diff --git a/library/ix-dev/charts/photoprism/Chart.yaml b/library/ix-dev/charts/photoprism/Chart.yaml index 1fb14868bf..1fed9cd528 100644 --- a/library/ix-dev/charts/photoprism/Chart.yaml +++ b/library/ix-dev/charts/photoprism/Chart.yaml @@ -3,7 +3,7 @@ description: AI-powered app for browsing, organizing & sharing your photo collec annotations: title: PhotoPrism type: application -version: 2.0.2 +version: 2.0.3 apiVersion: v2 appVersion: '231128' kubeVersion: '>=1.16.0-0' diff --git a/library/ix-dev/charts/photoprism/ci/https-values.yaml b/library/ix-dev/charts/photoprism/ci/https-values.yaml new file mode 100644 index 0000000000..abcfbb0874 --- /dev/null +++ b/library/ix-dev/charts/photoprism/ci/https-values.yaml @@ -0,0 +1,105 @@ +photoprismNetwork: + certificateID: 1 + webPort: 30489 + +photoprismConfig: + siteURL: https://photoprism.ix.dev:30489 + public: true + +photoprismID: + user: 1000 + group: 1000 + +photoprismStorage: + import: + type: pvc + originals: + type: pvc + storage: + type: pvc + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/library/ix-dev/charts/photoprism/questions.yaml b/library/ix-dev/charts/photoprism/questions.yaml index 30fcbaa600..5be0282090 100644 --- a/library/ix-dev/charts/photoprism/questions.yaml +++ b/library/ix-dev/charts/photoprism/questions.yaml @@ -29,6 +29,12 @@ questions: schema: type: dict attrs: + - variable: siteURL + label: Site URL + description: The URL for Photoprism. + schema: + type: string + default: "" - variable: public label: Public description: | @@ -148,6 +154,14 @@ questions: schema: type: boolean default: false + - variable: certificateID + label: Certificate + description: The certificate to use for Photoprism + schema: + type: int + "null": true + $ref: + - "definitions/certificate" - variable: photoprismStorage label: "" diff --git a/library/ix-dev/charts/photoprism/templates/_persistance.tpl b/library/ix-dev/charts/photoprism/templates/_persistance.tpl index f355fa8e38..9d46a567b5 100644 --- a/library/ix-dev/charts/photoprism/templates/_persistance.tpl +++ b/library/ix-dev/charts/photoprism/templates/_persistance.tpl @@ -37,4 +37,27 @@ persistence: photoprism: mountPath: {{ $storage.mountPath }} {{- end }} + + {{- if .Values.photoprismNetwork.certificateID }} + cert: + enabled: true + type: secret + objectName: photoprism-cert + defaultMode: "0600" + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + targetSelector: + photoprism: + photoprism: + mountPath: /photoprism/storage/config/certificates + readOnly: true + +scaleCertificate: + photoprism-cert: + enabled: true + id: {{ .Values.photoprismNetwork.certificateID }} + {{- end -}} {{- end -}} diff --git a/library/ix-dev/charts/photoprism/templates/_photoprism.tpl b/library/ix-dev/charts/photoprism/templates/_photoprism.tpl index 5402a1d688..1d5ab62c16 100644 --- a/library/ix-dev/charts/photoprism/templates/_photoprism.tpl +++ b/library/ix-dev/charts/photoprism/templates/_photoprism.tpl @@ -35,6 +35,17 @@ workload: PHOTOPRISM_STORAGE_PATH: /photoprism/storage PHOTOPRISM_ORIGINALS_PATH: /photoprism/originals PHOTOPRISM_IMPORT_PATH: /photoprism/import + {{- with .Values.photoprismConfig.siteURL }} + PHOTOPRISM_SITE_URL: {{ . }} + {{- end -}} + {{- if .Values.photoprismNetwork.certificateID }} + {{- if not .Values.photoprismConfig.siteURL -}} + {{- fail "Site URL is required when using a certificate" -}} + {{- end }} + PHOTOPRISM_DISABLE_TLS: false + PHOTOPRISM_TLS_CERT: tls.crt + PHOTOPRISM_TLS_KEY: tls.key + {{- end }} fixedEnv: PUID: {{ .Values.photoprismID.user }} {{ with .Values.photoprismConfig.additionalEnvs }} @@ -45,19 +56,23 @@ workload: {{ end }} {{ end }} probes: + {{- $prot := "http" -}} + {{- if .Values.photoprismNetwork.certificateID -}} + {{- $prot = "https" -}} + {{- end }} liveness: enabled: true - type: http + type: {{ $prot }} path: / port: {{ .Values.photoprismNetwork.webPort }} readiness: enabled: true - type: http + type: {{ $prot }} path: / port: {{ .Values.photoprismNetwork.webPort }} startup: enabled: true - type: http + type: {{ $prot }} path: / port: {{ .Values.photoprismNetwork.webPort }} diff --git a/library/ix-dev/charts/photoprism/templates/_portal.tpl b/library/ix-dev/charts/photoprism/templates/_portal.tpl index 92f166ddca..ed3da9c9a3 100644 --- a/library/ix-dev/charts/photoprism/templates/_portal.tpl +++ b/library/ix-dev/charts/photoprism/templates/_portal.tpl @@ -1,12 +1,37 @@ {{- define "photoprism.portal" -}} + {{- $proto := "http" -}} + {{- if .Values.photoprismNetwork.certificateID -}} + {{- $proto = "https" -}} + {{- end -}} + + {{- $host := "$node_ip" -}} + {{- with .Values.photoprismConfig.siteURL -}} {{/* Trim protocol and trailing slash */}} + {{- $host = (. | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/") -}} + {{- $host = mustRegexReplaceAll "(.*):[0-9]+" $host "${1}" -}} + {{- end -}} + + {{- $port := .Values.photoprismNetwork.webPort }} + + {{- with .Values.photoprismConfig.siteURL -}} {{/* If URL is defined */}} + {{- $p := (. | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/") -}} + {{- $p = split ":" $p -}} + {{- if $p._1 -}} {{/* If port is defined */}} + {{- $port = $p._1 -}} + {{- else -}} + {{- $port = "80" -}} + {{- if eq $proto "https" -}} + {{- $port = "443" -}} + {{- end -}} + {{- end -}} + {{- end }} --- apiVersion: v1 kind: ConfigMap metadata: name: portal data: - port: {{ .Values.photoprismNetwork.webPort | quote }} + protocol: {{ $proto }} path: "/" - protocol: "http" - host: $node_ip + host: {{ $host }} + port: {{ $port | quote }} {{- end -}} diff --git a/library/ix-dev/charts/photoprism/values.yaml b/library/ix-dev/charts/photoprism/values.yaml index be4be1e2e4..0d08c88986 100644 --- a/library/ix-dev/charts/photoprism/values.yaml +++ b/library/ix-dev/charts/photoprism/values.yaml @@ -15,10 +15,12 @@ podOptions: photoprismConfig: public: false password: '' + siteURL: '' additionalEnvs: [] photoprismNetwork: webPort: 20800 + certificateID: hostNetwork: false photoprismID: