Merge branch 'release/v1.6.0'

v1.5.0

CHANGELOG.md

@@ -0,0 +1,100 @@
+# v1.6.0
+
+## Important
+- From Peertube 6.0, [storage directoy for video changes](https://github.com/Chocobozzz/PeerTube/releases/tag/v6.0.0)! This new Chart version includes an init script that move directory from `/data/videos` to `/data/web-videos` before starting peertube (as in k8s, it's very hard to move data in place 😅 ) **but you need** to edit your config file accordingly!
+
+## Features
+- Compatibility with Peertube v6.0.2
+- Use the new production.yaml.new files generated by peertube during upgrade if it exists
+
+# v1.5.1
+
+## Important
+- Add pathType and ingressClassName in values.yml for better support in k8s 1.25+
+
+## Feature
+- Compatibility with Peertube 5.2.1
+
+# v1.5.1
+
+## Important
+- Add pathType and ingressClassName in values.yml for better support in k8s 1.25+
+
+## Feature
+- Compatibility with Peertube 5.2.1
+
+# v1.5.0
+
+## Important
+- Removed redis from this chart as it's osbolete. You need to install a redis server aside! See README for details.
+
+## Features:
+- Compatibility with peertube v4.3.0
+
+
+# v1.4.0
+
+## Feature
+- Upgrade Ingress template for k8s 1.19+ compatibility
+- Remove fixed database suffix from deployment, please use production.yml to configure if default "_prod" is not sufficient
+
+# v1.3.0
+
+## Feature
+- Bump to peertube v4.0 by default. Warn if you are upgrading for 3.4, see release note for post maj script: https://github.com/Chocobozzz/PeerTube/releases/tag/v4.0.0
+
+# v1.2.1
+
+## Fix
+ - Adjust initialDelaySecond for startupProbe to avoid waiting 5min even if the instance starts quickly
+ - Adjust startupProbe port to use 9000 instead of http
+
+# v1.2.0
+
+## Features
+ - Compatibility with helm 3 and k8s 1.16+
+ - Now use StartupProbe to enable very long start when updating Peertube and running upgrade scripts
+
+# v1.1.2
+
+## Fixes
+ - Update compatibility to Peertube v2.3.0
+ - Remove deprecated env variables for docker
+
+# v1.1.1
+
+Ensure compatibility with Peertube v2.2.0 by removing the PEERTUBE_TRUST_PROXY env variable that does not exist anymore.
+
+Is you used it, configure your production.yml instead for better reliability.
+
+# v1.1.0
+
+## Features
+
+Add a nginx sidecar to use the official Peertube optimisations for Nginx (Fix #2)
+
+# v1.0.2
+
+## Breaking changes
+
+The option initcontainer is now renamed chowncontainer as it fit better to its usage.
+
+## Fixes
+
+ - Fix issue #3 to avoid breaking Peertube upgrade by using 2 initContainers
+
+# v1.0.1
+
+Now use Peertube v2.1.0-buster as default
+
+# v1.0.0
+
+*Initial release*
+
+##Features
+
+ - Deploy Peertube in kubernetes
+ - Deploy redis server to be used by Peertube
+ - Allow to enable usual docker "chown" to speed up startup through InitContainer
+
+

Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "1.0.1"
-description: A Helm chart for Kubernetes
+appVersion: "v6.0.2-bookworm"
+description: A Helm chart to install peertube in kubernetes
 name: peertube
-version: 1.0.0
+version: 1.6.0

README.md

@@ -4,7 +4,7 @@ Federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly
 
 ---
 
-## Status : WIP
+## Status : WIP but workable
 
 - [x] Run Peertube and Redis
 - [x] Use pvc to persist data
@@ -12,12 +12,25 @@ Federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly
 
 ## Before deploying
 
-Currently if you want use persistent volume you need to create persistent volume and persistent volume claim. You may use sample claims from `sample`:  
+Currently if you want use persistent volume you need to create persistent volume and persistent volume claim. You may use sample claims from `sample`:
  - change the storageclass from `ChangeMeStorageClass` to your correct class
  - apply the claim: `kubectl apply -f sample/claim.pvc-pt.yml`
 
