feat: add terraform deployment for K8s invidious

2024-10-17 00:00:00 +00:00 · 2024-10-17 00:00:00 +00:00 · 904b067816
commit 904b067816
parent ff7c9d8b91
10 changed files with 572 additions and 0 deletions
--- a/deployments/invidious/variables.tf
+++ b/deployments/invidious/variables.tf
@ -0,0 +1,286 @@
+# SPDX-License-Identifier: GPL-2.0-only
+## Providers
+variable "kubeconfig_path" {
+  default     = "~/.kube/config"
+  description = "Path to the kubeconfig file"
+  type        = string
+  nullable    = false
+}
+
+variable "kubeconfig_context" {
+  default     = "default"
+  description = "Context to use to access the cluster"
+  type        = string
+  nullable    = false
+}
+
+## Application
+variable "app_name" {
+  default     = "invidious"
+  description = "Application name, used by various resources such as deployment, ingress, container, ..."
+  type        = string
+  nullable    = false
+  validation {
+    condition     = length(regexall("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*", var.app_name)) > 0
+    error_message = "Invalid value for 'app_name', must respect RFC 1123"
+  }
+}
+
+variable "app_configuration" {
+  default = {
+    INVIDIOUS_CONFIG = <<EOC
+captcha_enabled: false
+channel_threads: 1
+db:
+  dbname: invidious
+  host: changeme
+  password: 'changeme'
+  port: 5432
+  user: changeme
+signature_server: 127.0.0.1:12999
+visitor_data: changeme
+po_token: changeme
+hmac_key: changeme
+domain: changeme
+external_port: 443
+port: 3000
+https_only: true
+feed_threads: 1
+full_refresh: true
+popular_enabled: false
+default_user_preferences:
+  autoplay: true
+  captions:
+    - French
+    - English
+    - English (auto-generated)
+  continue: true
+  continue_autoplay: true
+  dark_mode: dark
+  default_home: Subscriptions
+  feed_menu:
+    - Subscriptions
+    - Playlists
+  quality: dash
+  quality_dash: best
+  region: FR
+  save_player_pos: true
+  volume: 75
+    EOC
+  }
+  description = "Invidious configuration passed as an environment variable called INVIDIOUS_CONFIG"
+  type  = object({INVIDIOUS_CONFIG=string})
+  nullable = false
+  validation {
+    condition = !strcontains(var.app_configuration.INVIDIOUS_CONFIG, "changeme")
+    error_message = "Some required variables are not correctly set; review DB configuration and values marked 'changeme'"
+  }
+}
+
+variable "app_version" {
+  default     = "latest"
+  description = "Version of the application"
+  type        = string
+}
+
+variable "app_namespace" {
+  default     = "default"
+  description = "Namespace used to deploy app resources"
+  type        = string
+  nullable    = false
+}
+
+## Deployment
+variable "deployment_annotations" {
+  default     = {}
+  description = "Annotations for the deployment resource"
+  type        = map(any)
+}
+
+variable "deployment_additional_labels" {
+  default     = {}
+  description = "Additionnal labels for the deployment resource"
+  type        = map(any)
+}
+
+## Pods
+variable "pods_annotations" {
+  default     = {}
+  description = "Annotations for the deployment resource"
+  type        = map(any)
+}
+
+variable "pods_additional_labels" {
+  default     = {}
+  description = "Additionnal labels for the deployment resource"
+  type        = map(any)
+}
+
+## Containers
+variable "container_invidious_image" {
+  default     = "quay.io/invidious/invidious:latest"
+  description = "Image to use for the web app"
+  type        = string
+  nullable    = false
+}
+
+variable "container_invidious_image_pull_policy" {
+  default     = "IfNotPresent"
+  description = "Pull policy; valid values are 'Always', 'IfNotPresent', 'Never'"
+  type        = string
+
+  validation {
+    condition     = contains(["Always", "IfNotPresent", "Never"], var.container_invidious_image_pull_policy)
+    error_message = "Invalid value for 'image_pull_policy'"
+  }
+}
+
+variable "container_iv_sig_helper_image" {
+  default     = "quay.io/invidious/inv-sig-helper:latest"
+  description = "Image to use for the IV Sig helper service"
