType }}
backend:
service:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "web") }}
port:
number: {{ .Values.web.service.port }}
{{ end }}
{{- $disableMinioS3Ingress := and .Values.minio.tailscaleServiceS3.enabled (.Values.minio.ingressS3DisabledWhenTailscaleService | default true) -}}
{{- if and .Values.global.tailscale.enabled .Values.minio.enabled .Values.minio.ingressS3.enabled (not $disableMinioS3Ingress) -}}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: minio
annotations:
{{- if .Values.global.tailscale.proxyGroup.enabled }}
tailscale.com/proxy-group: {{ .Values.global.tailscale.proxyGroup.name | quote }}
{{- end }}
{{- if .Values.minio.ingressS3.funnel }}
tailscale.com/funnel: "true"
{{- end }}
{{- if .Values.minio.ingressS3.tags }}
tailscale.com/tags: {{ join "," .Values.minio.ingressS3.tags | quote }}
{{- end }}
{{- with .Values.minio.ingressS3.extraAnnotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.global.tailscale.ingressClassName }}
tls:
- hosts:
- {{ .Values.minio.ingressS3.hostnameLabel | quote }}
rules:
- host: {{ .Values.minio.ingressS3.hostnameLabel | quote }}
http:
paths:
- path: {{ .Values.minio.ingressS3.path }}
pathType: {{ .Values.minio.ingressS3.pathType }}
backend:
service:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") }}
port:
number: {{ .Values.minio.service.s3Port }}
{{ end }}
{{- $disableMinioConsoleIngress := and .Values.minio.tailscaleServiceConsole.enabled (.Values.minio.ingressConsoleDisabledWhenTailscaleService | default true) -}}
{{- if and .Values.global.tailscale.enabled .Values.minio.enabled .Values.minio.ingressConsole.enabled (not $disableMinioConsoleIngress) -}}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio-console") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: minio
annotations:
{{- if .Values.global.tailscale.proxyGroup.enabled }}
tailscale.com/proxy-group: {{ .Values.global.tailscale.proxyGroup.name | quote }}
{{- end }}
{{- if .Values.minio.ingressConsole.funnel }}
tailscale.com/funnel: "true"
{{- end }}
{{- if .Values.minio.ingressConsole.tags }}
tailscale.com/tags: {{ join "," .Values.minio.ingressConsole.tags | quote }}
{{- end }}
{{- with .Values.minio.ingressConsole.extraAnnotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.global.tailscale.ingressClassName }}
tls:
- hosts:
- {{ .Values.minio.ingressConsole.hostnameLabel | quote }}
rules:
- host: {{ .Values.minio.ingressConsole.hostnameLabel | quote }}
http:
paths:
- path: {{ .Values.minio.ingressConsole.path }}
pathType: {{ .Values.minio.ingressConsole.pathType }}
backend:
service:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") }}
port:
number: {{ .Values.minio.service.consolePort }}
{{- end }}

64
helm/porthole/templates/job-ensure-bucket.yaml.tpl Normal file
View File

@@ -0,0 +1,64 @@
{{- if and .Values.jobs.ensureBucket.enabled .Values.minio.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "ensure-bucket") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: ensure-bucket
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-20"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 2
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: ensure-bucket
spec:
restartPolicy: Never
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: ensure-bucket
image: {{ printf "%s:%s" .Values.jobs.ensureBucket.image.repository .Values.jobs.ensureBucket.image.tag | quote }}
imagePullPolicy: {{ .Values.jobs.ensureBucket.image.pullPolicy }}
command:
- sh
- -c
- |
set -eu
echo "Configuring mc alias..."
{{- $minioSvc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") -}}
{{- $minioEndpoint := printf "http://%s:%d" $minioSvc (.Values.minio.service.s3Port | int) -}}
mc alias set local {{ $minioEndpoint | quote }} "$MINIO_ACCESS_KEY_ID" "$MINIO_SECRET_ACCESS_KEY"
echo "Ensuring bucket exists: {{ .Values.app.minio.bucket }}"
mc mb --ignore-existing "local/{{ .Values.app.minio.bucket }}"
# Never mutate or delete originals/**. This job only ensures the bucket exists.
env:
- name: MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_ACCESS_KEY_ID
- name: MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_SECRET_ACCESS_KEY
resources:
{{ toYaml .Values.jobs.ensureBucket.resources | indent 12 }}
{{- end }}

