From 37751a8d008c5db4dbfec793ce2aec54dd2ba05d Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Thu, 9 Apr 2026 01:19:56 +0000 Subject: [PATCH] chore: Update manifests after change --- .../manifests/blocky/ConfigMap-blocky.yaml | 1 + .../manifests/blocky/Deployment-blocky.yaml | 2 +- .../manifests/gatus/ConfigMap-gatus.yaml | 9 + .../manifests/gatus/Deployment-gatus.yaml | 2 +- .../homepage/ConfigMap-homepage.yaml | 6 + .../homepage/Deployment-homepage.yaml | 2 +- .../Cluster-kyoo-postgresql-18-cluster.yaml | 57 ++++ ...-kyoo-postgresql-18-database-kyoo-api.yaml | 21 ++ ...kyoo-postgresql-18-database-kyoo-auth.yaml | 21 ++ ...o-postgresql-18-database-kyoo-scanner.yaml | 21 ++ ...ostgresql-18-database-kyoo-transcoder.yaml | 21 ++ .../manifests/kyoo/Deployment-kyoo-api.yaml | 92 ++++++ .../manifests/kyoo/Deployment-kyoo-auth.yaml | 133 +++++++++ .../manifests/kyoo/Deployment-kyoo-front.yaml | 50 ++++ .../kyoo/Deployment-kyoo-scanner.yaml | 139 +++++++++ .../kyoo/Deployment-kyoo-transcoder.yaml | 148 ++++++++++ .../kyoo/ExternalSecret-kyoo-key-secret.yaml | 30 ++ .../kyoo/ExternalSecret-kyoo-oidc-secret.yaml | 22 ++ ...tgresql-18-backup-garage-local-secret.yaml | 38 +++ ...et-kyoo-postgresql-18-recovery-secret.yaml | 38 +++ .../cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml | 88 ++++++ ...yoo-postgresql-18-backup-garage-local.yaml | 33 +++ ...jectStore-kyoo-postgresql-18-recovery.yaml | 32 +++ ...e-kyoo-media-anime-movies-nfs-storage.yaml | 23 ++ ...ntVolume-kyoo-media-anime-nfs-storage.yaml | 23 ++ ...lume-kyoo-media-movies-4k-nfs-storage.yaml | 23 ++ ...tVolume-kyoo-media-movies-nfs-storage.yaml | 23 ++ ...Volume-kyoo-media-standup-nfs-storage.yaml | 23 ++ ...ume-kyoo-media-tvshows-4k-nfs-storage.yaml | 23 ++ ...Volume-kyoo-media-tvshows-nfs-storage.yaml | 23 ++ ...ersistentVolumeClaim-kyoo-apimetadata.yaml | 20 ++ ...VolumeClaim-kyoo-authprofile-pictures.yaml | 20 ++ ...m-kyoo-media-anime-movies-nfs-storage.yaml | 17 ++ ...umeClaim-kyoo-media-anime-nfs-storage.yaml | 17 ++ ...laim-kyoo-media-movies-4k-nfs-storage.yaml | 17 ++ ...meClaim-kyoo-media-movies-nfs-storage.yaml | 17 ++ ...eClaim-kyoo-media-standup-nfs-storage.yaml | 17 ++ ...aim-kyoo-media-tvshows-4k-nfs-storage.yaml | 17 ++ ...eClaim-kyoo-media-tvshows-nfs-storage.yaml | 17 ++ ...ntVolumeClaim-kyoo-transcodermetadata.yaml | 20 ++ ...usRule-kyoo-postgresql-18-alert-rules.yaml | 270 ++++++++++++++++++ ...resql-18-scheduled-backup-live-backup.yaml | 24 ++ .../manifests/kyoo/Service-kyoo-api.yaml | 23 ++ .../manifests/kyoo/Service-kyoo-auth.yaml | 23 ++ .../manifests/kyoo/Service-kyoo-front.yaml | 23 ++ .../manifests/kyoo/Service-kyoo-scanner.yaml | 23 ++ .../kyoo/Service-kyoo-transcoder.yaml | 23 ++ .../kyoo/ServiceAccount-kyoo-api.yaml | 14 + .../kyoo/ServiceAccount-kyoo-auth.yaml | 14 + .../kyoo/ServiceAccount-kyoo-front.yaml | 14 + .../kyoo/ServiceAccount-kyoo-scanner.yaml | 14 + .../kyoo/ServiceAccount-kyoo-transcoder.yaml | 14 + 52 files changed, 1822 insertions(+), 3 deletions(-) create mode 100644 clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Deployment-kyoo-front.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-key-secret.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-movies-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-4k-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-standup-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-4k-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-apimetadata.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-authprofile-pictures.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-movies-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-4k-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-standup-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-4k-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-transcodermetadata.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Service-kyoo-api.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Service-kyoo-auth.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Service-kyoo-front.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Service-kyoo-scanner.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/Service-kyoo-transcoder.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-api.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-auth.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-front.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-scanner.