286 lines
7.3 KiB
HCL
286 lines
7.3 KiB
HCL
# SPDX-License-Identifier: GPL-2.0-only
|
|
## Providers
|
|
variable "kubeconfig_path" {
|
|
default = "~/.kube/config"
|
|
description = "Path to the kubeconfig file"
|
|
type = string
|
|
nullable = false
|
|
}
|
|
|
|
variable "kubeconfig_context" {
|
|
default = "default"
|
|
description = "Context to use to access the cluster"
|
|
type = string
|
|
nullable = false
|
|
}
|
|
|
|
## Application
|
|
variable "app_name" {
|
|
default = "invidious"
|
|
description = "Application name, used by various resources such as deployment, ingress, container, ..."
|
|
type = string
|
|
nullable = false
|
|
validation {
|
|
condition = length(regexall("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*", var.app_name)) > 0
|
|
error_message = "Invalid value for 'app_name', must respect RFC 1123"
|
|
}
|
|
}
|
|
|
|
variable "app_configuration" {
|
|
default = {
|
|
INVIDIOUS_CONFIG = <<EOC
|
|
captcha_enabled: false
|
|
channel_threads: 1
|
|
db:
|
|
dbname: invidious
|
|
host: changeme
|
|
password: 'changeme'
|
|
port: 5432
|
|
user: changeme
|
|
signature_server: 127.0.0.1:12999
|
|
visitor_data: changeme
|
|
po_token: changeme
|
|
hmac_key: changeme
|
|
domain: changeme
|
|
external_port: 443
|
|
port: 3000
|
|
https_only: true
|
|
feed_threads: 1
|
|
full_refresh: true
|
|
popular_enabled: false
|
|
default_user_preferences:
|
|
autoplay: true
|
|
captions:
|
|
- French
|
|
- English
|
|
- English (auto-generated)
|
|
continue: true
|
|
continue_autoplay: true
|
|
dark_mode: dark
|
|
default_home: Subscriptions
|
|
feed_menu:
|
|
- Subscriptions
|
|
- Playlists
|
|
quality: dash
|
|
quality_dash: best
|
|
region: FR
|
|
save_player_pos: true
|
|
volume: 75
|
|
EOC
|
|
}
|
|
description = "Invidious configuration passed as an environment variable called INVIDIOUS_CONFIG"
|
|
type = object({INVIDIOUS_CONFIG=string})
|
|
nullable = false
|
|
validation {
|
|
condition = !strcontains(var.app_configuration.INVIDIOUS_CONFIG, "changeme")
|
|
error_message = "Some required variables are not correctly set; review DB configuration and values marked 'changeme'"
|
|
}
|
|
}
|
|
|
|
variable "app_version" {
|
|
default = "latest"
|
|
description = "Version of the application"
|
|
type = string
|
|
}
|
|
|
|
variable "app_namespace" {
|
|
default = "default"
|
|
description = "Namespace used to deploy app resources"
|
|
type = string
|
|
nullable = false
|
|
}
|
|
|
|
## Deployment
|
|
variable "deployment_annotations" {
|
|
default = {}
|
|
description = "Annotations for the deployment resource"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "deployment_additional_labels" {
|
|
default = {}
|
|
description = "Additionnal labels for the deployment resource"
|
|
type = map(any)
|
|
}
|
|
|
|
## Pods
|
|
variable "pods_annotations" {
|
|
default = {}
|
|
description = "Annotations for the deployment resource"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "pods_additional_labels" {
|
|
default = {}
|
|
description = "Additionnal labels for the deployment resource"
|
|
type = map(any)
|
|
}
|
|
|
|
## Containers
|
|
variable "container_invidious_image" {
|
|
default = "quay.io/invidious/invidious:latest"
|
|
description = "Image to use for the web app"
|
|
type = string
|
|
nullable = false
|
|
}
|
|
|
|
variable "container_invidious_image_pull_policy" {
|
|
default = "IfNotPresent"
|
|
description = "Pull policy; valid values are 'Always', 'IfNotPresent', 'Never'"
|
|
type = string
|
|
|
|
validation {
|
|
condition = contains(["Always", "IfNotPresent", "Never"], var.container_invidious_image_pull_policy)
|
|
error_message = "Invalid value for 'image_pull_policy'"
|
|
}
|
|
}
|
|
|
|
variable "container_iv_sig_helper_image" {
|
|
default = "quay.io/invidious/inv-sig-helper:latest"
|
|
description = "Image to use for the IV Sig helper service"
|
|
type = string
|
|
nullable = false
|
|
}
|
|
|