51
helm/porthole/templates/job-migrate.yaml.tpl Normal file
View File

@@ -0,0 +1,51 @@
{{- if .Values.jobs.migrate.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "migrate") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: migrate
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 3
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: migrate
spec:
restartPolicy: Never
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.postgres.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.postgres.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: migrate
{{- $img := fromYaml (include "tline.migrateImage" .) }}
image: {{ $img.image | quote }}
imagePullPolicy: {{ $img.pullPolicy }}
command:
- bun
- run
- packages/db/src/migrate.ts
envFrom:
- configMapRef:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "config") }}
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: POSTGRES_PASSWORD
{{- end }}

107
helm/porthole/templates/minio.yaml.tpl Normal file
View File

@@ -0,0 +1,107 @@
{{- if .Values.minio.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: minio
spec:
type: ClusterIP
ports:
- name: s3
port: {{ .Values.minio.service.s3Port }}
targetPort: s3
- name: console
port: {{ .Values.minio.service.consolePort }}
targetPort: console
selector:
{{ include "tline.selectorLabels" . | indent 4 }}
app.kubernetes.io/component: minio
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: minio
spec:
serviceName: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") }}
replicas: 1
selector:
matchLabels:
{{ include "tline.selectorLabels" . | indent 6 }}
app.kubernetes.io/component: minio
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: minio
spec:
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: minio
image: {{ printf "%s:%s" .Values.images.minio.repository .Values.images.minio.tag | quote }}
imagePullPolicy: {{ .Values.images.minio.pullPolicy }}
args:
- server
- /data
- "--console-address=:{{ .Values.minio.service.consolePort }}"
ports:
- name: s3
containerPort: 9000
- name: console
containerPort: 9001
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_ACCESS_KEY_ID
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_SECRET_ACCESS_KEY
readinessProbe:
httpGet:
path: /minio/health/ready
port: s3
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /minio/health/live
port: s3
initialDelaySeconds: 20
periodSeconds: 10
resources:
{{ toYaml .Values.minio.resources | indent 12 }}
volumeMounts:
- name: data
mountPath: /data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
{{- $sc := include "tline.storageClass" (dict "Values" .Values "storageClass" .Values.minio.storage.storageClass) -}}
{{- if $sc }}
storageClassName: {{ $sc | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.minio.storage.size | quote }}
{{- end }}

100
helm/porthole/templates/postgres.yaml.tpl Normal file
View File

@@ -0,0 +1,100 @@
{{- if .Values.postgres.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "postgres") }}
labels:
{{ include "tline.labels" . | indent 4 }}
spec:
type: ClusterIP
ports:
- name: postgres
port: {{ .Values.postgres.service.port }}
targetPort: postgres
selector:
{{ include "tline.selectorLabels" . | indent 4 }}
app.kubernetes.io/component: postgres
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "postgres") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: postgres
spec:
serviceName: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "postgres") }}
replicas: 1
selector:
matchLabels:
{{ include "tline.selectorLabels" . | indent 6 }}
app.kubernetes.io/component: postgres
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: postgres
spec:
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.postgres.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.postgres.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: postgres
image: {{ printf "%s:%s" .Values.images.postgres.repository .Values.images.postgres.tag | quote }}
imagePullPolicy: {{ .Values.images.postgres.pullPolicy }}
ports:
- name: postgres
containerPort: 5432
env:
- name: POSTGRES_USER
value: {{ .Values.secrets.postgres.user | quote }}
- name: POSTGRES_DB
value: {{ .Values.secrets.postgres.database | quote }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: POSTGRES_PASSWORD
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"
initialDelaySeconds: 5
periodSeconds: 5
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"
initialDelaySeconds: 20
periodSeconds: 10
resources:
{{ toYaml .Values.postgres.resources | indent 12 }}
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
{{- $sc := include "tline.storageClass" (dict "Values" .Values "storageClass" .Values.postgres.storage.storageClass) -}}
{{- if $sc }}
storageClassName: {{ $sc | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.postgres.storage.size | quote }}
{{- end }}

