Helm chart for Kubernetes deployments

[samip5]

Describe the feature

Option to install via Helm

https://helm.sh/

Why would this be useful to add?

It would make it more simple and scalable to deploy the full app on a Kubernetes cluster.

Concept(s)

No response

Additional context

No response

Acknowledgements

• I have searched the existing issues and this is NOT a duplicate or related to another open issue.
• I have written a short but informative title.
• I filled out all of the requested information in this form.

[FireMasterK]

I'd love to support a helm/k8s deployment of Piped, but I have no clue how they work at all, unfortunately!

[samip5]

I'd love to support a helm/k8s deployment of Piped, but I have no clue how they work at all, unfortunately!

First question would be that should the chart live inside the same repository as the app itself or should it be in a separate repository?

[FireMasterK]

I would say a new repository, since we've got multiple components - the frontend, backend, proxy, a reverse proxy for caching, etc

[samip5]

Hmm, the issue probably actually belongs to the Docker repository, but probably one for Kubernetes makes sense. I have my own charts at samipsolutions/helm-charts and I can try to get it going there first which would become artifacthub discoverable too.

What are you thoughts on creating a new repository under TeamPiped and adding me as outside collaborator on it so I can work on this?

[samip5]

I created a repo for it called Piped-Kubernetes as that seems to be the syntax of the other ones. :)

[FireMasterK]

That works! Thanks for the help! :)

[samip5]

@FireMasterK I have faced an obstacle and that has to do with ytproxy requiring to use sockets, that's not possible when the container is not running inside the same pod, much less host.

I believe this is blocked by TeamPiped/http3-ytproxy#3 / TeamPiped/http3-ytproxy#2.

[peerau]

that's not possible when the container is not running inside the same pod, much less host.

use a PVC, and bind the Pods to run on the same host. :D

[samip5]

that's not possible when the container is not running inside the same pod, much less host.

use a PVC, and bind the Pods to run on the same host. :D

That sounds like a whack hack, but then again it should work... Unless it doesn't get scheduled on the same host.

[FireMasterK]

@FireMasterK I have faced an obstacle and that has to do with ytproxy requiring to use sockets, that's not possible when the container is not running inside the same pod, much less host.

I believe this is blocked by TeamPiped/http3-ytproxy#3 / TeamPiped/http3-ytproxy#2.

If you don't bind any volumes, it will listen on port 8080!

[FireMasterK]

You'd likely want to use https://github.com/TeamPiped/piped-proxy now, it's the new replacement written in Rust!

[samip5]

Hey @FireMasterK I'm getting back to working on this. Would it be possible to build a container w/o nginx integrated at all for the frontend as that does seem quite counter-intuitive for a k8s deployment as there usually is already a reverse proxy already?

[FireMasterK]

Hey @FireMasterK I'm getting back to working on this. Would it be possible to build a container w/o nginx integrated at all for the frontend as that does seem quite counter-intuitive for a k8s deployment as there usually is already a reverse proxy already?

The current docker setup has 2 nginx containers - one the frontend, which cannot be removed as it's necessary to serve static files.

The second one is used to link all the services together, and can be removed!

[samip5]

The current docker setup has 2 nginx containers - one the frontend, which cannot be removed as it's necessary to serve static files.

I believe the serving of static files could be handled by express or serve npm packages but probably not worth the dependency?

[FireMasterK]

I'd stick with nginx, simply because it's much faster, and more lightweight than express / any npm package.

[MichaelTrip]

@samip5 i am very interested in your work. Perhaps we can share our knowledge to get the Helm chart going?

[samip5]

@samip5 i am very interested in your work. Perhaps we can share our knowledge to get the Helm chart going?

I have been meaning on doing it similarly how immich has done theirs. https://github.com/immich-app/immich-charts
What do you think of that approach?

[samip5]

Hey, @FireMasterK could we at the very least not have to use sed though the assets on frontend startup? Eg, do it via environment variable? I believe that it should be possible to build the frontend according to the environment variable.

[FireMasterK]

Hey, @FireMasterK could we at the very least not have to use sed though the assets on frontend startup? Eg, do it via environment variable? I believe that it should be possible to build the frontend according to the environment variable.