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-transcoder.yaml diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index 52c6db9dc..69376a5fa 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -120,6 +120,7 @@ data: jellystat IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl + kyoo IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index c79edf81b..2b8f0fb43 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: efcf1edf529a57d14351e68c54b80821293ffd06322973fbb96cc432a9014b09 + checksum/configMaps: ef122c3658e4566f1250241f3d858e55c258d96980cd13795e28ad7ccaee23f9 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml index 1d7e85e29..ca7a53baa 100644 --- a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml @@ -69,6 +69,15 @@ data: interval: 30s name: jellyfin url: https://jellyfin.alexlebens.net + - alerts: + - type: ntfy + conditions: + - '[STATUS] == 200' + - '[CERTIFICATE_EXPIRATION] > 240h' + group: core + interval: 30s + name: kyoo + url: https://kyoo.alexlebens.net - alerts: - type: ntfy conditions: diff --git a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml index a2593351e..8350c26d4 100644 --- a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/name: gatus app.kubernetes.io/instance: gatus annotations: - checksum/config: 9e51aed51c96eb387affbbf6fe413343981d84575be28ea5567a1fe5955290a5 + checksum/config: 797719680390e60aab32318a9d1903ed158d39f4a3b1f6d5b16239b8c1d403d7 spec: serviceAccountName: default automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index 2e7008daf..76829a002 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -81,6 +81,12 @@ data: href: https://jellyfin.alexlebens.net siteMonitor: http://jellyfin.jellyfin:80 statusStyle: dot + - Movies and TV: + icon: sh-kyoo.webp + description: Kyoo + href: https://kyoo.alexlebens.net + siteMonitor: http://front.kyoo:8901 + statusStyle: dot - Youtube Archive: icon: sh-tube-archivist-light.webp description: TubeArchivist diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index a0cfbd70c..7793cb28c 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 889405bdd0d5e6e81665a22fa1eb81842cfdd6da9d301a6f165843725191e6a5 + checksum/configMaps: 7e13db22371bff30d0006b987c1e59ccaf242b68006fc2cc4d87f325f1412c95 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml new file mode 100644 index 000000000..2cff006c5 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml @@ -0,0 +1,57 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: kyoo-postgresql-18-cluster + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-cluster + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + instances: 3 + imageName: "ghcr.io/cloudnative-pg/postgresql:18.3-standard-trixie" + imagePullPolicy: IfNotPresent + postgresUID: 26 + postgresGID: 26 + storage: + size: 10Gi + storageClass: local-path + walStorage: + size: 2Gi + storageClass: local-path + resources: + limits: + hugepages-2Mi: 256Mi + requests: + cpu: 20m + memory: 80Mi + affinity: + enablePodAntiAffinity: true + topologyKey: kubernetes.io/hostname + primaryUpdateMethod: switchover + primaryUpdateStrategy: unsupervised + logLevel: info + enableSuperuserAccess: false + enablePDB: true + postgresql: + parameters: + hot_standby_feedback: "on" + max_slot_wal_keep_size: 2000MB + shared_buffers: 128MB + monitoring: + enablePodMonitor: true + disableDefaultQueries: false + plugins: + - name: barman-cloud.cloudnative-pg.io + enabled: true + isWALArchiver: true + parameters: + barmanObjectName: "kyoo-postgresql-18-backup-garage-local" + serverName: "kyoo-postgresql-18-backup-1" + bootstrap: + initdb: + database: app + owner: app diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml new file mode 100644 index 000000000..0bae7edc0 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml @@ -0,0 +1,21 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: kyoo-postgresql-18-database-kyoo-api + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-api + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + name: kyoo_api + cluster: + name: kyoo-postgresql-18-cluster + ensure: present + owner: app + template: template1 + encoding: UTF8 + databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml new file mode 100644 index 000000000..18f558010 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml @@ -0,0 +1,21 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: kyoo-postgresql-18-database-kyoo-auth + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-auth + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + name: kyoo_auth + cluster: + name: kyoo-postgresql-18-cluster + ensure: present + owner: app + template: template1 + encoding: UTF8 + databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml new file mode 100644 index 000000000..49b0cb50a --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml @@ -0,0 +1,21 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: kyoo-postgresql-18-database-kyoo-scanner + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-scanner + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + name: kyoo_scanner + cluster: + name: kyoo-postgresql-18-cluster + ensure: present + owner: app + template: template1 + encoding: UTF8 + databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml new file mode 100644 index 000000000..ff1d8ade9 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml @@ -0,0 +1,21 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: kyoo-postgresql-18-database-kyoo-transcoder + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-transcoder + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + name: kyoo_transcoder + cluster: + name: kyoo-postgresql-18-cluster + ensure: present + owner: app + template: template1 + encoding: UTF8 + databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml new file mode 100644 index 000000000..4870c725c --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-api + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" + spec: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: kyoo-api + initContainers: + containers: + - name: main + image: ghcr.io/zoriya/kyoo_api:5.0.0@sha256:dc0210f235e23ae616b0f5952af7867dcbc52e0354c2683ec3c4190fdcd17744 + imagePullPolicy: IfNotPresent + args: + env: + - name: JWT_ISSUER + value: "https://kyoo.alexlebens.net" + - name: AUTH_SERVER + value: "http://kyoo-auth:4568" + - name: TRANSCODER_SERVER + value: "http://kyoo-transcoder:7666" + - name: IMAGES_PATH + value: "/images" + - name: PGUSER + valueFrom: + secretKeyRef: + key: user + name: kyoo-postgresql-18-cluster-app + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: password + name: kyoo-postgresql-18-cluster-app + - name: PGDATABASE + value: "kyoo_api" + - name: PGHOST + value: "kyoo-postgresql-18-cluster-rw" + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: "disable" + ports: + - name: main + containerPort: 3567 + protocol: TCP + livenessProbe: + httpGet: + path: /api/health + port: main + readinessProbe: + httpGet: + path: /api/ready + port: main + resources: + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - name: apiimagedata + mountPath: /images + volumes: + - name: apiimagedata + persistentVolumeClaim: + claimName: kyoo-apimetadata diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml new file mode 100644 index 000000000..89bf82e07 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-auth + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" + spec: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: kyoo-auth + containers: + - name: main + image: ghcr.io/zoriya/kyoo_auth:5.0.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: EXTRA_CLAIMS + value: "{\"permissions\": [\"core.read\", \"core.play\"], \"verified\": false}" + - name: FIRST_USER_CLAIMS + value: "{\"permissions\": [\"users.read\", \"users.write\", \"apikeys.read\", \"apikeys.write\", \"users.delete\", \"core.read\", \"core.write\", \"core.play\", \"scanner.trigger\", \"scanner.guess\", \"scanner.search\", \"scanner.add\"], \"verified\": true}" + - name: GUEST_CLAIMS + value: "{\"permissions\": [\"core.read\"], \"verified\": true}" + - name: PROTECTED_CLAIMS + value: "permissions,verified" + - name: PUBLIC_URL + value: "https://kyoo.alexlebens.net" + - name: KEIBI_APIKEY_SCANNER + valueFrom: + secretKeyRef: + key: scanner-apikey + name: kyoo-key-secret + - name: KEIBI_APIKEY_SCANNER_CLAIMS + value: "{\"permissions\": [\"core.read\", \"core.write\"]}" + - name: PGUSER + valueFrom: + secretKeyRef: + key: user + name: kyoo-postgresql-18-cluster-app + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: password + name: kyoo-postgresql-18-cluster-app + - name: PGDATABASE + value: "kyoo_auth" + - name: PGHOST + value: "kyoo-postgresql-18-cluster-rw" + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: "disable" + - name: RSA_PRIVATE_KEY_PATH + value: /mnt/private_key/private_key.pem + - name: OIDC_AUTHENTIK_NAME + value: "Authentik" + - name: OIDC_AUTHENTIK_LOGO + value: "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp" + - name: OIDC_AUTHENTIK_CLIENTID + valueFrom: + secretKeyRef: + key: client + name: kyoo-oidc-secret + - name: OIDC_AUTHENTIK_SECRET + valueFrom: + secretKeyRef: + key: secret + name: kyoo-oidc-secret + - name: OIDC_AUTHENTIK_AUTHORIZATION + value: "https://authentik.alexlebens.net/application/o/authorize/" + - name: OIDC_AUTHENTIK_TOKEN + value: "https://authentik.alexlebens.net/application/o/token/" + - name: OIDC_AUTHENTIK_PROFILE + value: "https://authentik.alexlebens.net/application/o/userinfo/" + - name: OIDC_AUTHENTIK_SCOPE + value: "email openid profile" + - name: OIDC_AUTHENTIK_AUTHMETHOD + value: "ClientSecretBasic" + ports: + - name: main + containerPort: 4568 + protocol: TCP + livenessProbe: + httpGet: + path: /auth/health + port: main + readinessProbe: + httpGet: + path: /auth/ready + port: main + resources: + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - name: profilepictures + mountPath: /profile_pictures + - name: private-key + mountPath: /mnt/private_key + readOnly: true + volumes: + - name: profilepictures + persistentVolumeClaim: + claimName: kyoo-authprofile-pictures + - name: private-key + secret: + secretName: kyoo-key-secret + items: + - key: rsa-private + path: private_key.pem diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-front.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-front.yaml new file mode 100644 index 000000000..022ab0ba2 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-front.