57
helm/porthole/templates/redis.yaml.tpl Normal file
View File

@@ -0,0 +1,57 @@
{{- if .Values.redis.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "redis") }}
labels:
{{ include "tline.labels" . | indent 4 }}
spec:
type: ClusterIP
ports:
- name: redis
port: {{ .Values.redis.service.port }}
targetPort: redis
selector:
{{ include "tline.selectorLabels" . | indent 4 }}
app.kubernetes.io/component: redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "redis") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: redis
spec:
replicas: 1
selector:
matchLabels:
{{ include "tline.selectorLabels" . | indent 6 }}
app.kubernetes.io/component: redis
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: redis
spec:
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.redis.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.redis.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: redis
image: {{ printf "%s:%s" .Values.images.redis.repository .Values.images.redis.tag | quote }}
imagePullPolicy: {{ .Values.images.redis.pullPolicy }}
ports:
- name: redis
containerPort: 6379
resources:
{{ toYaml .Values.redis.resources | indent 12 }}
{{- end }}

40
helm/porthole/templates/secret.yaml.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{- if not .Values.secrets.existingSecret -}}
{{- $existing := lookup "v1" "Secret" .Release.Namespace (include "tline.secretName" .) -}}
{{- $existingData := dict -}}
{{- if $existing -}}
{{- $existingData = (get $existing "data") | default dict -}}
{{- end -}}
{{- $pgPassB64 := (get $existingData "POSTGRES_PASSWORD") | default (randAlphaNum 32 | b64enc) -}}
{{- $minioKeyB64 := (get $existingData "MINIO_ACCESS_KEY_ID") | default (randAlphaNum 20 | b64enc) -}}
{{- $minioSecretB64 := (get $existingData "MINIO_SECRET_ACCESS_KEY") | default (randAlphaNum 40 | b64enc) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "tline.secretName" . }}
labels:
{{ include "tline.labels" . | indent 4 }}
type: Opaque
data:
POSTGRES_PASSWORD: {{ .Values.secrets.postgres.password | default ($pgPassB64 | b64dec) | b64enc }}
MINIO_ACCESS_KEY_ID: {{ .Values.secrets.minio.accessKeyId | default ($minioKeyB64 | b64dec) | b64enc }}
MINIO_SECRET_ACCESS_KEY: {{ .Values.secrets.minio.secretAccessKey | default ($minioSecretB64 | b64dec) | b64enc }}
{{- end }}
{{- if .Values.registrySecret.create -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "tline.registrySecretName" . }}
labels:
{{ include "tline.labels" . | indent 4 }}
type: kubernetes.io/dockerconfigjson
{{ $server := required "registrySecret.server is required" .Values.registrySecret.server -}}
{{ $user := .Values.registrySecret.username | default "" -}}
{{ $pass := required "registrySecret.password is required" .Values.registrySecret.password -}}
{{ $email := .Values.registrySecret.email | default "" -}}
{{ $auth := printf "%s:%s" $user $pass | b64enc -}}
{{ $cfg := dict "auths" (dict $server (dict "username" $user "password" $pass "email" $email "auth" $auth)) -}}
data:
.dockerconfigjson: {{ $cfg | toJson | b64enc }}
{{- end }}

27
helm/porthole/templates/service-minio-tailscale-console.yaml.tpl Normal file
View File

@@ -0,0 +1,27 @@
{{- if and .Values.global.tailscale.enabled .Values.minio.enabled .Values.minio.tailscaleServiceConsole.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio-ts-console") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: minio
annotations:
tailscale.com/hostname: {{ .Values.minio.tailscaleServiceConsole.hostnameLabel | quote }}
{{- if .Values.minio.tailscaleServiceConsole.tags }}
tailscale.com/tags: {{ join "," .Values.minio.tailscaleServiceConsole.tags | quote }}
{{- end }}
{{- with .Values.minio.tailscaleServiceConsole.extraAnnotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
type: LoadBalancer
loadBalancerClass: tailscale
ports:
- name: console
port: 443
targetPort: console
selector:
{{ include "tline.selectorLabels" . | indent 4 }}
app.kubernetes.io/component: minio
{{- end }}

27
helm/porthole/templates/service-minio-tailscale-s3.yaml.tpl Normal file
View File