Yes, but at this moment, that's currently going to be a lot of work to get going, unfortunately.

[samip5]

Hey, @FireMasterK could we at the very least not have to use sed though the assets on frontend startup? Eg, do it via environment variable? I believe that it should be possible to build the frontend according to the environment variable.

Yes, but at this moment, that's currently going to be a lot of work to get going, unfortunately.

Could you please elaborate on the lot of work? There seems to be a very minor amount of references to pipedapi.kevin.rocks domain in the source code.

Did I miss any?

The places I found:

• main.js, line 175
• opensearch.xml, line 9
• components/PreferencesPage.vue, line 438

[FireMasterK]

Well, one way could be to include an entrypoint script, which reads from an environment variable and then runs sed, which would be simpler indeed.

The proper way to do this is probably to include it as a build config variable and then, build the application. But, I want to avoid building the application at all costs.

[samip5]

But, I want to avoid building the application at all costs.

Why? It would make sense to dynamically build it based on environment variables on container startup.

I suppose that one way would indeed be a entrypoint script, that does the sed based on the env variables, but I agree that it's not the proper way.

[samip5]

One option for a Kubernetes deployment at least would be to use a initcontainer (initialization container, that starts before the main app container), that does the following:

• Downloads the already built minifed source code (couldn't find it published as it seems to be inside GH Action cache)
• Does the sed on the assets
• Gives the assets back to the main container to use via shared volume

[FireMasterK]

Why? It would make sense to dynamically build it based on environment variables on container startup.

The problem is docker. It would be difficult to create a mechanism to auto-update a docker-compose setup.

I could add a Dockerfile to build with build environment variables, would that be of any help?

[samip5]

I could add a Dockerfile to build with build environment variables, would that be of any help?

No but if you could publish the dist-ci folder content in compressed package that would help.

[samip5]

@MichaelTrip Do you happen to have ideas on how to solve this issue with the frontend as you were wanting to help?
The chart should otherwise be functional, but just the frontend portion is not.

[MichaelTrip]

@MichaelTrip Do you happen to have ideas on how to solve this issue with the frontend as you were wanting to help? The chart should otherwise be functional, but just the frontend portion is not.

Hi,

i Just checked the whole conversation, but the init container seems the most viable option indeed. I have to dive into the source code a bit more to understand the inner working of piped.

[FireMasterK]

I also noticed that the current setup doesn't really include any caching, could this be somehow optionally added (not all setups may need it, as you could enable it on Cloudflare with special page rules)?

[samip5]

I also noticed that the current setup doesn't really include any caching, could this be somehow optionally added (not all setups may need it, as you could enable it on Cloudflare with special page rules)?

You mean like varnish? I pretty much duplicated the nginx docker compose setup except for the custom nginx config.

[FireMasterK]

You mean like varnish? I pretty much duplicated the nginx docker compose setup except for the custom nginx config.

Yep, exactly! Varnish doesn't play nice with docker, not sure about kubernetes tho

[samip5]

Varnish doesn't play nice with docker, not sure about kubernetes tho

When you say that, what do you mean? In what aspect doesn't it play nice?

[FireMasterK]

It doesn't like dynamic hosts / when the IP changes, it starts giving 503s when that happens. We switched from Varnish to Nginx in the docker compose setup.

[samip5]

Out of curiosity, is there any way to install it with simple helm repo add and helm install commands?

There is, but I haven't documented them yet.

The default values of the chart might not be the best at the moment.

helm repo add teampiped https://helm.piped.video
helm install piped teampiped/piped --version 0.0.4

[samip5]

I have also added the tldr to README of chart.

https://github.com/TeamPiped/Piped-Kubernetes/tree/main/charts/apps/piped#tldr

[FireMasterK]

Awesome! I'm curious, how would updates work for this?

[samip5]

Currently it's using the latest tag (like the Docker containers), but it could be automated via eg. Renovate to pin to a specific SHA and then use that as latest tag, but it would be better to actually use release versions of things preferably via semver.

It's common practice to use Renovate for automatic updates in Kubernetes environments and it can auto-update the images them self when deployed without the need to always update the chart version.

