peertube: bump to v5.0.1, helm chart v0.2.0

peertube/Chart.yaml

@@ -5,11 +5,11 @@ dependencies:
 - condition: postgresql.enabled
   name: postgresql
   repository: https://charts.bitnami.com/bitnami
-  version: 10.2.1
+  version: 12.2.2
 - condition: redis.enabled
   name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 12.3.2
+  version: 17.8.2
 type: application
-version: 0.1.15
-appVersion: 4.3.1
+version: 0.2.0
+appVersion: 5.0.1

peertube/templates/deployment.yaml

@@ -30,7 +30,10 @@ spec:
       initContainers:
         - name: check-db-ready
           image: postgres:latest
-          command: ['sh', '-c', 'until pg_isready -h {{ .Values.configAsCode.config.database.hostname }} -p 5432; do echo waiting for database; sleep 5; done;']
+          command: ['sh', '-c', 'until pg_isready -h {{ .Values.configAsCode.config.database.hostname }} -p {{ .Values.configAsCode.config.database.port }} ; do echo waiting for database; sleep 5; done;']
+        - name: check-redis-ready
+          image: redis:latest
+          command: ['sh', '-c', 'until [ "$(redis-cli -h {{ .Values.configAsCode.config.redis.hostname }} -p {{ .Values.configAsCode.config.redis.port }} ping)" = "PONG" ] ; do echo waiting for redis; sleep 5; done;']
       containers:
         - name: {{ .Chart.Name }}
           securityContext:

peertube/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: chocobozzz/peertube
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "v4.3.1-bullseye"
+  tag: "v5.0.1-bullseye"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -25,6 +25,10 @@ configAsCode:
       https: true
       hostname: 'peertube.example.com'
       port: 443
+    # Secrets you need to generate the first time you run PeerTube
+    secrets:
+      # Generate one using `openssl rand -hex 32`
+      peertube: 'change-me-i-am-not-secure'
     rates_limit:
       api:
         # 50 attempts in 10 seconds
@@ -62,7 +66,7 @@ configAsCode:
       port: 5432
       ssl: false
       suffix: ''
-      username: 'postgres'
+      username: 'peertube'
       password: 'peertube'
       pool:
         max: 5
@@ -130,6 +134,7 @@ configAsCode:
       captions: '/var/www/peertube/storage/captions/'
       cache: '/var/www/peertube/storage/cache/'
       plugins: '/var/www/peertube/storage/plugins/'
+      well_known: '/var/www/peertube/storage/well-known/'
       # Overridable client files in client/dist/assets/images:
       # - logo.svg
       # - favicon.png
@@ -141,13 +146,26 @@ configAsCode:
       # If the file exists, peertube will serve it
       # If not, peertube will fallback to the default file
       client_overrides: '/var/www/peertube/storage/client-overrides/'
+    static_files:
+      # Require and check user authentication when accessing private files (internal/private video files)
+      private_files_require_auth: true
     object_storage:
       enabled: false
       # Without protocol, will default to HTTPS
       endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
       region: 'us-east-1'
-      # Set this ACL on each uploaded object
-      upload_acl: 'public-read'
+      upload_acl:
+        # Set this ACL on each uploaded object of public/unlisted videos
+        public: 'public-read'
+        # Set this ACL on each uploaded object of private/internal videos
+        # PeerTube can proxify requests to private objects so your users can access them
+        private: 'private'
+      proxy:
+        # If private files (private/internal video files) have a private ACL, users can't access directly the ressource
+        # PeerTube can proxify requests between your object storage service and your users
+        # If you disable PeerTube proxy, ensure you use your own proxy that is able to access the private files
+        # Or you can also set a public ACL for private files in object storage if you don't want to use a proxy
+        proxify_private_files: true
       credentials:
         # You can also use AWS_ACCESS_KEY_ID env variable
         access_key_id: ''
@@ -179,12 +197,14 @@ configAsCode:
       prettify_sql: false
       # Accept warn/error logs coming from the client
       accept_client_log: true
-    # Highly experimental support of Open Telemetry
+    # Support of Open Telemetry metrics and tracing
+    # For more information: https://docs.joinpeertube.org/maintain-observability
     open_telemetry:
       metrics:
         enabled: false
         # Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
         prometheus_exporter:
+          hostname: '127.0.0.1'
           port: 9091
       tracing:
         enabled: false
@@ -505,6 +525,8 @@ configAsCode:
         check_interval: 1 hour
         # Number of latest published videos to check and to potentially import when syncing a channel
         videos_limit_per_synchronization: 10
+        # Max number of videos to import when the user asks for full sync
+        full_sync_videos_limit: 1000
     auto_blacklist:
       # New videos automatically blacklisted so moderators can review before publishing
       videos:
@@ -574,7 +596,8 @@ configAsCode:
       robots: |
         User-agent: *
         Disallow:
-      # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
+      # /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes
+      # To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
       securitytxt:
         '# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
     services:
@@ -728,9 +751,10 @@ persistence:
 # ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql
 postgresql:
   enabled: true
-  postgresqlUsername: postgres
-  postgresqlPassword: peertube
-  postgresqlDatabase: peertube
+  auth:
+    username: peertube
+    password: peertube
+    database: peertube
   persistence:
     enabled: false
     # storageClass: ""
@@ -739,13 +763,15 @@ postgresql:
     my_init_script.sh: |
        #!/bin/bash
        export PGPASSWORD=peertube
-       /opt/bitnami/postgresql/bin/psql -U postgres -d peertube -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;'
-       /opt/bitnami/postgresql/bin/psql -U postgres -d peertube -c 'CREATE EXTENSION IF NOT EXISTS unaccent;'
+       /opt/bitnami/postgresql/bin/psql -U peertube -d peertube -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;'
+       /opt/bitnami/postgresql/bin/psql -U peertube -d peertube -c 'CREATE EXTENSION IF NOT EXISTS unaccent;'
 
 redis:
   enabled: true
-  usePassword: false
-  password: ""
+  architecture: "standalone"
+  auth:
+    enabled: false
+    password: ""
 
 ## Liveness and readiness probe values
 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes