mirror of https://github.com/FreshRSS/FreshRSS.git
Merge 38c118c76f
into 08d6328975
This commit is contained in:
commit
18d923a13d
|
@ -25,10 +25,14 @@ indent_style = tab
|
|||
[*.svg]
|
||||
indent_style = tab
|
||||
|
||||
[*.tpl]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
|
||||
[*.xml]
|
||||
indent_style = tab
|
||||
|
||||
[*.yml]
|
||||
[*.{yaml,yml}]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v2
|
||||
name: freshrss
|
||||
description: A Helm chart for FreshRSS
|
||||
version: 0.1.0
|
|
@ -0,0 +1,21 @@
|
|||
This documentation needs heavy re-working.
|
||||
|
||||
Step 1. Add Repo.
|
||||
|
||||
![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/b25b1cb5-91a0-48ca-ae00-a60edc6dc495)
|
||||
|
||||
Step 2. View Charts. Click FreshRSS
|
||||
|
||||
![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/4e8f5982-fd38-41e1-8d42-336c1e826423)
|
||||
|
||||
Step 3. Click Install
|
||||
|
||||
Give unique namespace, and name. Click Customize.
|
||||
|
||||
![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/cbce0cb0-ca73-4ffb-94a2-2771901e71d7)
|
||||
|
||||
At a minimum, set an ingress rule.
|
||||
|
||||
Install.
|
||||
|
||||
![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/b10532de-bb51-4b13-b428-dddc68630154)
|
|
@ -0,0 +1,24 @@
|
|||
## Manifests for deploying FreshRSS
|
||||
|
||||
Note-
|
||||
|
||||
1. Edit freshrss-config, and freshrss-secrets to add desired configuration.
|
||||
2. If you use traefik, and prefer IngressRoute, install Traefik-Ingressroute.yaml. Otherwise, use ingress.yaml.
|
||||
|
||||
To install, download the manifests to your computer. Run the below script.
|
||||
|
||||
```sh
|
||||
# Define the namespace
|
||||
kubectl apply -f namespace.yaml
|
||||
|
||||
# Deploy resources in the namespace
|
||||
kubectl apply -n freshrss -f pvc.yaml
|
||||
kubectl apply -n freshrss -f freshrss-config.yaml
|
||||
kubectl apply -n freshrss -f freshrss-secrets.yaml
|
||||
kubectl apply -n freshrss -f deployment-freshrss.yaml
|
||||
kubectl apply -n freshrss -f service.yaml
|
||||
kubectl apply -n freshrss -f ingress.yaml
|
||||
|
||||
# Apply Traefik IngressRoute if Traefik is your Ingress Controller
|
||||
# kubectl apply -n freshrss -f Traefik-IngressRoute.yaml
|
||||
```
|
|
@ -0,0 +1,82 @@
|
|||
{{/*
|
||||
Generate a name based on the release name and chart name.
|
||||
*/}}
|
||||
|
||||
{{- define "freshrss.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "freshrss.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "freshrss.namespace" -}}
|
||||
{{- if .Values.namespaceOverride }}
|
||||
{{- .Values.namespaceOverride }}
|
||||
{{- else }}
|
||||
{{- .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
# Data PVC name.
|
||||
{{- define "freshrss.dataPVC" -}}
|
||||
{{- if .Values.persistence.existingPVCName }}
|
||||
{{- .Values.persistence.existingPVCName }}
|
||||
{{- else }}
|
||||
{{- .Release.Name }}-data
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "freshrss.labels" -}}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/name: {{ template "freshrss.name" . }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | default "" }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
|
||||
{{- with .Values.extraLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "freshrss.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "freshrss.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Looks if there's an existing secret and reuse its password. If not it generates
|
||||
new password and use it.
|
||||
*/}}
|
||||
{{- define "freshrss.cryptokey" -}}
|
||||
{{- $secret := (lookup "v1" "Secret" (include "freshrss.namespace" .) (include "freshrss.fullname" .) ) }}
|
||||
{{- if $secret }}
|
||||
{{- index $secret "data" "OIDC_CLIENT_CRYPTO_KEY" }}
|
||||
{{- else }}
|
||||
{{- (randAlphaNum 40) | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,21 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "freshrss.fullname" . }}
|
||||
namespace: {{ include "freshrss.namespace" . }}
|
||||
labels:
|
||||
{{- include "freshrss.labels" . | nindent 4 }}
|
||||
data:
|
||||
{{- if .Values.oidc.enabled -}}
|
||||
OIDC_ENABLED: "1"
|
||||
OIDC_PROVIDER_METADATA_URL: {{ .Values.oidc.providerMetadataUrl | default "" | quote }}
|
||||
OIDC_REMOTE_USER_CLAIM: {{ .Values.oidc.remoteUserClaim | default "preferred_username" | quote }}
|
||||
OIDC_CLIENT_ID: {{ .Values.oidc.clientId | default "" | quote }}
|
||||
OIDC_SCOPES: {{ .Values.oidc.scopes | default "openid profile" | quote }}
|
||||
OIDC_X_FORWARDED_HEADERS: {{ .Values.oidc.xForwardedHeaders | default "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto" | quote }}
|
||||
{{- else }}
|
||||
OIDC_ENABLED: "0"
|
||||
{{- end }}
|
||||
CRON_MIN: {{ .Values.freshrss.CRON_MIN | default "*/15" | quote }}
|
||||
LISTEN: {{ .Values.freshrss.PORT | quote }}
|
||||
FRESHRSS_ENV: {{ .Values.freshrss.FRESHRSS_ENV | default "production" | quote }}
|
|
@ -0,0 +1,28 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "freshrss.fullname" . }}-ingress
|
||||
namespace: {{ include "freshrss.namespace" . }}
|
||||
labels:
|
||||
{{- include "freshrss.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ tpl $value $ | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
rules:
|
||||
- host: {{ .Values.ingress.host | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ .Values.ingress.path | quote}}
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "freshrss.fullname" . | quote}}