|
variable "container_iv_sig_helper_image_pull_policy" {
|
|
default = "IfNotPresent"
|
|
description = "Pull policy; valid values are 'Always', 'IfNotPresent', 'Never'"
|
|
type = string
|
|
|
|
validation {
|
|
condition = contains(["Always", "IfNotPresent", "Never"], var.container_iv_sig_helper_image_pull_policy)
|
|
error_message = "Invalid value for 'image_pull_policy'"
|
|
}
|
|
}
|
|
|
|
variable "container_invidious_resources_requests" {
|
|
default = {
|
|
cpu = "1500m"
|
|
memory = "4096Mi"
|
|
}
|
|
description = "Resources requests for the app container; supports 'cpu', 'memory', 'hugepages-2Mi' and 'hugepages-1Gi'"
|
|
type = object(
|
|
{
|
|
cpu = optional(string)
|
|
memory = optional(string)
|
|
hugepages-2Mi = optional(string)
|
|
hugepages-1Gi = optional(string)
|
|
}
|
|
)
|
|
}
|
|
|
|
variable "container_iv_sig_helper_resources_requests" {
|
|
default = {
|
|
cpu = "500m"
|
|
memory = "256Mi"
|
|
}
|
|
description = "Resources requests for the sig helper container; supports 'cpu', 'memory', 'hugepages-2Mi' and 'hugepages-1Gi'"
|
|
type = object(
|
|
{
|
|
cpu = optional(string)
|
|
memory = optional(string)
|
|
hugepages-2Mi = optional(string)
|
|
hugepages-1Gi = optional(string)
|
|
}
|
|
)
|
|
}
|
|
|
|
## Configuration
|
|
variable "secret_annotations" {
|
|
default = {}
|
|
description = "Annotations for the Secret resource"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "secret_additional_labels" {
|
|
default = {}
|
|
description = "Additional app Secret labels"
|
|
type = map(any)
|
|
}
|
|
|
|
## Service
|
|
variable "service_container_port" {
|
|
default = 3000
|
|
description = "HTTP port used by the container"
|
|
type = number
|
|
nullable = false
|
|
}
|
|
|
|
variable "service_additional_labels" {
|
|
default = {}
|
|
description = "Additional labels for the service resource"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "service_type" {
|
|
default = "ClusterIP"
|
|
description = "Type of the service resource"
|
|
type = string
|
|
}
|
|
|
|
## Ingress
|
|
variable "use_ingress" {
|
|
default = true
|
|
description = "Whether to use an ingress or not"
|
|
type = bool
|
|
}
|
|
|
|
variable "ingress_controller" {
|
|
default = "traefik"
|
|
description = "Type of ingress controller used; only traefik is supported at the moment"
|
|
type = string
|
|
nullable = false
|
|
validation {
|
|
condition = can(contains(["traefik"], var.ingress_controller))
|
|
error_message = "Invalid value for 'ingress_controller'"
|
|
}
|
|
}
|
|
|
|
variable "ingress_annotations" {
|
|
default = {}
|
|
description = "Ingress resource annotations"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "ingress_additional_labels" {
|
|
default = {}
|
|
description = "Ingress resource annotations"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "ingress_host_url" {
|
|
description = "Host used for the app, without the protocol prefix"
|
|
type = string
|
|
nullable = false
|
|
}
|
|
|
|
variable "traefik_entrypoints" {
|
|
default = ["websecure"]
|
|
description = "List of entrypoints used for the IngressTCP Traefik CRD"
|
|
type = list(string)
|
|
nullable = false
|
|
}
|
|
|
|
## Service account
|
|
variable "service_account_name" {
|
|
default = "invidious"
|
|
description = "Service account used for web app"
|
|
type = string
|
|
nullable = false
|
|
validation {
|
|
condition = length(regexall("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*", var.service_account_name)) > 0
|
|
error_message = "Invalid value for 'service_account_name', must respect RFC 1123"
|
|
}
|
|
}
|
|
|
|
variable "service_account_additional_annotations" {
|
|
default = {}
|
|
description = "Additional annotations for the app's service account"
|
|
type = map(any)
|
|
}
|
|
|
|
variable "service_account_labels" {
|
|
default = {}
|
|
description = "Labels for the service account used by the app"
|
|
type = map(any)
|
|
}
|