@@ -0,0 +1,27 @@
{{- if and .Values.global.tailscale.enabled .Values.minio.enabled .Values.minio.tailscaleServiceS3.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio-ts-s3") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: minio
annotations:
tailscale.com/hostname: {{ .Values.minio.tailscaleServiceS3.hostnameLabel | quote }}
{{- if .Values.minio.tailscaleServiceS3.tags }}
tailscale.com/tags: {{ join "," .Values.minio.tailscaleServiceS3.tags | quote }}
{{- end }}
{{- with .Values.minio.tailscaleServiceS3.extraAnnotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
type: LoadBalancer
loadBalancerClass: tailscale
ports:
- name: s3
port: 443
targetPort: s3
selector:
{{ include "tline.selectorLabels" . | indent 4 }}
app.kubernetes.io/component: minio
{{- end }}

89
helm/porthole/templates/web.yaml.tpl Normal file
View File

@@ -0,0 +1,89 @@
{{- if .Values.web.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "web") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: web
spec:
type: ClusterIP
ports:
- name: http
port: {{ .Values.web.service.port }}
targetPort: http
selector:
{{ include "tline.selectorLabels" . | indent 4 }}
app.kubernetes.io/component: web
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "web") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: web
spec:
replicas: {{ .Values.web.replicas }}
selector:
matchLabels:
{{ include "tline.selectorLabels" . | indent 6 }}
app.kubernetes.io/component: web
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: web
spec:
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.web.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.web.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: web
image: {{ include "tline.image" (dict "repository" .Values.images.web.repository "tag" .Values.images.web.tag) | quote }}
imagePullPolicy: {{ .Values.images.web.pullPolicy }}
ports:
- name: http
containerPort: 3000
envFrom:
- configMapRef:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "config") }}
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: POSTGRES_PASSWORD
- name: MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_ACCESS_KEY_ID
- name: MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_SECRET_ACCESS_KEY
readinessProbe:
httpGet:
path: /api/healthz
port: http
initialDelaySeconds: 5
periodSeconds: 5
livenessProbe:
httpGet:
path: /api/healthz
port: http
initialDelaySeconds: 20
periodSeconds: 10
resources:
{{ toYaml .Values.web.resources | indent 12 }}
{{- end }}

57
helm/porthole/templates/worker.yaml.tpl Normal file
View File

@@ -0,0 +1,57 @@
{{- if .Values.worker.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "worker") }}
labels:
{{ include "tline.labels" . | indent 4 }}
app.kubernetes.io/component: worker
spec:
replicas: {{ .Values.worker.replicas }}
selector:
matchLabels:
{{ include "tline.selectorLabels" . | indent 6 }}
app.kubernetes.io/component: worker
template:
metadata:
labels:
{{ include "tline.selectorLabels" . | indent 8 }}
app.kubernetes.io/component: worker
spec:
{{ include "tline.imagePullSecrets" . | indent 6 }}
{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.worker.schedulingClass) }}
{{- if $aff }}
affinity:
{{ $aff | indent 8 }}
{{- end }}
{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.worker.schedulingClass) }}
{{- if $tols }}
tolerations:
{{ $tols | indent 8 }}
{{- end }}
containers:
- name: worker
image: {{ include "tline.image" (dict "repository" .Values.images.worker.repository "tag" .Values.images.worker.tag) | quote }}
imagePullPolicy: {{ .Values.images.worker.pullPolicy }}
envFrom:
- configMapRef:
name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "config") }}
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: POSTGRES_PASSWORD
- name: MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_ACCESS_KEY_ID
- name: MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "tline.secretName" . }}
key: MINIO_SECRET_ACCESS_KEY
resources:
{{ toYaml .Values.worker.resources | indent 12 }}
{{- end }}

256
helm/porthole/values.yaml Normal file
View File

@@ -0,0 +1,256 @@
global:
nameOverride: ""
fullnameOverride: ""
storageClass: ""
tailscale:
enabled: true
ingressClassName: tailscale
tailnetFQDN: "" # e.g. tailxyz.ts.net
proxyGroup:
enabled: false
create: false
name: ingress-proxies
tags: []
scheduling:
compute:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-class
operator: In
values:
- compute
tolerations: []
app:
name: porthole
queueName: porthole
# Optional overrides when bringing your own services.
databaseUrl: "" # defaults to in-chart Postgres when empty
redisUrl: "" # defaults to in-chart Redis when empty
minio:
bucket: media
region: us-east-1
presignExpiresSeconds: 900
publicEndpointTs: "" # optional if global.tailscale.tailnetFQDN is set (defaults to https://minio.<tailnet-fqdn>)
internalEndpoint: "" # defaults to in-chart MinIO when empty
secrets:
existingSecret: "" # if set, chart will not create secrets
postgres:
user: porthole
password: "" # REQUIRED if not using existingSecret
database: porthole
minio:
accessKeyId: "" # REQUIRED if not using existingSecret
secretAccessKey: "" # REQUIRED if not using existingSecret
images:
web:
# Default is a local/in-cluster registry example; override for your environment.
repository: registry.lan:5000/porthole-web
tag: dev
pullPolicy: IfNotPresent
worker:
# Default is a local/in-cluster registry example; override for your environment.
repository: registry.lan:5000/porthole-worker
tag: dev
pullPolicy: IfNotPresent
postgres:
repository: postgres
tag: "16"
pullPolicy: IfNotPresent
redis:
repository: redis
tag: "7"
pullPolicy: IfNotPresent
minio:
repository: minio/minio
tag: RELEASE.2024-01-16T16-07-38Z
pullPolicy: IfNotPresent
# Optional: secrets used for pulling container images.
# Each entry is a Secret name in the same namespace.
imagePullSecrets: []
# Optional: create a docker-registry Secret from values.
# This is convenient for private/local deployments, but stores credentials in values.
registrySecret:
create: false
name: "" # defaults to <release>-<chart>-registry
server: "" # e.g. registry.lan:5000
username: ""
password: ""
email: ""
web:
enabled: true
replicas: 1
schedulingClass: compute
service:
port: 3000
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
ingress:
enabled: true
hostnameLabel: app
path: /
pathType: Prefix
tags: []
funnel: false
extraAnnotations: {}
worker:
enabled: true
replicas: 1
schedulingClass: compute
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 2Gi
postgres:
enabled: true
schedulingClass: compute
service:
port: 5432
storage:
size: 20Gi
storageClass: "" # defaults to global.storageClass
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1500m
memory: 2Gi
redis:
enabled: true
schedulingClass: compute
service:
port: 6379
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 300m
memory: 512Mi
minio:
enabled: true
schedulingClass: compute
service:
s3Port: 9000
consolePort: 9001
# Optional: expose MinIO S3 API via a Tailscale LoadBalancer Service
# instead of (or in addition to) Tailscale Ingress.
# This can be more reliable for streaming / Range requests depending on
# Tailscale operator + cluster behavior.
tailscaleServiceS3:
enabled: false
hostnameLabel: minio
tags: []
extraAnnotations: {}
tailscaleServiceConsole:
enabled: false
hostnameLabel: minio-console
tags: []
extraAnnotations: {}
# When true, disable the MinIO S3 Ingress when S3 service is enabled.
ingressS3DisabledWhenTailscaleService: true
# When true, disable the MinIO console Ingress when console service is enabled.
ingressConsoleDisabledWhenTailscaleService: true
storage:
size: 200Gi
storageClass: "" # defaults to global.storageClass
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1500m
memory: 2Gi
ingressS3:
enabled: true
hostnameLabel: minio
path: /
pathType: Prefix
tags: []
funnel: false
extraAnnotations: {}
ingressConsole:
enabled: true
hostnameLabel: minio-console
path: /
pathType: Prefix
tags: []
funnel: false
extraAnnotations: {}
jobs:
ensureBucket:
enabled: false
image:
repository: minio/mc
tag: RELEASE.2024-01-16T16-07-38Z
pullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 300m
memory: 256Mi
migrate:
enabled: true
image:
repository: "" # defaults to images.worker.repository when empty
tag: "" # defaults to images.worker.tag when empty
pullPolicy: "" # defaults to images.worker.pullPolicy when empty
cronjobs:
cleanupStaging:
enabled: false
schedule: "0 4 * * *"
# Remove objects under `staging/` older than this many days.
# This CronJob must never touch `originals/`.
olderThanDays: 14
image:
repository: minio/mc
tag: RELEASE.2024-01-16T16-07-38Z
pullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 300m
memory: 256Mi