-You also need a postgresql server.  
-If you know what you are doing and want to store postgres in Kubernetes, I suggest the excellent [stolon](https://github.com/helm/charts/tree/master/stable/stolon).
+### Postgres
+You need a postgresql server.
+If you know what you are doing and want to store postgres in Kubernetes, I suggest [postgres-operator](https://access.crunchydata.com/documentation/postgres-operator/5.1.1/) from CrunchyData
+
+### You also need a redis
+
+From peertube helm v1.5.0, redis is no more provided inside the chart. Indeed peertube does not handle anymore redis 3.3, so I advice installing and managing redis outside the chart like postgres cluster.
+
+I suggest using [bitnami redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) with `architecture=standalone` to avoid uneeded slave (Peertube only need master)
+
+Once installed, use following values to pass needed info to your peertube instance.
+```
+redisHostname
+redisAuth
+```
 
 ## Installing the chart
 
@@ -40,5 +53,5 @@ See the sample/values.yml for example of values to use
 
 ## Source
 
-Originated from https://github.com/MikaXII/helm-charts  
-Thanks!
+Originated from https://github.com/MikaXII/helm-charts
+Thanks!

requirements.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: redis
-  repository: https://kubernetes-charts.storage.googleapis.com
-  version: 3.3.5
-digest: sha256:bc60370cbce6d02249e972f74489dc20248f8bd3d61d7e031d6e186ff07c42ad
-generated: 2018-06-08T16:58:13.072321307+02:00

requirements.yaml

@@ -1,5 +0,0 @@
-# requirements.yaml
-dependencies:
-- name: redis
-  version: "3.3.5"
-  repository: "@stable"

scripts/peertube-chown.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# Ensure user is ok for config files
+find /config ! -user peertube -exec chown peertube:peertube {} \;
+
+# Ensure user is ok for data files
+find /data ! -user peertube -exec chown peertube:peertube {} \;
+
+exit 0

scripts/peertube-init.sh

@@ -8,9 +8,19 @@ fi
 # Always copy default and custom env configuration file, in cases new keys were added
 cp /app/config/default.yaml /config
 cp /app/support/docker/production/config/custom-environment-variables.yaml /config
+# From 5.2 peertube upgrade script creates a production.yaml.new containing production.yml config and news mandatory keys, directly usable
+if [ -f "/config/production.yaml.new" ]; then
+    mv /config/production.yaml.new /config/production.yaml
+fi
+# Patch user after the cp
 find /config ! -user peertube -exec chown peertube:peertube {} \;
 
-# Ensure user is ok for data files
-find /data ! -user peertube -exec chown peertube:peertube {} \;
+# Move videos data for Peertube 6.0.0 before starting peertube
+if [ -d "/data/videos" -a ! -d "/data/web-videos" ]; then
+    mv /data/videos /data/web-videos
+fi
+
+# Prepare assets for the Nginx sidecar
+cp -r /app/client/dist/* /assets/
 
-exit 0
+exit 0

templates/NOTES.txt

@@ -11,7 +11,7 @@
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get svc -w {{ template "peertube.fullname" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "peertube.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
+  echo http://$SERVICE_IP:{{ .Values.ports.peertubePort }}
 {{- else if contains "ClusterIP" .Values.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "peertube.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:8080 to use your application"

