LBRY on Kubernetes with Helm

contrib/k8s-lbry/.gitignore

@@ -0,0 +1,4 @@
+index.yaml
+*.tgz
+requirements-dev.yaml
+values-dev.yaml

contrib/k8s-lbry/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+appVersion: "1.0"
+description: LBRY on Kubernetes with Helm
+name: k8s-lbry
+version: 0.1.1
+maintainers:
+  - email: ryan@enigmacurry.com
+    name: EnigmaCurry
+  - email: leopere [at] nixc [dot] us 
+    name: Leopere
+home: https://github.com/lbryio/lbry-docker/tree/master/contrib/k8s-lbry

contrib/k8s-lbry/README.md

@@ -0,0 +1,623 @@
+# LBRY on Kubernetes with Helm
+
+Contributing Author: [EnigmaCurry](https://www.enigmacurry.com)
+
+Last Update: May 6 2019
+
+Deploy lbrycrd, lbrynet, chainquery, mysql, and spee.ch on your Kubernetes
+cluster.
+
+[![asciicast](https://asciinema.org/a/fkVzPW05vKFEjBXdDp6I81odA.svg)](https://asciinema.org/a/fkVzPW05vKFEjBXdDp6I81odA)
+
+<!-- Regenerate Table of contents with markdown-toc npm library -->
+<!-- run:   npx markdown-toc -i README.md                       -->
+
+<!-- toc -->
+
+- [Requirements](#requirements)
+- [Helm Charts](#helm-charts)
+  * [Tiller](#tiller)
+  * [nginx-ingress](#nginx-ingress)
+  * [cert-manager](#cert-manager)
+  * [k8s-lbry](#k8s-lbry)
+  * [lbrycrd](#lbrycrd)
+  * [chainquery](#chainquery)
+    + [MySQL for chainquery](#mysql-for-chainquery)
+    + [Start chainquery](#start-chainquery)
+    + [Startup chainquery with a database snapshot](#startup-chainquery-with-a-database-snapshot)
+  * [lbrynet](#lbrynet)
+    + [IMPORTANT - Backup your cluster wallet](#important---backup-your-cluster-wallet)
+  * [spee.ch](#speech)
+    + [MySQL for speech](#mysql-for-speech)
+    + [Configure Speech](#configure-speech)
+- [TLS Support](#tls-support)
+  * [Assign DNS name(s) to your Load Balancer](#assign-dns-names-to-your-load-balancer)
+  * [Enable TLS](#enable-tls)
+- [Improvements](#improvements)
+
+<!-- tocstop -->
+
+## Requirements
+
+ * A Kubernetes cluster with role-based access control (RBAC) enabled.
+   * This tutorial was tested on a fresh DigitalOcean managed cluster on nodes
+     with 8GB of RAM, on kubernetes 1.13.5.
+ * [kubectl command line
+   tool](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed on
+   your local development machine.
+   * Tested with kubectl v1.14.0
+ * [Helm command line tool](https://github.com/helm/helm/releases) installed on
+   your local development machine.
+   * Tested with helm v2.13.1
+
+Your cloud provider should have instructions for setting up kubectl to talk to
+your cluster. This usually involves downloading a config file and putting it in
+`$HOME/.kube/config`. (The file has to be renamed `config` and put in the
+`$HOME/.kube` directory.)
+
+Note: If you want to download the cluster config to a location other than
+`$HOME/.kube/config`, you can set the `KUBECONFIG` environment variable to the
+full path of your config file, or create a symlink from your config file to
+`$HOME/.kube/config`, or you can use the `--kubeconfig` parameter to both
+`kubectl` and `helm` commands every time you use them.
+
+Test that your kubectl can talk to your cluster, by querying for a list of running
+nodes:
+
+```
+kubectl get nodes
+```
+
+If everything is working, you should see a list of one or more nodes running and
+showing `STATUS=Ready`
+
+## Helm Charts
+
+This system is installed via [Helm](https://helm.sh/docs/), the package manager
+for Kubernetes. [Helm Charts](https://helm.sh/docs/developing_charts/#charts)
+are the basis for packages in Helm. This directory is a Helm chart itself.
+
+### Tiller
+
+Tiller is the cluster-side component of helm, and needs to be installed before
+you can use helm with your cluster. Run the following to install tiller to your
+cluster:
+
+```
+kubectl -n kube-system create serviceaccount tiller
+
+kubectl create clusterrolebinding tiller --clusterrole cluster-admin \
+      --serviceaccount=kube-system:tiller
+
+helm init --service-account tiller
+helm repo update
+```
+
+Now you can use helm locally to install things to your remote cluster.
+
+### nginx-ingress
+
+An Ingress Controller
+([nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress))
+will help you to route outside internet traffic into your cluster. nginx-ingress
+will also help terminate TLS connections (SSL) so that your containers don't
+need to worry about encryption.
+
+Install nginx-ingress, with HTTPs turned off initially:
+
+```
+helm install stable/nginx-ingress --name nginx-ingress \
+  --set nginx-ingress.controller.service.enableHttps=false
+```
+
+### cert-manager
+
+[cert-manager](https://docs.cert-manager.io/en/latest/index.html) will provide
+TLS certificates (SSL) for your cluster, using [Let's
+Encrypt](https://letsencrypt.org/).
+
+Install cert-manager:
+
+```
+kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
+
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+
+helm install --name cert-manager --namespace cert-manager jetstack/cert-manager --version v0.7.1
+
+kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"
+```
+
+### k8s-lbry
+
+The k8s-lbry helm chart installs lbrycrd, chainquery, lbrynet, and mysql. 
+
+Wait for the Load Balancer to show an External IP: 
+
+```
+kubectl get svc -l app=nginx-ingress,component=controller -w
+```
+
+Press Ctrl-C to quit once you see the External IP listed (and not `<pending>`).
+
+Add the `k8s-lbry` helm repository:
+
+```
+helm repo add k8s-lbry https://k8s-lbry.sfo2.digitaloceanspaces.com
+```
+
+Create a directory to store your configuration file for `k8s-lbry`. You can
+download the default configuration file for the helm chart
+([values.yaml](values.yaml)):
+
+```
+VALUES=https://raw.githubusercontent.com/lbryio/lbry-docker/master/contrib/k8s-lbry/values.yaml
+
+curl -Lo values.yaml $VALUES
+```
+
+`values.yaml` is your own configuration file for `k8s-lbry`. You will need it
+everytime you need to update your deployment. Commit the file to a git
+repository, or save it someplace safe.
+
+Edit `values.yaml`, change the following things:
+
+ * Change `lbrycrd.configurationFile.lbrycrd.conf` at the bottom find
+   `externalip=` and set it equal to the External IP address of the Load
+   Balancer obtained above.
+ * Change `cert-manager-issuer.email` to your email address to receive notices
+   from Let's Encrypt. (Only used if you choose to enable TLS.)
+ * Change `echo-http-server.hostname` to any domain name you choose. (It must be
