Skip to content
This repository has been archived by the owner on Jan 24, 2022. It is now read-only.
/ podsync-helm-chart Public archive

An unofficial helm chart for podsync

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

my0n/podsync-helm-chart

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
.github/workflows
.github/workflows
 
 
charts/podsync
charts/podsync
 
 
.gitignore
.gitignore
 
 
.kube-linter.yaml
.kube-linter.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ct.yaml
ct.yaml
 
 

Repository files navigation

This repository has been archived and can now be found here

podsync-helm-chart

An unofficial helm chart for podsync (currently using this version for yt-dlp support). I made this for my own learning purposes, but maybe you'll get some use out of it, too!

Example usage

Install the helm chart:

helm repo add my0npodsync https://my0n.github.io/podsync-helm-chart
helm repo update
helm install podsync my0npodsync/podsync -f values.yaml

Sample values.yaml given below; see values.yaml for more details.

# values.yaml
configuration:
  template: |
    [server]
    hostname = "http://${PODSYNC_HOST}"
    port = ${PODSYNC_PORT}
    data_dir = "${PODSYNC_DATA_DIR}"

    [tokens]
    youtube = "${PODSYNC_YOUTUBE_KEY}"

    [feeds]
      [feeds.ID1]
      url = "https://www.youtube.com/channel/UCxC5Ls6DwqV0e-CYcAKkExQ"
  env:
    - name: PODSYNC_YOUTUBE_KEY
      valueFrom:
        secretKeyRef:
          name: youtube-api-key
          key: apiKey
persistence:
  enabled: true
  size: 100Gi
ingress:
  enabled: true
  host: podsync.example.local

Example kubernetes secret:

# youtube-api-key.yaml
apiVersion: v1
kind: Secret
metadata:
  name: youtube-api-key
  namespace: default
type: Opaque
data:
  apiKey: WU9VUl9ZT1VUVUJFX0FQSV9LRVlfSEVSRQ==

Integrating with Vault

The above example shows how to use a plain ol' secret with the configuration template. Here's how you do it with Vault (disclaimer, I'm not an expert at this):

First, create a new secret for your secret. We'll use a youtube API key as an example.

vault kv put internal/youtube/config apiKey="abcdefg"

Next, set up a new policy that the podsync service account can use to read the secret.

vault policy write podsync - <<EOF
path "internal/data/youtube/config" {
  capabilities = ["read"]
}
EOF

Then, give the service account access to that policy. By default, the service account will be called "podsync" but you can overwrite this with the value serviceAccount.name.

vault write auth/kubernetes/role/podsync \
  bound_service_account_names=podsync \
  bound_service_account_namespaces=default \
  policies=podsync \
  ttl=24h

Finally, add the following to your values.yaml (adjusted as needed).

configuration:
  envInjectSource: /vault/secrets/config
podAnnotations:
  vault.hashicorp.com/agent-inject: 'true'
  vault.hashicorp.com/role: 'podsync'
  vault.hashicorp.com/agent-init-first: 'true'
  vault.hashicorp.com/agent-inject-secret-config: 'internal/data/youtube/config'
  vault.hashicorp.com/agent-inject-template-config: |
    {{ with secret "internal/data/youtube/config" -}}
      export PODSYNC_YOUTUBE_KEY="{{ .Data.data.apiKey }}"
    {{- end }}

And that's it! I hope!

About

An unofficial helm chart for podsync

Topics

helm podsync

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 19

podsync-1.4.2 Latest
Jan 23, 2022
+ 18 releases

Languages