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-front + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" + spec: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: kyoo-front + containers: + - name: main + image: ghcr.io/zoriya/kyoo_front:5.0.0@sha256:985f892470b304f13ef1950fb5f7e9ef33ee39b71705c627cb045773e6dfb7b4 + imagePullPolicy: IfNotPresent + args: + env: + - name: KYOO_URL + value: "http://kyoo-api:5000/api" + ports: + - name: main + containerPort: 8901 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 100Mi diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml new file mode 100644 index 000000000..2c9667f25 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml @@ -0,0 +1,139 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-scanner + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" + spec: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: kyoo-scanner + containers: + - name: main + image: ghcr.io/zoriya/kyoo_scanner:5.0.0@sha256:fa972f3f1e534264f4de153e30fe9481839754a3e724cc2663524a2b30e82b46 + imagePullPolicy: IfNotPresent + args: + env: + - name: SCANNER_LIBRARY_ROOT + value: "/media" + - name: LIBRARY_IGNORE_PATTERN + value: ".*/[dD]ownloads?/.*" + - name: KYOO_URL + value: "http://kyoo-traefik/api" + - name: JWKS_URL + value: "http://kyoo-auth:4568/.well-known/jwks.json" + - name: JWT_ISSUER + value: "https://kyoo.alexlebens.net" + - name: KYOO_APIKEY + valueFrom: + secretKeyRef: + key: scanner-apikey + name: kyoo-key-secret + - name: THEMOVIEDB_API_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: tmdb-apikey + name: kyoo-key-secret + optional: true + - name: PGUSER + valueFrom: + secretKeyRef: + key: user + name: kyoo-postgresql-18-cluster-app + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: password + name: kyoo-postgresql-18-cluster-app + - name: PGDATABASE + value: "kyoo_scanner" + - name: PGHOST + value: "kyoo-postgresql-18-cluster-rw" + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: "disable" + ports: + - name: main + containerPort: 4389 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: main + readinessProbe: + httpGet: + path: /ready + port: main + resources: + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - mountPath: /media/anime + name: kyoo-media-anime-nfs-storage + readOnly: true + - mountPath: /media/anime-movies + name: kyoo-media-anime-movies-nfs-storage + readOnly: true + - mountPath: /media/movies + name: kyoo-media-movies-nfs-storage + readOnly: true + - mountPath: /media/movies-4k + name: kyoo-media-movies-4k-nfs-storage + readOnly: true + - mountPath: /media/standup + name: kyoo-media-standup-nfs-storage + readOnly: true + - mountPath: /media/tvshows + name: kyoo-media-tvshows-nfs-storage + readOnly: true + - mountPath: /media/tvshows-4k + name: kyoo-media-tvshows-4k-nfs-storage + readOnly: true + volumes: + - name: kyoo-media-anime-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-anime-nfs-storage + - name: kyoo-media-anime-movies-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-anime-movies-nfs-storage + - name: kyoo-media-movies-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-movies-nfs-storage + - name: kyoo-media-movies-4k-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-movies-4k-nfs-storage + - name: kyoo-media-standup-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-standup-nfs-storage + - name: kyoo-media-tvshows-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-tvshows-nfs-storage + - name: kyoo-media-tvshows-4k-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-tvshows-4k-nfs-storage diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml new file mode 100644 index 000000000..168df6e32 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-transcoder + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" + spec: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: kyoo-transcoder + containers: + - name: main + image: ghcr.io/zoriya/kyoo_transcoder:5.0.0@sha256:59974794f8a638175408fa20f023ba9598108b54ad8ed9a22ec87a1a211dfc43 + imagePullPolicy: IfNotPresent + args: + env: + - name: JWKS_URL + value: "http://kyoo-auth:4568/.well-known/jwks.json" + - name: GOCODER_HWACCEL + value: "qsv" + - name: GOCODER_PRESET + value: "fast" + - name: GOCODER_CACHE_ROOT + value: "/cache" + - name: GOCODER_METADATA_ROOT + value: "/metadata" + - name: GOCODER_VAAPI_RENDERER + value: "/dev/dri/renderD128" + - name: GOCODER_QSV_RENDERER + value: "/dev/dri/renderD128" + - name: GOCODER_SAFE_PATH + value: "/media" + - name: PGUSER + valueFrom: + secretKeyRef: + key: user + name: kyoo-postgresql-18-cluster-app + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: password + name: kyoo-postgresql-18-cluster-app + - name: PGDATABASE + value: "kyoo_transcoder" + - name: PGHOST + value: "kyoo-postgresql-18-cluster-rw" + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: "disable" + ports: + - name: main + containerPort: 7666 + protocol: TCP + livenessProbe: + httpGet: + path: /video/health + port: main + readinessProbe: + httpGet: + path: /video/ready + port: main + resources: + limits: + gpu.intel.com/i915: 1 + requests: + cpu: 1 + gpu.intel.com/i915: 1 + memory: 1Gi + volumeMounts: + - mountPath: /media/anime + name: kyoo-media-anime-nfs-storage + readOnly: true + - mountPath: /media/anime-movies + name: kyoo-media-anime-movies-nfs-storage + readOnly: true + - mountPath: /media/movies + name: kyoo-media-movies-nfs-storage + readOnly: true + - mountPath: /media/movies-4k + name: kyoo-media-movies-4k-nfs-storage + readOnly: true + - mountPath: /media/standup + name: kyoo-media-standup-nfs-storage + readOnly: true + - mountPath: /media/tvshows + name: kyoo-media-tvshows-nfs-storage + readOnly: true + - mountPath: /media/tvshows-4k + name: kyoo-media-tvshows-4k-nfs-storage + readOnly: true + - name: transcodermetadata + mountPath: /metadata + - mountPath: /cache + name: cache + volumes: + - name: kyoo-media-anime-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-anime-nfs-storage + - name: kyoo-media-anime-movies-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-anime-movies-nfs-storage + - name: kyoo-media-movies-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-movies-nfs-storage + - name: kyoo-media-movies-4k-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-movies-4k-nfs-storage + - name: kyoo-media-standup-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-standup-nfs-storage + - name: kyoo-media-tvshows-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-tvshows-nfs-storage + - name: kyoo-media-tvshows-4k-nfs-storage + persistentVolumeClaim: + claimName: kyoo-media-tvshows-4k-nfs-storage + - name: transcodermetadata + persistentVolumeClaim: + claimName: kyoo-transcodermetadata + - emptyDir: {} + name: cache diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-key-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-key-secret.yaml new file mode 100644 index 000000000..ff84d992c --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-key-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-key-secret + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-key-secret + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: rsa-private + remoteRef: + key: /cl01tl/kyoo/key + property: rsa-private + - secretKey: scanner-apikey + remoteRef: + key: /cl01tl/kyoo/key + property: scanner + - secretKey: tmdb-apikey + remoteRef: + key: /tmdb/alexlebens + property: api-key + - secretKey: tvdb-apikey + remoteRef: + key: /tvdb/alexlebens + property: api-key diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml new file mode 100644 index 000000000..7a02f621f --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-oidc-secret + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-oidc-secret + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: rsa-private + remoteRef: + key: /authentik/oidc/kyoo + property: client + - secretKey: scanner-apikey + remoteRef: + key: /authentik/oidc/kyoo + property: secret diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml new file mode 100644 index 000000000..006a6079b --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml @@ -0,0 +1,38 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-postgresql-18-backup-garage-local-secret + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-backup-garage-local-secret + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml new file mode 100644 index 000000000..921a5fa59 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml @@ -0,0 +1,38 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-postgresql-18-recovery-secret + namespace: kyoo + labels: + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-postgresql-18-recovery-secret +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml b/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml new file mode 100644 index 000000000..b3d1145af --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml @@ -0,0 +1,88 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: kyoo + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - kyoo.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: front + port: 8901 + weight: 100 + - matches: + - path: + type: PathPrefix + value: /video + backendRefs: + - group: '' + kind: Service + name: transcoder + port: 7666 + weight: 100 + - matches: + - path: + type: PathPrefix + value: /auth/ + backendRefs: + - group: '' + kind: Service + name: auth + port: 4568 + weight: 100 + - matches: + - path: + type: PathPrefix + value: /.well-known/ + backendRefs: + - group: '' + kind: Service + name: auth + port: 4568 + weight: 100 + - matches: + - path: + type: PathPrefix + value: /api/ + backendRefs: + - group: '' + kind: Service + name: api + port: 3567 + weight: 100 + - matches: + - path: + type: PathPrefix + value: /swagger + backendRefs: + - group: '' + kind: Service + name: api + port: 3567 + weight: 100 + - matches: + - path: + type: PathPrefix + value: /scanner/ + backendRefs: + - group: '' + kind: Service + name: scanner + port: 4389 + weight: 100 diff --git a/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml new file mode 100644 index 000000000..2c6340568 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml @@ -0,0 +1,33 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: kyoo-postgresql-18-backup-garage-local + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-backup-garage-local + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + retentionPolicy: 7d + instanceSidecarConfiguration: + env: + - name: AWS_REQUEST_CHECKSUM_CALCULATION + value: when_required + - name: AWS_RESPONSE_CHECKSUM_VALIDATION + value: when_required + configuration: + destinationPath: s3://postgres-backups/cl01tl/kyoo/kyoo-postgresql-18-cluster + endpointURL: http://garage-main.garage:3900 + s3Credentials: + accessKeyId: + name: kyoo-postgresql-18-backup-garage-local-secret + key: ACCESS_KEY_ID + secretAccessKey: + name: kyoo-postgresql-18-backup-garage-local-secret + key: ACCESS_SECRET_KEY + region: + name: kyoo-postgresql-18-backup-garage-local-secret + key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml new file mode 100644 index 000000000..e170c7117 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml @@ -0,0 +1,32 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: "kyoo-postgresql-18-recovery" + namespace: kyoo + labels: + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: "kyoo-postgresql-18-recovery" +spec: + configuration: + destinationPath: s3://postgres-backups/cl01tl/kyoo/kyoo-postgresql-18-cluster + endpointURL: http://garage-main.garage:3900 + wal: + compression: snappy + maxParallel: 1 + data: + compression: snappy + jobs: 1 + s3Credentials: + accessKeyId: + name: kyoo-postgresql-18-recovery-secret + key: ACCESS_KEY_ID + secretAccessKey: + name: kyoo-postgresql-18-recovery-secret + key: ACCESS_SECRET_KEY + region: + name: kyoo-postgresql-18-recovery-secret + key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-movies-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-movies-nfs-storage.yaml new file mode 100644 index 000000000..e5e27210a --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-movies-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-anime-movies-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Anime Movies + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-nfs-storage.yaml new file mode 100644 index 000000000..1d89f6338 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-anime-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-anime-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-anime-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Anime + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-4k-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-4k-nfs-storage.yaml new file mode 100644 index 000000000..7bc55cac4 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-4k-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-movies-4k-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Movies 4K + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-nfs-storage.yaml new file mode 100644 index 000000000..ec683e934 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-movies-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-movies-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-movies-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Movies + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-standup-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-standup-nfs-storage.yaml new file mode 100644 index 000000000..a23ded5c8 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-standup-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-standup-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-standup-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Stand Up + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-4k-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-4k-nfs-storage.yaml new file mode 100644 index 000000000..0d8f709fe --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-4k-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-tvshows-4k-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/TV Shows + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-nfs-storage.yaml new file mode 100644 index 000000000..a2c88f7f3 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolume-kyoo-media-tvshows-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kyoo-media-tvshows-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/TV Shows + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-apimetadata.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-apimetadata.yaml new file mode 100644 index 000000000..448beb332 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-apimetadata.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-apimetadata + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-authprofile-pictures.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-authprofile-pictures.yaml new file mode 100644 index 000000000..3e2172cf9 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-authprofile-pictures.