+   a real internet domain that you control, if you choose to enable TLS.)
+
+Save `values.yaml`.
+
+Now install `k8s-lbry`:
+
+```
+helm install -n k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+This will create a new helm release for your cluster called `k8s-lbry`, from the
+helm repository called `k8s-lbry`, using the package named `k8s-lbry`, using the
+local configuration file called `values.yaml`.
+
+### lbrycrd
+
+Find the lbrycrd pod to ensure it has started correctly:
+
+```
+kubectl get pods -l app=lbrycrd
+```
+
+Tail the logs (Press Ctrl-C to quit):
+
+```
+kubectl logs -f -l app=lbrycrd
+```
+
+You can use lbrycrd-cli from the running pod:
+
+```
+POD=`kubectl get pod -l app=lbrycrd -o name | sed s+pod/++` && \
+  kubectl exec $POD -- lbrycrd-cli -rpcuser=lbry -rpcpassword=lbry getinfo
+```
+
+Upgrade the nginx-ingress release to allow forwarding port 9246 to lbrycrd:
+
+```
+helm upgrade nginx-ingress stable/nginx-ingress \
+  --set tcp.9246="default/k8s-lbry-lbrycrd:9246"
+```
+
+Verify the port is now open (9246 listed under PORTS):
+
+```
+kubectl get svc nginx-ingress-controller
+```
+
+After your lbrycrd service has been online for awhile, check back with the
+`lbrcrd-cli getinfo` command from above. You will know that nginx-ingress is
+properly connected to lbrycrd if you see that the number of connections listed
+is a number greater than 8.
+
+### chainquery
+
+#### MySQL for chainquery
+[MySQL](https://github.com/helm/charts/tree/master/stable/mysql) is used as
+the database chainquery talks to.
+
+Edit `values.yaml` and set `chainquery-mysql.enabled` to `true`. 
+
+Upgrade the release to turn on mysql for chainquery:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+You can try logging into the mysql shell if you like (default password is
+`chainquery`):
+
+```
+POD=`kubectl get pod -l app=k8s-lbry-chainquery-mysql -o name | sed s+pod/++` && \
+  kubectl exec -it $POD -- mysql -u chainquery -p
+```
+
+You can view the mysql logs:
+
+```
+kubectl logs -l app=k8s-lbry-chainquery-mysql -f
+```
+
+#### Start chainquery
+
+Edit `values.yaml` and set `chainquery.enabled` to `true`. 
+
+Upgrade the release to turn on chainquery:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+You can view the chainquery logs:
+
+```
+kubectl logs -l app=chainquery -f
+```
+
+#### Startup chainquery with a database snapshot
+
+If chainquery is starting with a blank MySQL database, it will take several days
+to synchronize with the full lbycrd blockchain. If this is OK, you can just
+watch the chainquery logs and wait for it to get to the [current block
+height](https://explorer.lbry.io/).
+
+If you cannot wait that long, you may start from a database snapshot to speed up
+this process.
+
+Delete the chainquery and mysql deployments:
+
+```
+kubectl delete deployments k8s-lbry-chainquery k8s-lbry-chainquery-mysql
+```
+
+The pods will automatically terminate.
+
+The mysql data still exists in a PersistentVolumeClaim, `k8s-lbry-chainquery-mysql`. Check
+that it still exists:
+
+```
+kubectl get pvc
+```
+
+There's an included script to start a utility container with a PersistentVolume
+attached. Download the script:
+
+```
+SCRIPT=https://raw.githubusercontent.com/lbryio/lbry-docker/master/contrib/k8s-lbry/scripts/kubectl-run-with-pvc.sh
+
+curl -Lo kubectl-run-with-pvc.sh $SCRIPT && chmod a+x kubectl-run-with-pvc.sh
+```
+
+Run the `kubectl-run-with-pvc` script, attaching the mysql PVC:
+
+```
+./kubectl-run-with-pvc.sh k8s-lbry-chainquery-mysql
+```
+
+Wait a second for the container to start, and you should then be placed into a
+container shell, indicated by the shell prompt changing to the container's
+prompt.
+
+In the container shell, delete any existing mysql data from the volume:
+
+```
+rm /pvcs/k8s-lbry-chainquery-mysql/* -rf
+```
+
+Still in the container shell, download the backup and extract it to the volume:
+
+```
+apt update && apt install -y curl
+
+BACKUP_URL=https://lbry-chainquery-mysql-dump.sfo2.digitaloceanspaces.com/chainquery_height_560900.mysql-backup.tar.gz
+curl $BACKUP_URL | tar xvz -C /pvcs/k8s-lbry-chainquery-mysql/
+```
+
+Once the download and extraction completes, exit the container (or just press
+Ctrl-D):
+
+```
+exit
+```
+
+Now back on your local shell, upgrade the release to re-create the mysql and
+chainquery deployments:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+You can verify that the database now has data up to the height of the database
+snapshot. Login to the mysql shell (password: `chainquery`):
+
+```
+POD=`kubectl get pod -l app=k8s-lbry-chainquery-mysql -o name | sed s+pod/++` && \
+  kubectl exec -it $POD -- mysql -u chainquery -p
+```
+
+Then query for the number of blocks:
+
+```
+mysql> select count(*) from chainquery.block;
++----------+
+| count(*) |
++----------+
+|   561034 |
++----------+
+1 row in set (15.00 sec)
+```
+
+Also verify that chainquery is again happy. View the chainquery logs:
+
+```
+kubectl logs -l app=chainquery -f
+```
+
+### lbrynet
+
+Edit `values.yaml` and set `lbrynet.enabled` to `true`.
+
+Update the release to turn on lbrynet:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+You can view the lbrynet logs:
+
+```
+kubectl logs -l app=lbrynet -f
+```
+
+#### IMPORTANT - Backup your cluster wallet
+
+The wallet is stored inside the `k8s-lbry-lbrynet` persistent volume.
+
+Copy the wallet in case the volume gets destroyed:
+
+```
+WALLET=/home/lbrynet/.local/share/lbry/lbryum/wallets/default_wallet \
+POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
+  kubectl cp $POD:$WALLET /tmp/k8s-lbry-lbrynet-wallet-backup.json
+```
+
+Check the contents of `/tmp/k8s-lbry-lbrynet-wallet-backup.json` and move the
+file to a safe place for backup (and delete this temporary file.)
+
+Once your wallet is backed up, you can generate a receiving address in order to
+deposit LBC:
+
+```
+POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
+  kubectl exec $POD -- lbrynet address unused
+```
+
+### spee.ch
+
+Note: Throughout this deployment, the unstylized name `speech` is used.
+
+#### MySQL for speech
+[MySQL](https://github.com/helm/charts/tree/master/stable/mysql) is used as
+the database speech talks to.
+
+Edit `values.yaml` and set `speech-mysql.enabled` to `true`. 
+
+Upgrade the release to turn on mysql for speech:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+You can try logging into the mysql shell if you like (default password is
