mirror of
https://github.com/truenas/charts.git
synced 2026-05-04 02:43:28 +08:00
a8de996f6e
* Add syncthing to enterprise train * add readme * use different default webui port * add update_strategy/info
179 lines
5.1 KiB
Smarty
179 lines
5.1 KiB
Smarty
{{- define "syncthing.workload" -}}
|
|
workload:
|
|
syncthing:
|
|
enabled: true
|
|
primary: true
|
|
type: Deployment
|
|
podSpec:
|
|
hostNetwork: {{ .Values.syncthingNetwork.hostNetwork }}
|
|
securityContext:
|
|
fsGroup: {{ .Values.syncthingID.group }}
|
|
containers:
|
|
syncthing:
|
|
enabled: true
|
|
primary: true
|
|
imageSelector: image
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
readOnlyRootFilesystem: false
|
|
# This is needed to allow syncthing assign
|
|
# PCAPs to its child processes
|
|
allowPrivilegeEscalation: true
|
|
capabilities:
|
|
add:
|
|
- FOWNER
|
|
- DAC_OVERRIDE
|
|
- CHOWN
|
|
- SETUID
|
|
- SETGID
|
|
- SETFCAP
|
|
- SETPCAP
|
|
env:
|
|
PCAP: cap_chown,cap_dac_override,cap_fowner+ep
|
|
STGUIADDRESS: "0.0.0.0:{{ .Values.syncthingNetwork.webPort }}"
|
|
# Disable automatic upgrades
|
|
STNOUPGRADE: "true"
|
|
fixedEnv:
|
|
PUID: {{ .Values.syncthingID.user }}
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
type: http
|
|
path: /rest/noauth/health
|
|
port: "{{ .Values.syncthingNetwork.webPort }}"
|
|
readiness:
|
|
enabled: true
|
|
type: http
|
|
path: /rest/noauth/health
|
|
port: "{{ .Values.syncthingNetwork.webPort }}"
|
|
startup:
|
|
enabled: true
|
|
type: http
|
|
path: /rest/noauth/health
|
|
port: "{{ .Values.syncthingNetwork.webPort }}"
|
|
# We use this hook as we need the API
|
|
# to be running when we run the configure script
|
|
lifecycle:
|
|
postStart:
|
|
type: exec
|
|
command:
|
|
- su-exec
|
|
- "{{ .Values.syncthingID.user }}:{{ .Values.syncthingID.group }}"
|
|
- /configure.sh
|
|
{{- if .Values.syncthingNetwork.certificateID }}
|
|
initContainers:
|
|
{{- include "syncthing.certContainer" $ | nindent 8 -}}
|
|
{{- end }}
|
|
{{/* Service */}}
|
|
service:
|
|
syncthing-web:
|
|
enabled: true
|
|
primary: true
|
|
type: NodePort
|
|
targetSelector: syncthing
|
|
ports:
|
|
webui:
|
|
enabled: true
|
|
primary: true
|
|
port: {{ .Values.syncthingNetwork.webPort }}
|
|
nodePort: {{ .Values.syncthingNetwork.webPort }}
|
|
targetSelector: syncthing
|
|
syncthing-discovery:
|
|
# Only enable this service if local discovery is enabled
|
|
enabled: {{ .Values.syncthingConfig.localDiscovery }}
|
|
type: NodePort
|
|
targetSelector: syncthing
|
|
ports:
|
|
discovery:
|
|
enabled: true
|
|
port: {{ .Values.syncthingNetwork.localDiscoveryPort }}
|
|
nodePort: {{ .Values.syncthingNetwork.localDiscoveryPort }}
|
|
targetPort: 21017
|
|
protocol: udp
|
|
targetSelector: syncthing
|
|
syncthing-transfer:
|
|
enabled: true
|
|
type: NodePort
|
|
targetSelector: syncthing
|
|
ports:
|
|
tcp:
|
|
enabled: true
|
|
primary: true
|
|
port: {{ .Values.syncthingNetwork.tcpPort }}
|
|
nodePort: {{ .Values.syncthingNetwork.tcpPort }}
|
|
targetPort: 22000
|
|
targetSelector: syncthing
|
|
quic:
|
|
enabled: true
|
|
port: {{ .Values.syncthingNetwork.quicPort }}
|
|
nodePort: {{ .Values.syncthingNetwork.quicPort }}
|
|
targetPort: 22000
|
|
protocol: udp
|
|
targetSelector: syncthing
|
|
|
|
{{/* Persistence */}}
|
|
persistence:
|
|
home:
|
|
enabled: true
|
|
type: {{ .Values.syncthingStorage.home.type }}
|
|
datasetName: {{ .Values.syncthingStorage.home.datasetName | default "" }}
|
|
hostPath: {{ .Values.syncthingStorage.home.hostPath | default "" }}
|
|
targetSelector:
|
|
syncthing:
|
|
syncthing:
|
|
mountPath: /var/syncthing
|
|
01-certs:
|
|
mountPath: /var/syncthing
|
|
configure:
|
|
enabled: true
|
|
type: configmap
|
|
objectName: syncthing-configure
|
|
defaultMode: "0770"
|
|
targetSelector:
|
|
syncthing:
|
|
syncthing:
|
|
mountPath: /configure.sh
|
|
subPath: configure.sh
|
|
|
|
{{- if not .Values.syncthingStorage.additionalStorages -}}
|
|
{{- fail "Syncthing - Expected at least one additional storage defined" -}}
|
|
{{- end -}}
|
|
|
|
{{- range $idx, $storage := .Values.syncthingStorage.additionalStorages }}
|
|
{{ printf "sync-%v" (int $idx) }}:
|
|
enabled: true
|
|
type: {{ $storage.type }}
|
|
datasetName: {{ $storage.datasetName | default "" }}
|
|
hostPath: {{ $storage.hostPath | default "" }}
|
|
targetSelector:
|
|
syncthing:
|
|
syncthing:
|
|
mountPath: {{ $storage.mountPath }}
|
|
{{- end }}
|
|
|
|
{{- if .Values.syncthingNetwork.certificateID }}
|
|
certs:
|
|
enabled: true
|
|
type: secret
|
|
objectName: syncthing-cert
|
|
defaultMode: "0600"
|
|
items:
|
|
- key: tls.key
|
|
path: https-key.pem
|
|
- key: tls.crt
|
|
path: https-cert.pem
|
|
targetSelector:
|
|
syncthing:
|
|
01-certs:
|
|
mountPath: /certs
|
|
readOnly: true
|
|
|
|
scaleCertificate:
|
|
syncthing-cert:
|
|
enabled: true
|
|
id: {{ .Values.syncthingNetwork.certificateID }}
|
|
{{- end -}}
|
|
{{- end -}}
|