[samip5]

@FireMasterK Do you have an account at ArtifactHUB? If not, please create one so I can invite you to an TeamPiped org there, so that it would show up properly there. :)

[FireMasterK]

Currently it's using the latest tag (like the Docker containers), but it could be automated via eg. Renovate to pin to a specific SHA and then use that as latest tag, but it would be better to actually use release versions of things preferably via semver.

I see, but my question is would it periodically keep checking the latest tag to see if there's a new SHA for the image?

@FireMasterK Do you have an account at ArtifactHUB? If not, please create one so I can invite you to an TeamPiped org there, so that it would show up properly there. :)

Just created one with the username kavin or email [email protected]!

[samip5]

I see, but my question is would it periodically keep checking the latest tag to see if there's a new SHA for the image?

It wouldn't by itself, only when deploying so the options are as follows for that:

1. Automatic chart bump when a next release is available (it could become annoying depending on how often it changes and due to wanting to follow semver and may be troublesome in the aspect of the different containers not sharing the same SHA).
2. Specify them in values as pinned SHA, and have Renovate keep them updated (would potentially work, unless a end user changes them/overrides in values).
3. Use actual release versions of all components (would need some versioning scheme, and would be preferred)
4. Rely on the end user to handle it eg via Renovate.

I'm not really sure which of the options is good to choose from.

Just created one with the username kavin

Sent an invite to the org on ArtifactHUB.

[samip5]

This was the reason why it's useful to be on ArtifactHUB: https://artifacthub.io/packages/search?ts_query_web=piped&sort=relevance&page=1 :)

I have also made better README on the Kubernetes repo.

[samip5]

@FireMasterK Could you please enable the showing of funding links on the Piped-Kubernetes respository?

I have added mine and TeamPiped links to it.

[FireMasterK]

It doesn't seem to parse, I don't see it as an option on GitHub.

[samip5]

It doesn't seem to parse, I don't see it as an option on GitHub.

Ah, it had to be inside an array, now it does parse. :)

[samip5]

@FireMasterK Can I have secret access on the Piped-Kubernetes repo? I would like to add Self-Hosted Renovate there which would require some secrets and adding my bot access to the repository.

[FireMasterK]

But for renovate, why not use the free hosted one online? It's already installed and used in other piped repos

[samip5]

But for renovate, why not use the free hosted one online? It's already installed and used in other piped repos

Because the configs and things I have for Renovate I believe needs the self-hosted version, but could be mistaken.

I'm talking about https://github.com/samipsolutions/helm-charts/blob/main/.github/workflows/charts-changelog.yaml and https://github.com/samipsolutions/helm-charts/blob/main/.github/workflows/schedule-renovate.yaml

Renovate config https://github.com/samipsolutions/helm-charts/blob/main/.github/renovate.json5

[FireMasterK]

Is there any feature missing in the hosted version? I think it should work fine out of the box with that configuration 🤔

We don't need the schedule-renovate workflow since renovate is run on every commit/push.

[samip5]

We don't need the schedule-renovate workflow since renovate is run on every commit/push.

That's exactly what I don't want, and thus the schedule is wanted as it would be used to bump eg database dependency every 3 months automatically which is a potentially breaking change due to how one needs to do Postgres upgrades.

[FireMasterK]

That's not right I think, we can schedule updates every month/etc in the config I believe.

[samip5]

I don't see why it should be ran on every commit/push.

The schedule workflow does run on push when there's a need for it eg when config was changed.

  schedule:
    - cron: "0 */12 * * *"
  push:
    branches:
      - main
    paths:
      - ".github/renovate.json5"
      - ".github/renovate/**.json5"

[FireMasterK]

I don't know either, but the hosted renovate runs on every commit and every few hours. 🤷 It's not our infrastructure, so I don't think its our problem

[samip5]

So that's a no for the bot?

[FireMasterK]

I mean to say I don't understand the need, but we can have the bot if its really necessary.

[samip5]

I have added the Renovate config to the repo, but at least it doesn't appear in the hosted dashboard.
It seems to work now.

[FireMasterK]

Just gave the renovate bot perms for the repo! :)

[samip5]

Would it be time to close this issue as we have a helm chart?