+`speech`):
+
+```
+POD=`kubectl get pod -l app=k8s-lbry-speech-mysql -o name | sed s+pod/++` && \
+  kubectl exec -it $POD -- mysql -u speech -p
+```
+
+You can view the mysql logs:
+
+```
+kubectl logs -l app=k8s-lbry-speech-mysql -f
+```
+
+#### Configure Speech
+
+Before you can fully configure speech, you must fund your lbrynet wallet in the
+`k8s-lbry-lbrynet` deployment. Check the lbrynet section for details on
+generating a receiving address for your wallet, as well as backing up your
+wallet.
+
+Speech has a large configuration, all of which is found in `values.yaml`. The
+most important settings to configure yourself are:
+
+ * `speech.enabled` - turns on/off the the speech deployment.
+ * `speech.service.hostname` - The external hostname for speech.
+ * `speech.persistence.size` - How large of a data directory for speech.
+ * `speech.auth.masterPassword`
+ * `speech.details`
+ * `speech.publishing.primaryClaimAddress`
+
+   * This can be retrieved from the lbrynet pod:
+   
+```
+POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
+  kubectl exec $POD -- lbrynet address list
+```
+   
+   * Copy the first address from the list. This is your `primaryClaimAddress`.
+   
+ * `speech.publishing.publishOnlyApproved`
+ * `speech.publishing.approvedChannels`
+ * `speech.publishing.thumbnailChannel`
+ 
+   * In order to publish thumbnails, you must create a channel. There are many options in creation. See the help from the lbrynet command to list them all:
+    
+```
+POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
+  kubectl exec $POD -- lbrynet channel create --help
+```
+    
+   * For example, this will create the channel named `YourChannel`, bidding 1 LBC for the name:
+
+```
+POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
+  kubectl exec $POD -- lbrynet channel create --name @YourChannel --bid 1.0
+```
+
+   * Make sure that when you copy the channel name to `values.yaml` that you use double quotes surrounding the value for thumbnailChannel. This is because in YAML, the `@` symbol cannot be used without quotes. ie: `thumbnailChannel: "@YourChannel"`
+
+ * `speech.publishing.thumbnailChannelId`
+ 
+   * When you create the channel, listed in the `outputs` section, you will find
+`claim_id`; this is the `thumbnailChannelId`. You can also retrieve this
+information again by running `channel list`:
+
+```
+POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \ 
+  kubectl exec $POD -- lbrynet channel list
+```
+
+Once you've configured speech in `values.yaml`, upgrade the helm release to
+apply the changes:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+Open your browser to the hostname specified in `speech.service.hostname` and
+demo the site.
+
+## TLS Support
+
+Enabling TLS (SSL) for your cluster is optional, but it is useful if you are
+going to expose any HTTP services externally.
+
+### Assign DNS name(s) to your Load Balancer
+
+The k8s-lbry chart started a Load Balancer as part of the Ingress Controller.
+You can assign a DNS name to the Load Balancer External IP address.
+
+Get the External IP of the Load Balancer:
+
+```
+kubectl get svc -l app=nginx-ingress,component=controller
+```
+
+Copy the External IP address shown. Update your DNS provider for your domain
+accordingly, with a subdomain of your choice to point to the External IP address.
+
+Edit `values.yaml` and set `echo-service.enabled` to `true`. Set
+`echo-service.hostname` to the domain name you configued in your DNS.
+
+Upgrade the release to turn on the echo-http-server:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
+```
+
+Verify that the DNS is setup correctly by using curl to the echo-http-server on
+port 80:
+
+```
+curl http://echo.example.com
+```
+
+(Replace `echo.example.com` with the domain you used in `values.yaml`.)
+
+You should see the word `echo` returned.
+
+  
+### Enable TLS 
+
+Once you've verified that DNS for your domain correctly routes to the
+echo-http-server, upgrade the nginx-ingress release with HTTPs now turned on:
+
+```
+helm upgrade nginx-ingress stable/nginx-ingress \
+  --set nginx-ingress.controller.service.enableHttps=true
+```
+
+Upgrade the k8s-lbry release, turning on HTTPs for the echo-http-server:
+
+```
+helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml --set echo-http-server.enableHttps=true
+```
+
+Check that HTTPs connection to the echo service is working: 
+
+```
+curl https://echo.example.com
+```
+
+(Replace `echo.example.com` with the domain you used in `values.yaml`.)
+
+You should see the word `echo` returned. However, it may take up to 5 minutes
+for it to start to work. 
+
+Watch the cert-manager log:
+
+```
+kubectl logs --namespace cert-manager -l app=cert-manager -f
+```
+
+A successful certificate message would look like:
+
+```
+Certificate "echo-tls" for ingress "echo" is up to date
+```
+
+Retry the curl command until you get an `echo` response.
+
+## Improvements
+
+Beyond this point, there are several things one could do to improve this
+configuration and harden for production.
+
+ * Secrets
+
+   * At this stage, all your configuration resides in `values.yaml`, including
+passwords. You can seperate these secrets out of your config and put them into a
+[Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
+
+   * [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
+
+   * [Helm Secrets](https://github.com/futuresimple/helm-secrets)
+
+ * Namespaces
+
+   * If you are using the cluster for things other than lbry, you should install
+     k8s-lbry into its own namespace. This will allow pods within the same
+     namespace to talk to eachother, but not to pods in other namespaces.
+
+   * Using a namespace in the introductory docs above, would have complicated
+     the (already complex) helm and kubectl commands, so they were omitted.
+
+   * Both helm and kubectl support the `--namespace` argument. You can translate
+     all the commands above, adding the `--namespace` argument.
+
+     For example, to install the k8s-lbry chart in its own `k8s-lbry` namespace:
+
+     ```
+     ## helm install RELEASE REPO/CHART --namespace NAMESPACE -f VALUES
+     helm install k8s-lbry k8s-lbry/k8s-lbry --namespace k8s-lbry -f values.yaml
+     ```
+
+     And to look at pods in the `k8s-lbry` namespace:
+
+     ```
+     kubectl get pods --namespace k8s-lbry
+     ```