+  type        = string
+  nullable    = false
+}
+
+variable "container_iv_sig_helper_image_pull_policy" {
+  default     = "IfNotPresent"
+  description = "Pull policy; valid values are 'Always', 'IfNotPresent', 'Never'"
+  type        = string
+
+  validation {
+    condition     = contains(["Always", "IfNotPresent", "Never"], var.container_iv_sig_helper_image_pull_policy)
+    error_message = "Invalid value for 'image_pull_policy'"
+  }
+}
+
+variable "container_invidious_resources_requests" {
+  default = {
+    cpu    = "1500m"
+    memory = "4096Mi"
+  }
+  description = "Resources requests for the app container; supports 'cpu', 'memory', 'hugepages-2Mi' and 'hugepages-1Gi'"
+  type = object(
+    {
+      cpu           = optional(string)
+      memory        = optional(string)
+      hugepages-2Mi = optional(string)
+      hugepages-1Gi = optional(string)
+    }
+  )
+}
+
+variable "container_iv_sig_helper_resources_requests" {
+  default = {
+    cpu    = "500m"
+    memory = "256Mi"
+  }
+  description = "Resources requests for the sig helper container; supports 'cpu', 'memory', 'hugepages-2Mi' and 'hugepages-1Gi'"
+  type = object(
+    {
+      cpu           = optional(string)
+      memory        = optional(string)
+      hugepages-2Mi = optional(string)
+      hugepages-1Gi = optional(string)
+    }
+  )
+}
+
+## Configuration
+variable "secret_annotations" {
+  default     = {}
+  description = "Annotations for the Secret resource"
+  type        = map(any)
+}
+
+variable "secret_additional_labels" {
+  default     = {}
+  description = "Additional app Secret labels"
+  type        = map(any)
+}
+
+## Service
+variable "service_container_port" {
+  default     = 3000
+  description = "HTTP port used by the container"
+  type        = number
+  nullable    = false
+}
+
+variable "service_additional_labels" {
+  default     = {}
+  description = "Additional labels for the service resource"
+  type        = map(any)
+}
+
+variable "service_type" {
+  default     = "ClusterIP"
+  description = "Type of the service resource"
+  type        = string
+}
+
+## Ingress
+variable "use_ingress" {
+  default     = true
+  description = "Whether to use an ingress or not"
+  type        = bool
+}
+
+variable "ingress_controller" {
+  default     = "traefik"
+  description = "Type of ingress controller used; only traefik is supported at the moment"
+  type        = string
+  nullable    = false
+  validation {
+    condition     = can(contains(["traefik"], var.ingress_controller))
+    error_message = "Invalid value for 'ingress_controller'"
+  }
+}
+
+variable "ingress_annotations" {
+  default     = {}
+  description = "Ingress resource annotations"
+  type        = map(any)
+}
+
+variable "ingress_additional_labels" {
+  default     = {}
+  description = "Ingress resource annotations"
+  type        = map(any)
+}
+
+variable "ingress_host_url" {
+  description = "Host used for the app, without the protocol prefix"
+  type        = string
+  nullable    = false
+}
+
+variable "traefik_entrypoints" {
+  default     = ["websecure"]
+  description = "List of entrypoints used for the IngressTCP Traefik CRD"
+  type        = list(string)
+  nullable    = false
+}
+
+## Service account
+variable "service_account_name" {
+  default     = "invidious"
+  description = "Service account used for web app"
+  type        = string
+  nullable    = false
+  validation {
+    condition     = length(regexall("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*", var.service_account_name)) > 0
+    error_message = "Invalid value for 'service_account_name', must respect RFC 1123"
+  }
+}
+
+variable "service_account_additional_annotations" {
+  default     = {}
+  description = "Additional annotations for the app's service account"
+  type        = map(any)
+}
+
+variable "service_account_labels" {
+  default     = {}
+  description = "Labels for the service account used by the app"
+  type        = map(any)
+}