Skip to content

Latest commit

 

History

History

podsync

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
templates
templates
 
 
tests
tests
 
 
.helmignore
.helmignore
 
 
.kube-linter.yaml
.kube-linter.yaml
 
 
Chart.yaml
Chart.yaml
 
 
README.md
README.md
 
 
values.yaml
values.yaml
 
 

README.md

my0n/podsync

An unofficial helm chart for podsync (currently using this version for yt-dlp support).

This chart is not maintained by the upstream project and any issues with the chart should be raised here.

Example usage

Install the helm chart:

helm repo add my0n https://my0n.github.io/helm-charts
helm repo update
helm install podsync my0n/podsync -f values.yaml

Sample values.yaml given below; see values.yaml for more details.

# values.yaml
configuration:
  template: |
    [server]
    hostname = "http://${PODSYNC_HOST}"
    port = ${PODSYNC_PORT}
    data_dir = "${PODSYNC_DATA_DIR}"

    [tokens]
    youtube = "${PODSYNC_YOUTUBE_KEY}"

    [feeds]
      [feeds.ID1]
      url = "https://www.youtube.com/channel/UCxC5Ls6DwqV0e-CYcAKkExQ"
  env:
    - name: PODSYNC_YOUTUBE_KEY
      valueFrom:
        secretKeyRef:
          name: youtube-api-key
          key: apiKey
persistence:
  enabled: true
  size: 100Gi
ingress:
  enabled: true
  host: podsync.example.local

Example kubernetes secret:

# youtube-api-key.yaml
apiVersion: v1
kind: Secret
metadata:
  name: youtube-api-key
  namespace: default
type: Opaque
data:
  apiKey: WU9VUl9ZT1VUVUJFX0FQSV9LRVlfSEVSRQ==

Integrating with Vault

The above example shows how to use a plain ol' secret with the configuration template. Here's how you do it with Vault (disclaimer, I'm not an expert at this):

First, create a new secret for your secret. We'll use a youtube API key as an example.

vault kv put internal/youtube/config apiKey="abcdefg"

Next, set up a new policy that the podsync service account can use to read the secret.

vault policy write podsync - <<EOF
path "internal/data/youtube/config" {
  capabilities = ["read"]
}
EOF

Then, give the service account access to that policy. By default, the service account will be called "podsync" but you can overwrite this with the value serviceAccount.name.

vault write auth/kubernetes/role/podsync \
  bound_service_account_names=podsync \
  bound_service_account_namespaces=default \
  policies=podsync \
  ttl=24h

Finally, add the following to your values.yaml (adjusted as needed).

configuration:
  envInjectSource: /vault/secrets/config
podAnnotations:
  vault.hashicorp.com/agent-inject: 'true'
  vault.hashicorp.com/role: 'podsync'
  vault.hashicorp.com/agent-init-first: 'true'
  vault.hashicorp.com/agent-inject-secret-config: 'internal/data/youtube/config'
  vault.hashicorp.com/agent-inject-template-config: |
    {{ with secret "internal/data/youtube/config" -}}
      export PODSYNC_YOUTUBE_KEY="{{ .Data.data.apiKey }}"
    {{- end }}

And that's it! I hope!

Values

Key Type Default Description
affinity object {} Defines affinity constraint rules. Read more about affinity here.
configuration.env list [] A list of environment variables to use in configuration.template. See example above.
configuration.envInjectSource string "" File name of a shell script to load additional template environment variables from. This is useful when using Vault - the initContainer will first source the file you provide to load env variables, then it will run envsubst on the template with both the variables you specify in configuration.env and the variables from this file.
configuration.template string "" Template for an automatically generated config file. Environment variables wrapped in ${} will be replaced. See example above. A more complete example of the config file can be found on the podsync repo here.
fullnameOverride string "" Override for full name of generated resources.
image.pullPolicy string "IfNotPresent" Image pull policy.
image.repository string "tdeutsch/podsync" Image repository.
image.tag string "" Image tag.
imagePullSecrets list [] Secrets for pulling an image.
ingress.annotations object {} Provide additional ingress annotations if needed.
ingress.className string "" Ingress class name.
ingress.enabled bool false Enables or disables the ingress.
ingress.host string "chart-example.local" Host address.
ingress.paths[0].path string "/" Path.
ingress.paths[0].pathType string "ImplementationSpecific" Ignored if not kubeVersion >= 1.18-0
ingress.tls list [] Configure TLS for the ingress.
nameOverride string "" Override for name of generated resources.
nodeSelector object {} Defines node selection constraints. Read more about nodeSelector here.
persistence.accessModes[0] string "ReadWriteOnce" Access mode for generated Persistent Volume Claim.
persistence.annotations object {} Annotations for the generated Persistent Volume Claim.
persistence.enabled bool false If enabled, a Persistent Volume Claim will either be created or used. If not enabled, podsync just uses an emptyDir.
persistence.existingClaim string "" Use an existing Persistent Volume Claim. If empty string (default), then a new one will be generated.
persistence.size string "10Gi" The size of the generated Persistent Volume Claim.
persistence.storageClass string "" The storage class for the generated Persistent Volume Claim. If empty string (default), then the default provisioner will be used.
podAnnotations object {} Annotations for the server pod.
podSecurityContext object {} Pod security context.
resources object {} Set the resource limits/requests for the pod.
securityContext object {} Security context.
service.port int 80 The port for the service.
service.type string "ClusterIP" The type of service.
serviceAccount.annotations object {} Annotations to add to the service account.
serviceAccount.create bool true Specifies whether a service account should be created.
serviceAccount.name string "" The name of the service account to use. If not set and serviceAccount.create is true, a name is generated using the fullname template.
tolerations list [] Specify taint tolerations. Read more about tolerations here.