contrib/k8s-lbry/charts/cert-manager-issuer/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/cert-manager-issuer/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Install staging and production certificate issuers with Lets Encrypt ACME.
+name: cert-manager-issuer
+version: 0.1.0

contrib/k8s-lbry/charts/cert-manager-issuer/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cert-manager-issuer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cert-manager-issuer.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cert-manager-issuer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/cert-manager-issuer/templates/production_issuer.yaml

@@ -0,0 +1,16 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: {{ .Values.email }}
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    http01: {}
+

contrib/k8s-lbry/charts/cert-manager-issuer/templates/staging_issuer.yaml

@@ -0,0 +1,15 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: {{ .Values.email }}
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    http01: {}

contrib/k8s-lbry/charts/chainquery/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/chainquery/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "v0.0.0"
+description: LBRY chainquery
+name: chainquery
+version: 0.1.0

contrib/k8s-lbry/charts/chainquery/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chainquery.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chainquery.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chainquery.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/chainquery/templates/configmap.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "chainquery.fullname" . }}
+  labels:
+    app: {{ template "chainquery.name" . }}
+    chart: {{ template "chainquery.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ toYaml .Values.configurationFile | indent 2 }}
+{{- end }}

contrib/k8s-lbry/charts/chainquery/templates/deployments.yaml

@@ -0,0 +1,61 @@
+{{- if .Values.enabled }}
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "chainquery.fullname" . }}
+  labels:
+    app: {{ template "chainquery.name" . }}
+    chart: {{ template "chainquery.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "chainquery.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "chainquery.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      securityContext:
+        fsGroup: 1000
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- if .Values.configurationFile }}
+      initContainers:
+        - name: copy-chainquery-config
+          image: busybox
+          command: ['sh', '-c', 'cp /configmap/chainqueryconfig.toml /etc/lbry/chainqueryconfig.toml']
+          volumeMounts:
+            - name: configmap
+              mountPath: /configmap
+            - name: config
+              mountPath: /etc/lbry
+      {{- end }}
+      containers:
+        - name: {{ template "chainquery.fullname" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          resources:
+  {{ toYaml .Values.resources | indent 10 }}
+          ports:
+            - name: port
+              containerPort: {{ .Values.service.port }}
+          volumeMounts:
+            {{- if .Values.configurationFile }}
+            - name: config
+              mountPath: /etc/lbry/chainqueryconfig.toml
+              subPath: chainqueryconfig.toml
+            {{- end }}
+      volumes:
+        {{- if .Values.configurationFile }}
+        - name: config
+          emptyDir: {}
+        - name: configmap
+          configMap:
+            name: {{ template "chainquery.fullname" . }}
+        {{- end }}
+{{- end }}

contrib/k8s-lbry/charts/chainquery/templates/service.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "chainquery.fullname" . }}
+  labels:
+    app: {{ template "chainquery.name" . }}
+    chart: {{ template "chainquery.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+    - name: port
+      port: {{ .Values.service.port }}
+      targetPort: port
+  selector:
+    app: {{ template "chainquery.name" . }}
+    release: {{ .Release.Name }}
+{{- end }}

contrib/k8s-lbry/charts/echo-http-server/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/echo-http-server/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: An HTTP echo service
+name: echo-http-server
+version: 0.1.0