templates/deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "peertube.fullname" . }}
@@ -19,9 +19,8 @@ spec:
         app: {{ template "peertube.name" . }}
         release: {{ .Release.Name }}
     spec:
-{{- if .Values.initcontainer.enabled }}
       initContainers:
-        - name: init-peertube
+        - name: peertube-init
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           volumeMounts:
@@ -32,18 +31,43 @@ spec:
             - mountPath: /init
               name: peertube-init
               readOnly: true
+            - name: peertubeassets
+              mountPath: /assets
           command:
             - sh
             - /init/peertube-init.sh
+{{- if .Values.chowncontainer.enabled }}
+        - name: peertube-chown
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+            - name: data
+              mountPath: /data
+            - name: config
+              mountPath: /config
+            - mountPath: /init
+              name: peertube-chown
+              readOnly: true
+          command:
+            - sh
+            - /init/peertube-chown.sh
 {{- end }}
       containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+{{- if .Values.nginxproxy.enabled }}
+        - name: nginx-proxy
+          image: "{{ .Values.nginxproxy.image.repository }}:{{ .Values.nginxproxy.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: 9000
+              containerPort: {{ .Values.ports.nginxproxyPort }}
               protocol: TCP
+          startupProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 300
+            failureThreshold: 30
+            periodSeconds: 10
           livenessProbe:
             httpGet:
               path: /
@@ -54,6 +78,81 @@ spec:
               path: /
               port: http
             initialDelaySeconds: 60
+          volumeMounts:
+            - name: nginxtemp
+              mountPath: /nginxtemp
+            - mountPath: /etc/nginx/conf.d
+              name: nginx-proxyconf
+              readOnly: true
+            - name: peertubeassets
+              mountPath: /assets
+              readOnly: true
+            - name: data
+              mountPath: /data
+{{- end }}
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+{{- if .Values.nginxproxy.enabled }}
+{{- if .Values.ports.livePort }}
+          ports:
+          - name: live
+            containerPort: {{ .Values.ports.livePort }}
+            protocol: TCP
+{{- end }}
+          startupProbe:
+            httpGet:
+              path: /
+              port: 9000
+            initialDelaySeconds: 60
+            failureThreshold: 3000
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 9000
+            initialDelaySeconds: 600
+            failureThreshold: 3
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 9000
+            initialDelaySeconds: 300
+            failureThreshold: 3
+            periodSeconds: 10
+{{- else }}
+          ports:
+          - name: http
+            containerPort: {{ .Values.ports.peertubePort }}
+            protocol: TCP
+{{- if .Values.ports.livePort }}
+          - name: live
+            containerPort: {{ .Values.ports.livePort }}
+            protocol: TCP
+{{- end }}
+          startupProbe:
+            httpGet:
+              path: /
+              port: 9000
+            initialDelaySeconds: 60
+            failureThreshold: 3000
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 600
+            failureThreshold: 3
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 30
+            failureThreshold: 3
+            periodSeconds: 10
+{{- end }}
           command:
             - gosu
             - peertube
@@ -68,14 +167,14 @@ spec:
               value: {{ .Values.environment.httpsEnabled | quote }}
             - name: PEERTUBE_DB_HOSTNAME
               value: {{ .Values.environment.dbHostname }}
-            - name: PEERTUBE_DB_SUFFIX
-              value: _prod
             - name: PEERTUBE_DB_USERNAME
               value: {{ .Values.environment.dbUser }}
             - name: PEERTUBE_DB_PASSWORD
               value: {{ .Values.environment.dbPassword }}
             - name: PEERTUBE_REDIS_HOSTNAME
-              value: {{ .Release.Name }}-{{ .Values.environment.redisHostname }}-master
+              value: {{ .Values.environment.redisHostname }}
+            - name: PEERTUBE_REDIS_AUTH
+              value: {{ .Values.environment.redisAuth }}
             - name: PEERTUBE_SMTP_USERNAME
               value: {{ .Values.environment.smtpUser | quote }}
             - name: PEERTUBE_SMTP_PASSWORD
@@ -90,12 +189,8 @@ spec:
               value: {{ .Values.environment.smtpTls | quote }}
             - name: PEERTUBE_ADMIN_EMAIL
               value: {{ .Values.environment.admin | quote }}
-            - name: PEERTUBE_SIGNUP_ENABLED
-              value: {{ .Values.environment.signup  | quote }}
             - name: PEERTUBE_TRANSCODING_ENABLED
               value: {{ .Values.environment.transcoding | quote }}
-            - name: PEERTUBE_TRUST_PROXY
-              value: {{ .Values.environment.trustProxy | quote }}
           volumeMounts:
             - name: data
               mountPath: /data
@@ -132,7 +227,25 @@ spec:
         - name: config
           emptyDir: {}
 {{- end }}
+{{- if .Values.nginxproxy.persistence.enabled }}
+        - name: nginxtemp
+          persistentVolumeClaim:
+            claimName: {{ .Values.nginxproxy.persistence.existingClaim }}
+{{- else }}
+        - name: nginxtemp
+          emptyDir: {}
+{{- end }}
+        - name: peertubeassets
+          emptyDir: {}
+        - configMap:
+            defaultMode: 420
+            name: nginx-proxyconf
+          name: nginx-proxyconf
         - configMap:
             defaultMode: 420
             name: peertube-init
           name: peertube-init
+        - configMap:
+            defaultMode: 420
+            name: peertube-chown
+          name: peertube-chown

