lcy
/
truenas


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178
							{{- define "syncthing.workload" -}}
workload:
  syncthing:
    enabled: true
    primary: true
    type: Deployment
    podSpec:
      hostNetwork: {{ .Values.syncthingNetwork.hostNetwork }}
      securityContext:
        fsGroup: {{ .Values.syncthingID.group }}
      containers:
        syncthing:
          enabled: true
          primary: true
          imageSelector: image
          securityContext:
            runAsUser: 0
            runAsGroup: 0
            runAsNonRoot: false
            readOnlyRootFilesystem: false
            # This is needed to allow syncthing assign
            # PCAPs to its child processes
            allowPrivilegeEscalation: true
            capabilities:
              add:
                - FOWNER
                - DAC_OVERRIDE
                - CHOWN
                - SETUID
                - SETGID
                - SETFCAP
                - SETPCAP
          env:
            PCAP: cap_chown,cap_dac_override,cap_fowner+ep
            STGUIADDRESS: "0.0.0.0:{{ .Values.syncthingNetwork.webPort }}"
            # Disable automatic upgrades
            STNOUPGRADE: "true"
          fixedEnv:
            PUID: {{ .Values.syncthingID.user }}
          probes:
            liveness:
              enabled: true
              type: http
              path: /rest/noauth/health
              port: "{{ .Values.syncthingNetwork.webPort }}"
            readiness:
              enabled: true
              type: http
              path: /rest/noauth/health
              port: "{{ .Values.syncthingNetwork.webPort }}"
            startup:
              enabled: true
              type: http
              path: /rest/noauth/health
              port: "{{ .Values.syncthingNetwork.webPort }}"
          # We use this hook as we need the API
          # to be running when we run the configure script
          lifecycle:
            postStart:
              type: exec
              command:
                - su-exec
                - "{{ .Values.syncthingID.user }}:{{ .Values.syncthingID.group }}"
                - /configure.sh
      {{- if .Values.syncthingNetwork.certificateID }}
      initContainers:
        {{- include "syncthing.certContainer" $ | nindent 8 -}}
      {{- end }}
{{/* Service */}}
service:
  syncthing-web:
    enabled: true
    primary: true
    type: NodePort
    targetSelector: syncthing
    ports:
      webui:
        enabled: true
        primary: true
        port: {{ .Values.syncthingNetwork.webPort }}
        nodePort: {{ .Values.syncthingNetwork.webPort }}
        targetSelector: syncthing
  syncthing-discovery:
    # Only enable this service if local discovery is enabled
    enabled: {{ .Values.syncthingConfig.localDiscovery }}
    type: NodePort
    targetSelector: syncthing
    ports:
      discovery:
        enabled: true
        port: {{ .Values.syncthingNetwork.localDiscoveryPort }}
        nodePort: {{ .Values.syncthingNetwork.localDiscoveryPort }}
        targetPort: 21017
        protocol: udp
        targetSelector: syncthing
  syncthing-transfer:
    enabled: true
    type: NodePort
    targetSelector: syncthing
    ports:
      tcp:
        enabled: true
        primary: true
        port: {{ .Values.syncthingNetwork.tcpPort }}
        nodePort: {{ .Values.syncthingNetwork.tcpPort }}
        targetPort: 22000
        targetSelector: syncthing
      quic:
        enabled: true
        port: {{ .Values.syncthingNetwork.quicPort }}
        nodePort: {{ .Values.syncthingNetwork.quicPort }}
        targetPort: 22000
        protocol: udp
        targetSelector: syncthing

{{/* Persistence */}}
persistence:
  home:
    enabled: true
    type: {{ .Values.syncthingStorage.home.type }}
    datasetName: {{ .Values.syncthingStorage.home.datasetName | default "" }}
    hostPath: {{ .Values.syncthingStorage.home.hostPath | default "" }}
    targetSelector:
      syncthing:
        syncthing:
          mountPath: /var/syncthing
        01-certs:
          mountPath: /var/syncthing
  configure:
    enabled: true
    type: configmap
    objectName: syncthing-configure
    defaultMode: "0770"
    targetSelector:
      syncthing:
        syncthing:
          mountPath: /configure.sh
          subPath: configure.sh

  {{- if not .Values.syncthingStorage.additionalStorages -}}
    {{- fail "Syncthing - Expected at least one additional storage defined" -}}
  {{- end -}}

  {{- range $idx, $storage := .Values.syncthingStorage.additionalStorages }}
  {{ printf "sync-%v" (int $idx) }}:
    enabled: true
    type: {{ $storage.type }}
    datasetName: {{ $storage.datasetName | default "" }}
    hostPath: {{ $storage.hostPath | default "" }}
    targetSelector:
      syncthing:
        syncthing:
          mountPath: {{ $storage.mountPath }}
  {{- end }}

  {{- if .Values.syncthingNetwork.certificateID }}
  certs:
    enabled: true
    type: secret
    objectName: syncthing-cert
    defaultMode: "0600"
    items:
      - key: tls.key
        path: https-key.pem
      - key: tls.crt
        path: https-cert.pem
    targetSelector:
      syncthing:
        01-certs:
          mountPath: /certs
          readOnly: true

scaleCertificate:
  syncthing-cert:
    enabled: true
    id: {{ .Values.syncthingNetwork.certificateID }}
    {{- end -}}
{{- end -}}