contrib/k8s-lbry/charts/echo-http-server/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "echo-http-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "echo-http-server.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "echo-http-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/echo-http-server/templates/ingress.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.enabled }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ .Values.service }}
+  annotations:  
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/issuer: {{ .Values.certificateIssuer }}
+    certmanager.k8s.io/acme-challenge-type: http01
+spec:
+  {{ if .Values.enableHttps }}
+  tls:
+  - hosts:
+    - {{ .Values.hostname }}
+    secretName: {{ .Values.service }}-tls
+  {{ end }}
+  rules:
+  - host: {{ .Values.hostname }}
+    http:
+      paths:
+      - backend:
+          serviceName: {{ .Values.service }}
+          servicePort: 80
+{{- end }}

contrib/k8s-lbry/charts/echo-http-server/templates/service.yaml

@@ -0,0 +1,34 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service }}
+spec:
+  ports:
+  - port: 80
+    targetPort: 5678
+  selector:
+    app: {{ .Values.service }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Values.service }}
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.service }}
+    spec:
+      containers:
+      - name: {{ template "echo-http-server.fullname" . }}
+        image: hashicorp/http-echo
+        args:
+        - "-text={{ .Values.service }}"
+        ports:
+        - containerPort: 5678
+{{- end }}

contrib/k8s-lbry/charts/echo-socket-server/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/echo-socket-server/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A socket echo service
+name: echo-socket-server
+version: 0.1.0

contrib/k8s-lbry/charts/echo-socket-server/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "echo-socket-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "echo-socket-server.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "echo-socket-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/echo-socket-server/templates/service.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service }}
+spec:
+  ports:
+  - port: 8000
+    targetPort: 8000
+  selector:
+    app: {{ .Values.service }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Values.service }}
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.service }}
+    spec:
+      containers:
+      - name: {{ template "echo-socket-server.fullname" . }}
+        image: enigmacurry/echo-socket-server
+        ports:
+        - containerPort: 8000
+{{- end }}
+

contrib/k8s-lbry/charts/lbrycrd/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/lbrycrd/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "v0.0.0"
+description: lbrycrd LBRY blockchain daemon
+name: lbrycrd
+version: 0.1.0

contrib/k8s-lbry/charts/lbrycrd/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "lbrycrd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "lbrycrd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "lbrycrd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/lbrycrd/templates/configmap.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "lbrycrd.fullname" . }}
+  labels:
+    app: {{ template "lbrycrd.name" . }}
+    chart: {{ template "lbrycrd.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ toYaml .Values.configurationFile | indent 2 }}
+{{- end }}

contrib/k8s-lbry/charts/lbrycrd/templates/deployments.yaml

@@ -0,0 +1,78 @@
+{{- if .Values.enabled }}
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "lbrycrd.fullname" . }}
+  labels:
+    app: {{ template "lbrycrd.name" . }}
+    chart: {{ template "lbrycrd.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "lbrycrd.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "lbrycrd.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      securityContext:
+        fsGroup: 1000
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- if .Values.configurationFile }}
+      initContainers:
+        - name: copy-lbrycrd-config
+          image: busybox
+          command: ['sh', '-c', 'cp /configmap/lbrycrd.conf /etc/lbry/lbrycrd.conf']
+          volumeMounts:
+            - name: configmap
+              mountPath: /configmap
+            - name: config
+              mountPath: /etc/lbry
+      {{- end }}
+      containers:
+        - name: {{ template "lbrycrd.fullname" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          env:
+          - name: RUN_MODE
+            value: "default"
+          - name: PORT
+            value: "{{ .Values.service.port }}"
+          - name: RPC_PORT
+            value: "{{ .Values.service.rpcPort }}"
+          resources: {{ toYaml .Values.resources | indent 10 }}
+          ports:
+            - name: port
+              containerPort: {{ .Values.service.port }}
+            - name: rpc
+              containerPort: {{ .Values.service.rpcPort }}
+          volumeMounts:
+            - name: data
+              mountPath: /data
+            {{- if .Values.configurationFile }}
+            - name: config
+              mountPath: /etc/lbry/lbrycrd.conf
+              subPath: lbrycrd.conf
+            {{- end }}
+      volumes:
+        {{- if .Values.configurationFile }}
+        - name: config
+          emptyDir: {}
+        - name: configmap
+          configMap:
+            name: {{ template "lbrycrd.fullname" . }}
+        {{- end }}
+        - name: data
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default (include "lbrycrd.fullname" .) }}
+        {{- else }}
+          emptyDir: {}
+        {{- end -}}
+{{- end }}

contrib/k8s-lbry/charts/lbrycrd/templates/pvc.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "lbrycrd.fullname" . }}
+  labels:
+    app: {{ template "lbrycrd.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+  {{- with .Values.persistence.annotations  }}
+  annotations:
+    {{ toYaml . | indent 4 }}
+  {{- end }}
+
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

contrib/k8s-lbry/charts/lbrycrd/templates/service.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "lbrycrd.fullname" . }}
+  labels:
+    app: {{ template "lbrycrd.name" . }}
+    chart: {{ template "lbrycrd.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+    - name: port
+      port: {{ .Values.service.port }}
+      targetPort: port
+    - name: rpc
+      port: {{ .Values.service.rpcPort }}
+      targetPort: rpc
+  selector:
+    app: {{ template "lbrycrd.name" . }}
+    release: {{ .Release.Name }}
+{{- end }}

contrib/k8s-lbry/charts/lbrynet/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/lbrynet/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "v0.0.0"
+description: LBRY lbrynet
+name: lbrynet
+version: 0.1.0

contrib/k8s-lbry/charts/lbrynet/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "lbrynet.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "lbrynet.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "lbrynet.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/lbrynet/templates/configmap.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "lbrynet.fullname" . }}
+  labels:
+    app: {{ template "lbrynet.name" . }}
+    chart: {{ template "lbrynet.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  {{- with .Values.daemon_settings  }}
+  daemon_settings.yml: {{ toYaml . | quote }}
+  {{- end }}
+{{- end }}