templates/ingress.yaml

@@ -1,7 +1,8 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "peertube.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
+{{- $ingressPathType := .Values.ingress.pathType -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -15,6 +16,7 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
 {{- if .Values.ingress.tls }}
   tls:
   {{- range .Values.ingress.tls }}
@@ -31,8 +33,11 @@ spec:
       http:
         paths:
           - path: {{ $ingressPath }}
+            pathType: {{ $ingressPathType }}
             backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: 9000
   {{- end }}
 {{- end }}

templates/nginx-proxyconf.yml

@@ -0,0 +1,148 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-proxyconf
+data:
+  peertubesite.conf: |-
+    server {
+      listen {{ .Values.ports.nginxproxyPort }} default_server;
+      listen [::]:{{ .Values.ports.nginxproxyPort }} default_server;
+      server_name _;
+
+      error_log  /var/log/nginx/error.log warn;
+      access_log  /var/log/nginx/access.log  main;
+
+      # Enable compression for JS/CSS/HTML bundle, for improved client load times.
+      # It might be nice to compress JSON, but leaving that out to protect against potential
+      # compression+encryption information leak attacks like BREACH.
+      gzip on;
+      gzip_types text/css application/javascript;
+      gzip_vary on;
+
+      # If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
+      # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
+      client_body_temp_path /nginxtemp;
+
+      # Bypass PeerTube for performance reasons. Could be removed
+      location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
+        add_header Cache-Control "public, max-age=31536000, immutable";
+
+        alias /assets/$1;
+      }
+
+      # Bypass PeerTube for performance reasons. Could be removed
+      location ~ ^/static/(thumbnails|avatars)/ {
+        if ($request_method = 'OPTIONS') {
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+          add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+          add_header 'Access-Control-Max-Age' 1728000;
+          add_header 'Content-Type' 'text/plain charset=UTF-8';
+          add_header 'Content-Length' 0;
+          return 204;
+        }
+
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+
+        # Cache 2 hours
+        add_header Cache-Control "public, max-age=7200";
+
+        root /data;
+
+        rewrite ^/static/(thumbnails|avatars)/(.*)$ /$1/$2 break;
+        try_files $uri /;
+      }
+
+      location / {
+        proxy_pass http://127.0.0.1:{{ .Values.ports.peertubePort }};
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # This is the maximum upload size, which roughly matches the maximum size of a video file
+        # you can send via the API or the web interface. By default this is 8GB, but administrators
+        # can increase or decrease the limit. Currently there's no way to communicate this limit
+        # to users automatically, so you may want to leave a note in your instance 'about' page if
+        # you change this.
+        #
+        # Note that temporary space is needed equal to the total size of all concurrent uploads.
+        # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
+        # on a dedicated filesystem.
+        #
+        client_max_body_size {{ .Values.nginxproxy.maxbodysize }};
+
+        # Default timeout to 50m to allow large upload with slow connection
+        proxy_connect_timeout       3000;
+        proxy_send_timeout          3000;
+        proxy_read_timeout          3000;
+        send_timeout                3000;
+      }
+
+      # Bypass PeerTube for performance reasons. Could be removed
+      location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
+        # Clients usually have 4 simultaneous webseed connections, so the real limit is 4MB/s per client
+        set $peertube_limit_rate 1000k;
+
+        # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
+        if ($request_uri ~ -fragmented.mp4$) {
+          set $peertube_limit_rate 5000k;
+        }
+
+        # Use this with nginx >= 1.17.0
+        limit_rate $peertube_limit_rate;
+
+        if ($request_method = 'OPTIONS') {
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+          add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+          add_header 'Access-Control-Max-Age' 1728000;
+          add_header 'Content-Type' 'text/plain charset=UTF-8';
+          add_header 'Content-Length' 0;
+          return 204;
+        }
+
+        if ($request_method = 'GET') {
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+          add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+
+          # Don't spam access log file with byte range requests
+          access_log off;
+        }
+
+        root /data;
+
+        rewrite ^/static/webseed/(.*)$ /videos/$1 break;
+        rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
+        rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break;
+
+        try_files $uri /;
+      }
+
+      # Websocket tracker
+      location /tracker/socket {
+        # Peers send a message to the tracker every 15 minutes
+        # Don't close the websocket before this time
+        proxy_read_timeout 1200s;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:{{ .Values.ports.peertubePort }};
+      }
+
+      location /socket.io {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+
+        proxy_pass http://127.0.0.1:{{ .Values.ports.peertubePort }};
+
+        # enable WebSockets
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+      }
+    }