|
||||
port:
|
||||
number: {{ .Values.freshrss.PORT }}
|
|
@ -0,0 +1,22 @@
|
|||
{{- if .Values.persistence.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "freshrss.dataPVC" . }}
|
||||
namespace: {{ include "freshrss.namespace" . }}
|
||||
labels:
|
||||
{{- include "freshrss.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "freshrss.fullname" . }}
|
||||
namespace: {{ include "freshrss.namespace" . }}
|
||||
labels:
|
||||
{{- include "freshrss.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if .Values.oidc.secrets }}
|
||||
OIDC_CLIENT_SECRET: {{ .Values.oidc.secrets.clientSecret | b64enc | quote }}
|
||||
|
||||
{{- if .Values.oidc.secrets.clientCryptoKey }}
|
||||
OIDC_CLIENT_CRYPTO_KEY: {{ .Values.oidc.secrets.clientCryptoKey | b64enc | quote }}
|
||||
{{- else }}
|
||||
OIDC_CLIENT_CRYPTO_KEY: {{ include "freshrss.cryptokey" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
|
@ -0,0 +1,52 @@
|
|||
{{- if .Values.service.enabled }}
|
||||
{{- $root := . }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "freshrss.fullname" . }}
|
||||
namespace: {{ include "freshrss.namespace" . }}
|
||||
labels:
|
||||
{{- include "freshrss.labels" . | nindent 4 }}
|
||||
{{- with .Values.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml . | nindent 4) $root }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
|
||||
type: ClusterIP
|
||||
{{- with .Values.service.clusterIP }}
|
||||
clusterIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- with .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "freshrss.selectorLabels" . | nindent 4 }}
|
||||
ports:
|
||||
- name: {{ .Values.service.portName }}
|
||||
port: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.freshrss.PORT }}
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,51 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "freshrss.fullname" . }}
|
||||
namespace: {{ include "freshrss.namespace" . }}
|
||||
labels:
|
||||
{{- include "freshrss.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: app
|
||||
spec:
|
||||
replicas: 1
|
||||
serviceName: freshrss
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "freshrss.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "freshrss.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "freshrss.dataPVC" . }}
|
||||
containers:
|
||||
- name: freshrss
|
||||
image: freshrss/freshrss:{{ .Values.image.tag }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "freshrss.fullname" . }}
|
||||
optional: true
|
||||
- secretRef:
|
||||
name: {{ include "freshrss.fullname" . }}
|
||||
optional: true
|
||||
volumeMounts:
|
||||
# Add other volume mounts / subpaths as needed.
|
||||
- mountPath: "/var/www/FreshRSS/data"
|
||||
name: data
|
||||
subPath: www/freshrss/data
|
||||
ports:
|
||||
- containerPort: {{ .Values.freshrss.PORT }}
|
||||
name: http
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- "curl -fsS 'http://localhost/i/' | grep -q 'jsonVars' || exit 1"
|
||||
initialDelaySeconds: 8
|
||||
periodSeconds: 67
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
|
@ -0,0 +1,51 @@
|
|||
# Configuration for the Docker image used in the deployment
|
||||
image:
|
||||
tag: latest
|
||||
|
||||
# FreshRSS specific configuration
|
||||
# See https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/README.md
|
||||
freshrss:
|
||||
CRON_MIN: "*/15" # Cron timer schedule for FreshRSS. See https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/README.md#environment-variables -> CRON_MIN
|
||||
FRESHRSS_ENV: "production" # Set to "development" to increase logging verbosity.
|
||||
PORT: 80 # Port which freshrss will listen on. This also updates the ingress.
|
||||
|
||||
# OpenID Connect (OIDC) configuration
|
||||
# See https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html
|
||||
oidc:
|
||||
enabled: false # Enable or disable OIDC
|
||||
providerMetadataUrl: "" # URL to OIDC provider metadata
|
||||
remoteUserClaim: preferred_username # OIDC claim for remote user
|
||||
clientId: "" # OIDC client ID This comes from your SSO/OIDC Provider)
|
||||
scopes: "openid profile" # OIDC scopes
|
||||
xForwardedHeaders: "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto" # Headers for OIDC
|
||||
secrets:
|
||||
clientSecret: "" # OIDC Secret. (This comes from your SSO/OIDC Provider)
|
||||
clientCryptoKey: "" # Random value will be automatically generated, if not provided.
|
||||
|
||||
# Ingress configuration
|
||||
ingress:
|
||||
enabled: true # Enable or disable Ingress
|
||||
host: "freshrss.yourdomain.com" # Host for Ingress.
|
||||
path: "/" # Path for Ingress
|
||||
annotations: {}
|
||||
|
||||
# Persistence configuration for storage
|
||||
persistence:
|
||||
enabled: true # Enable or disable persistent storage
|
||||
existingPVCName: "" # Name of an existing PVC to reuse (leave empty to create a new PVC)
|
||||
# storageClassName: "-" # Storage class name (uncomment to specify)
|
||||
accessMode: ReadWriteOnce # Access mode for storage
|
||||
size: "5Gi" # Size of the persistent volume
|
||||
|
||||
# Kubernetes Service Configuration
|
||||
service:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
## Service annotations. Can be templated.
|
||||
annotations: {}
|
||||
labels: {}
|
||||
portName: service
|
||||
|
||||
# Extra labels which will be applied to all created resources.
|
||||
extraLabels: {}
|
Binary file not shown.
Loading…
Reference in New Issue