contrib/k8s-lbry/charts/lbrynet/templates/deployments.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.enabled }}
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "lbrynet.fullname" . }}
+  labels:
+    app: {{ template "lbrynet.name" . }}
+    chart: {{ template "lbrynet.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "lbrynet.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "lbrynet.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      securityContext:
+        fsGroup: 1000
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- if .Values.daemon_settings }}
+      initContainers:
+        - name: copy-lbrynet-config
+          image: busybox
+          command: ['sh', '-c', 'cp /configmap/daemon_settings.yml /etc/lbry/daemon_settings.yml']
+          volumeMounts:
+            - name: configmap
+              mountPath: /configmap
+            - name: config
+              mountPath: /etc/lbry
+      {{- end }}
+      containers:
+        - name: {{ template "lbrynet.fullname" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          env:
+          - name: RUN_MODE
+            value: "default"
+          - name: PORT
+            value: "{{ .Values.service.port }}"
+          - name: RPC_PORT
+            value: "{{ .Values.service.rpcPort }}"
+          resources: {{ toYaml .Values.resources | indent 10 }}
+          ports:
+            - name: rpc
+              containerPort: {{ .Values.service.rpcPort }}
+          volumeMounts:
+            - name: lbrynet-home
+              mountPath: /home/lbrynet
+            {{- if .Values.daemon_settings }}
+            - name: config
+              mountPath: /etc/lbry/daemon_settings.yml
+              subPath: daemon_settings.yml
+            {{- end }}
+      volumes:
+        {{- if .Values.daemon_settings }}
+        - name: config
+          emptyDir: {}
+        - name: configmap
+          configMap:
+            name: {{ template "lbrynet.fullname" . }}
+        {{- end }}
+        - name: lbrynet-home
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default (include "lbrynet.fullname" .) }}
+        {{- else }}
+          emptyDir: {}
+        {{- end -}}
+{{- end }}

contrib/k8s-lbry/charts/lbrynet/templates/pvc.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "lbrynet.fullname" . }}
+  labels:
+    app: {{ template "lbrynet.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+  {{- with .Values.persistence.annotations  }}
+  annotations:
+    {{ toYaml . | indent 4 }}
+  {{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

contrib/k8s-lbry/charts/lbrynet/templates/service.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "lbrynet.fullname" . }}
+  labels:
+    app: {{ template "lbrynet.name" . }}
+    chart: {{ template "lbrynet.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+    - name: rpc
+      port: {{ .Values.service.rpcPort }}
+      targetPort: rpc
+  selector:
+    app: {{ template "lbrynet.name" . }}
+    release: {{ .Release.Name }}
+{{- end }}

contrib/k8s-lbry/charts/speech/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

contrib/k8s-lbry/charts/speech/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "v0.0.0"
+description: LBRY spee.ch
+name: speech
+version: 0.1.0

contrib/k8s-lbry/charts/speech/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "speech.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "speech.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "speech.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

contrib/k8s-lbry/charts/speech/templates/configmap.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "speech.fullname" . }}
+  labels:
+    app: {{ template "speech.name" . }}
+    chart: {{ template "speech.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  {{- with .Values.auth  }}
+  authConfig.json: {{ toJson . | quote }}
+  {{- end }}
+  {{- with .Values.mysql  }}
+  mysqlConfig.json: {{ toJson . | quote }}
+  {{- end }}
+  {{- with .Values.chainquery  }}
+  chainqueryConfig.json: {{ toJson . | quote }}
+  {{- end }}
+  {{- with .Values.lbrynet  }}
+  lbryConfig.json: {{ toJson . | quote }}
+  {{- end }}
+  {{- with .Values.site  }}
+  siteConfig.json: {{ toJson . | quote }}
+  {{- end }}
+  {{- with .Values.logger  }}
+  loggerConfig.json: {{ toJson . | quote }}
+  {{- end }}
+  {{- with .Values.slack  }}
+  slackConfig.json: {{ toJson . | quote }}
+  {{- end }}
+{{- end }}

contrib/k8s-lbry/charts/speech/templates/deployments.yaml

@@ -0,0 +1,68 @@
+{{- if .Values.enabled }}
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "speech.fullname" . }}
+  labels:
+    app: {{ template "speech.name" . }}
+    chart: {{ template "speech.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "speech.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "speech.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      securityContext:
+        fsGroup: 1000
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      initContainers:
+        - name: copy-lbrycrd-config
+          image: busybox
+          command: ['sh', '-c', 'cp /configmap/chainqueryConfig.json /configmap/lbryConfig.json /configmap/loggerConfig.json /configmap/mysqlConfig.json /configmap/siteConfig.json /configmap/slackConfig.json /config && cp /configmap/authConfig.json /private']
+          volumeMounts:
+            - name: configmap
+              mountPath: /configmap
+            - name: config
+              mountPath: /config
+            - name: private
+              mountPath: /private
+      containers:
+        - name: {{ template "speech.fullname" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          resources: {{ toYaml .Values.resources | indent 10 }}
+          ports:
+            - name: port
+              containerPort: {{ .Values.service.port }}
+          volumeMounts:
+            - name: configmap
+              mountPath: /spee.ch/site/config
+            - name: private
+              mountPath: /spee.ch/site/private
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: config
+          mountPath: /spee.ch/site/config
+        - name: private
+          mountPath: /spee.ch/site/private
+        - name: configmap
+          configMap:
+            name: {{ template "speech.fullname" . }}
+        - name: data
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default (include "speech.fullname" .) }}
+        {{- else }}
+          emptyDir: {}
+        {{- end -}}
+{{- end }}

contrib/k8s-lbry/charts/speech/templates/ingress.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.enabled }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ .Values.service.name }}
+  annotations:  
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/issuer: {{ .Values.service.certificateIssuer }}
+    certmanager.k8s.io/acme-challenge-type: http01
+spec:
+  {{ if .Values.service.enableHttps }}
+  tls:
+  - hosts:
+    - {{ .Values.service.hostname }}
+    secretName: {{ .Values.service.name }}-tls
+  {{ end }}
+  rules:
+  - host: {{ .Values.service.hostname }}
+    http:
+      paths:
+      - backend:
+          serviceName: {{ .Values.service.name }}
+          servicePort: {{ .Values.service.port }}
+{{- end }}