templates/peertube-chown.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: peertube-chown
+data:
+  {{- (.Files.Glob "scripts/peertube-chown.sh").AsConfig | nindent 2 }}

templates/service.yaml

@@ -10,10 +10,23 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
+{{- if .Values.nginxproxy.enabled }}
+    - port: {{ .Values.ports.nginxproxyPort }}
       targetPort: http
       protocol: TCP
       name: http
+{{- else }}
+    - port: {{ .Values.ports.peertubePort }}
+      targetPort: http
+      protocol: TCP
+      name: http
+{{- end }}
+{{- if .Values.ports.livePort }}
+    - port: {{ .Values.ports.livePort }}
+      targetPort: {{ .Values.ports.livePort }}
+      protocol: TCP
+      name: live
+{{- end }}
   selector:
     app: {{ template "peertube.name" . }}
     release: {{ .Release.Name }}

values.yaml

@@ -7,20 +7,31 @@ replicaCount: 1
 
 image:
   repository: chocobozzz/peertube
-  tag: v2.0.0-stretch
+  tag: v6.0.2-bookworm
   pullPolicy: IfNotPresent
 
 service:
   type: ClusterIP
-  port: 9000
+
+ports:
+  # peertubePort should be the same than the port in your Peertube production.yml configuration. Default to 9000
+  # nginxproxyPort is used only when nginx-proxy is enabled, and should be different from the Peertube port.
+  # peertubePort is exposed outside of the pod, except if nginx-proxy is enabled, in this case it's the nginxproxyPort that is exposed
+  # The chart uses the correct port for service and ingress according to configuration
+  peertubePort: 9000
+  nginxproxyPort: 9001
+  # livePort is a directly exposed TCP port used for the live streaming feature.
+  # Should match your live configuration in production.yml, and default to 1935
+  livePort: 1935
 
 ingress:
   enabled: true
+  ingressClassName: haproxy
   annotations:
-    kubernetes.io/ingress.class: haproxy
     kubernetes.io/tls-acme: "true"
     certmanager.k8s.io/cluster-issuer: your-certmanager
   path: /
+  pathType: Prefix
   hosts:
     - peertube.domain.tld
   tls:
@@ -28,17 +39,13 @@ ingress:
       hosts:
         - peertube.domain.tld
 
-# At start initcontainer check every video files and chown it to peertube.
+# At start chowncontainer check every video files and chown it to peertube user.
 # If you have lots of videos, it may take age.
 # If you are sure your rights are ok, you may disable this container to speed up start.
-initcontainer:
+chowncontainer:
   enabled: true
 
 resources:
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    requests:
     cpu: 3
     memory: 6Gi
@@ -76,6 +83,7 @@ environment:
   dbUser: peertube
   dbPassword: postgres
   redisHostname: redis
+  redisAuth: redispassword
   smtpUser: peertube@peertube.domain.tld
   smtpPassword: smtppassword
   smtpHostname: smtp.peertube.domain.tld
@@ -83,17 +91,19 @@ environment:
   smtpFrom: peertube@peertube.domain.tld
   smtpTls: true
   admin: peertube@peertube.domain.tld
-  signup: false
   transcoding: true
 
-redis:
-  usePassword: false
-  password: peertube
-  master:
-    persistence:
-      enabled: true
-      path: /data
-  # PVC are not handled by helm, you need to create redis volume before deploying helm
+# WARNING nginxproxy is not compatible with live at the moment
+# Because it search .../streaming-playlists/... in URL path directly in filesystem path
+# and if you use .../streaming_playlists/... on filesystem, live is broken (notice the - vs _)
+nginxproxy:
+  enabled: false
+  image:
+    repository: nginx
+    tag: 1.17.9
+  maxbodysize: 8G
+  # When uploading, temporary space is needed equal to the total size of all concurrent uploads.
+  # It could be a good idea to use an outside docker storage (eg: pvc in k8s) for these files
   persistence:
-    enabled: true
-    existingClaim: pvc-redis-prod
+    enabled: false
+    existingClaim: pvc-nginx-proxy