contrib/k8s-lbry/charts/speech/templates/pvc.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "speech.fullname" . }}
+  labels:
+    app: {{ template "speech.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+  {{- with .Values.persistence.annotations  }}
+  annotations:
+    {{ toYaml . | indent 4 }}
+  {{- end }}
+
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

contrib/k8s-lbry/charts/speech/templates/service.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "speech.fullname" . }}
+  labels:
+    app: {{ template "speech.name" . }}
+    chart: {{ template "speech.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+    - name: port
+      port: {{ .Values.service.port }}
+      targetPort: port
+  selector:
+    app: {{ template "speech.name" . }}
+    release: {{ .Release.Name }}
+{{- end }}

contrib/k8s-lbry/requirements.lock

@@ -0,0 +1,12 @@
+dependencies:
+- name: percona
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 0.3.5
+- name: mysql
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 0.19.0
+- name: mysql
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 0.19.0
+digest: sha256:c97a2ebaa817e80a3c343e24befc75b133758c17438a5a520ecb0780aaa2ecef
+generated: 2019-05-04T13:44:28.303905337-04:00

contrib/k8s-lbry/requirements.yaml

@@ -0,0 +1,15 @@
+dependencies:
+  - name: percona
+    repository: "@stable"
+    version: 0.3.5
+    condition: percona.enabled,global.percona.enabled
+  - name: mysql
+    alias: chainquery-mysql
+    repository: "@stable"
+    version: 0.19.0
+    condition: chainquery-mysql.enabled,global.chainquery-mysql.enabled
+  - name: mysql
+    alias: speech-mysql
+    repository: "@stable"
+    version: 0.19.0
+    condition: speech-mysql.enabled,global.speech-mysql.enabled

contrib/k8s-lbry/scripts/kubectl-run-with-pvc.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# From https://gist.github.com/yuanying/3aa7d59dcce65470804ab43def646ab6
+
+IMAGE="ubuntu:18.04"
+COMMAND="/bin/bash"
+SUFFIX=$(date +%s | shasum | base64 | fold -w 10 | head -1 | tr '[:upper:]' '[:lower:]')
+
+usage_exit() {
+    echo "Usage: $0 [-c command] [-i image] PVC ..." 1>&2
+    exit 1
+}
+
+if [ "$#" -ne 1 ]; then
+    usage_exit
+fi
+
+while getopts i:h OPT
+do
+    case $OPT in
+        i)  IMAGE=$OPTARG
+            ;;
+        c)  COMMAND=$OPTARG
+            ;;
+        h)  usage_exit
+            ;;
+        \?) usage_exit
+            ;;
+    esac
+done
+shift $(($OPTIND - 1))
+
+VOL_MOUNTS=""
+VOLS=""
+COMMA=""
+
+for i in $@
+do
+  VOL_MOUNTS="${VOL_MOUNTS}${COMMA}{\"name\": \"${i}\",\"mountPath\": \"/pvcs/${i}\"}"
+  VOLS="${VOLS}${COMMA}{\"name\": \"${i}\",\"persistentVolumeClaim\": {\"claimName\": \"${i}\"}}"
+  COMMA=","
+done
+
+kubectl run -it --rm --restart=Never --image=${IMAGE} pvc-mounter-${SUFFIX} --overrides "
+{
+  \"spec\": {
+    \"hostNetwork\": true,
+    \"containers\":[
+      {
+        \"args\": [\"${COMMAND}\"],
+        \"stdin\": true,
+        \"tty\": true,
+        \"name\": \"pvc\",
+        \"image\": \"${IMAGE}\",
+        \"volumeMounts\": [
+          ${VOL_MOUNTS}
+        ]
+      }
+    ],
+    \"volumes\": [
+      ${VOLS}
+    ]
+  }
+}
+" -- ${COMMAND}

contrib/k8s-lbry/scripts/package.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+## Build Helm package and upload to s3 repository
+
+exe() { echo "\$ $@" ; "$@" ; }
+
+# Work from the parent directory to this script:
+cd `dirname "$0"` && cd ..
+
+if s3cmd info s3://k8s-lbry > /dev/null; then
+    exe helm dependency update
+    exe helm package .
+    exe helm repo index .
+
+    exe s3cmd put --acl-public index.yaml k8s-lbry-*.tgz s3://k8s-lbry/
+    exe s3cmd put --acl-public charts/*.tgz s3://k8s-lbry/charts/
+else
+    echo "s3cmd is not setup, run s3cmd --configure"
+    exit 1
+fi
+

contrib/k8s-lbry/values.yaml

@@ -0,0 +1,263 @@
+cert-manager-issuer:
+  # Enter your email address to receive important notices from Let's Encrypt:
+  email: "fred@example.com"
+
+echo-http-server:
+  enabled: false
+  # Enter your domain name for the echo test service:
+  hostname: "echo.example.com"
+  service: echo-http-server
+  enableHttps: true
+  certificateIssuer: letsencrypt-prod
+
+echo-socket-server:
+  enabled: false
+  service: echo-socket-server
+
+lbrycrd:
+  enabled: true
+  image:
+    repository: lbry/lbrycrd
+    tag: linux-x86_64-production
+    pullPolicy: Always
+  service:
+    port: 9246
+    rpcPort: 9245
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 50Gi
+    annotations:
+      "helm.sh/resource-policy": keep    
+  configurationFile:
+    lbrycrd.conf: |-
+      datadir=/data
+      rpcuser=lbry
+      rpcpassword=lbry
+      regtest=0
+      txindex=1
+      rpcallowip=10.244.0.0/16
+      server=1
+      listen=1
+      daemon=0
+      externalip=
+
+chainquery-mysql:
+  nameOverride: chainquery-mysql
+  enabled: false
+  mysqlUser: chainquery
+  mysqlPassword: chainquery
+  mysqlDatabase: chainquery
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 100Gi
+    annotations:
+      "helm.sh/resource-policy": keep
+
+chainquery:
+  enabled: false
+  image:
+    repository: lbry/chainquery
+    tag: linux-x86_64-production
+    pullPolicy: IfNotPresent
+  service:
+    port: 6300
+  configurationFile:
+    chainqueryconfig.toml: |-
+      lbrycrdurl="rpc://lbry:lbry@k8s-lbry-lbrycrd:9245"
+      mysqldsn="chainquery:chainquery@tcp(k8s-lbry-chainquery-mysql:3306)/chainquery"
+      apimysqldsn="chainquery:chainquery@tcp(k8s-lbry-chainquery-mysql:3306)/chainquery"
+
+lbrynet:
+  enabled: false
+  image:
+    # repository: lbry/lbrynet
+    # tag: linux-x86_64-production
+    repository: enigmacurry/dump
+    tag: lbrynet
+    pullPolicy: Always
+  service:
+    rpcPort: 5279
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 10Gi
+    annotations:
+      "helm.sh/resource-policy": keep
+  daemon_settings:
+    api: 0.0.0.0:5279
+    use_upnp: false
+    auto_re_reflect_interval: 0
+    max_key_fee: {amount: 0, currency: LBC}
+    run_reflector_server: false
+
+speech-mysql:
+  nameOverride: speech-mysql
+  enabled: false
+  mysqlUser: speech
+  mysqlPassword: speech
+  mysqlDatabase: speech
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 100Gi
+    annotations:
+      "helm.sh/resource-policy": keep
+
+speech:
+  enabled: false
+  service:
+    name: k8s-lbry-speech
+    hostname: "speech.example.com"
+    port: 3000
+    enableHttps: true
+    certificateIssuer: letsencrypt-prod
+  image:
+    repository: enigmacurry/dump
+    tag: spee.ch
+    pullPolicy: Always
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 20Gi
+    annotations:
+      "helm.sh/resource-policy": keep
+  auth:
+    masterPassword: speech
+    sessionKey: mysecretkeyword
+  mysql:
+    host: k8s-lbry-speech-mysql
+    database: speech
+    username: speech
+    password: speech
+  chainquery:
+    host: k8s-lbry-chainquery-mysql
+    port: 3306
+    timeout: 30
+    database: chainquery
+    username: chainquery
+    password: chainquery
+  lbrynet:
+    apiHost: k8s-lbry-lbrynet
+    apiPort: 5279
+    getTimeout: 30
+  logger:
+    logLevel: verbose
+  slack:
+    slackWebHook: false
+    slackErrorChannel: false
+    slackInfoChannel: false
+  site:
+    analytics:
+      googleId:
+    assetDefaults:
+      description: 'Default Content Description'
+      thumbnail: https://spee.ch/0e5d4e8f4086e13f5b9ca3f9648f518e5f524402/speechflag.png
+      title: 'Default Content Title'
+    details:
+      blockListEndpoint: https://api.lbry.com/file/list_blocked
+      description: 'A decentralized hosting platform built on LBRY'
+      host: https://www.example.com
+      ipAddress: ""
+      port: 3000
+      title: 'My Site'
+      twitter: false
+    publishing:
+      primaryClaimAddress:
+      additionalClaimAddresses: []
+      approvedChannels: []
+      channelClaimBidAmount: 0.1
+      closedRegistration: false
+      disabled: false
+      disabledMessage: 'Default publishing disabled message'
+      fileClaimBidAmount: 0.01
+      fileSizeLimits:
+        application: 50000000
+        audio: 50000000
+        customByContentType:
+          application/octet-stream: 50000000
+        image: 50000000
+        model: 50000000
+        text: 50000000
+        video: 50000000
+      publishOnlyApproved: false
+      publishingChannelWhitelist: []
+      serveOnlyApproved: false
+      thumbnailChannel:
+      thumbnailChannelId:
+      uploadDirectory: /data/Uploads
+    serving:
+      customFileExtensions:
+        application/x-mif: mif
+        application/x-pn-realaudio: ram
+        application/x-python-code: pyc
+        application/x-sgml: sgm
+        application/x-troff: roff
+        application/x-troff-man: man
+        application/x-troff-me: me
+        application/x-troff-ms: ms
+        image/pict: pct
+        model/stl: stl
+        text/x-go: go
+        text/x-python: py
+        text/xul: xul
+      dynamicFileSizing:
+        enabled: true
+        maxDimension: 2000
+      markdownSettings:
+        allowedTypesDescriptions: []
+        allowedTypesExample:
+          - 'see react-markdown docs'
+          - root
+          - text
+          - break
+          - paragraph
+          - emphasis
+          - strong
+          - thematicBreak
+          - blockquote
+          - delete
+          - link
+          - image
+          - linkReference
+          - imageReference
+          - table
+          - tableHead
+          - tableBody
+          - tableRow
+          - tableCell
+          - list
+          - listItem
+          - heading
+          - inlineCode
+          - code
+          - html
+          - parsedHtml
+        allowedTypesMain: []
+        escapeHtmlDescriptions: true
+        escapeHtmlMain: true
+        skipHtmlDescriptions: true
+        skipHtmlMain: true
+    startup:
+      performChecks: true
+      performUpdates: true
+
+
+percona:
+  #### Prefer mysql over percona for now:
+  enabled: false
+  # mysqlUser: chainquery
+  # mysqlPassword: chainquery
+  # mysqlDatabase: chainquery
+  # persistence:
+  #   enabled: true
+  #   accessMode: ReadWriteOnce
+  #   size: 100Gi
+  # resources:
+  #   requests:
+  #     memory: 1Gi
+  #     cpu: 1
+
+
+