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-authprofile-pictures + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi + storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-movies-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-movies-nfs-storage.yaml new file mode 100644 index 000000000..fa8d9889f --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-movies-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-anime-movies-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-anime-movies-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-nfs-storage.yaml new file mode 100644 index 000000000..0137cd939 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-anime-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-anime-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-anime-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-anime-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-4k-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-4k-nfs-storage.yaml new file mode 100644 index 000000000..546f9008e --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-4k-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-movies-4k-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-movies-4k-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-nfs-storage.yaml new file mode 100644 index 000000000..7f7bff7eb --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-movies-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-movies-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-movies-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-movies-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-standup-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-standup-nfs-storage.yaml new file mode 100644 index 000000000..1760f76e4 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-standup-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-standup-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-standup-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-standup-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-4k-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-4k-nfs-storage.yaml new file mode 100644 index 000000000..a31bcdff5 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-4k-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-tvshows-4k-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-tvshows-4k-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-nfs-storage.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-nfs-storage.yaml new file mode 100644 index 000000000..76fd67397 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-media-tvshows-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-media-tvshows-nfs-storage + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + volumeName: kyoo-media-tvshows-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-transcodermetadata.yaml b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-transcodermetadata.yaml new file mode 100644 index 000000000..7085f0936 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PersistentVolumeClaim-kyoo-transcodermetadata.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-transcodermetadata + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml new file mode 100644 index 000000000..e52e0eebc --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml @@ -0,0 +1,270 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: kyoo-postgresql-18-alert-rules + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-postgresql-18-alert-rules + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + groups: + - name: cloudnative-pg/kyoo-postgresql-18 + rules: + - alert: CNPGClusterBackendsWaitingWarning + annotations: + summary: CNPG Cluster a backend is waiting for longer than 5 minutes. + description: |- + Pod {{ $labels.pod }} + has been waiting for longer than 5 minutes + expr: | + cnpg_backends_waiting_total{namespace="kyoo"} > 300 + for: 1m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterDatabaseDeadlockConflictsWarning + annotations: + summary: CNPG Cluster has over 10 deadlock conflicts. + description: |- + There are over 10 deadlock conflicts in + {{ $labels.pod }} + expr: | + cnpg_pg_stat_database_deadlocks{namespace="kyoo"} > 10 + for: 1m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterHACritical + annotations: + summary: CNPG Cluster has no standby replicas! + description: |- + CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has no ready standby replicas. Your cluster at a severe + risk of data loss and downtime if the primary instance fails. + + The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint + will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main. + + This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less + instances. The replaced instance may need some time to catch-up with the cluster primary instance. + + This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this + case you may want to silence it. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md + expr: | + max by (job) (cnpg_pg_replication_streaming_replicas{namespace="kyoo"} - cnpg_pg_replication_is_wal_receiver_up{namespace="kyoo"}) < 1 + for: 5m + labels: + severity: critical + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterHAWarning + annotations: + summary: CNPG Cluster less than 2 standby replicas. + description: |- + CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has only {{`{{`}} $value {{`}}`}} standby replicas, putting + your cluster at risk if another instance fails. The cluster is still able to operate normally, although + the `-ro` and `-r` endpoints operate at reduced capacity. + + This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may + need some time to catch-up with the cluster primary instance. + + This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances. + In this case you may want to silence it. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md + expr: | + max by (job) (cnpg_pg_replication_streaming_replicas{namespace="kyoo"} - cnpg_pg_replication_is_wal_receiver_up{namespace="kyoo"}) < 2 + for: 5m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterHighConnectionsCritical + annotations: + summary: CNPG Instance maximum number of connections critical! + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of + the maximum number of connections. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md + expr: | + sum by (pod) (cnpg_backends_total{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95 + for: 5m + labels: + severity: critical + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterHighConnectionsWarning + annotations: + summary: CNPG Instance is approaching the maximum number of connections. + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of + the maximum number of connections. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md + expr: | + sum by (pod) (cnpg_backends_total{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80 + for: 5m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterHighReplicationLag + annotations: + summary: CNPG Cluster high replication lag + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" is experiencing a high replication lag of + {{`{{`}} $value {{`}}`}}ms. + + High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md + expr: | + max(cnpg_pg_replication_lag{namespace="kyoo",pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000 + for: 5m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterInstancesOnSameNode + annotations: + summary: CNPG Cluster instances are located on the same node. + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}} + instances on the same node {{`{{`}} $labels.node {{`}}`}}. + + A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md + expr: | + count by (node) (kube_pod_info{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1 + for: 5m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterLongRunningTransactionWarning + annotations: + summary: CNPG Cluster query is taking longer than 5 minutes. + description: |- + CloudNativePG Cluster Pod {{ $labels.pod }} + is taking more than 5 minutes (300 seconds) for a query. + expr: |- + cnpg_backends_max_tx_duration_seconds{namespace="kyoo"} > 300 + for: 1m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterLowDiskSpaceCritical + annotations: + summary: CNPG Instance is running out of disk space! + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs! + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md + expr: | + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR + max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + / + sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + * + on(namespace, persistentvolumeclaim) group_left(volume) + kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} + ) > 0.9 + for: 5m + labels: + severity: critical + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterLowDiskSpaceWarning + annotations: + summary: CNPG Instance is running out of disk space. + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" is running low on disk space. Check attached PVCs. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md + expr: | + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR + max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + / + sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + * + on(namespace, persistentvolumeclaim) group_left(volume) + kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} + ) > 0.7 + for: 5m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterOffline + annotations: + summary: CNPG Cluster has no running instances! + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" has no ready instances. + + Having an offline cluster means your applications will not be able to access the database, leading to + potential service disruption and/or data loss. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md + expr: | + (count(cnpg_collector_up{namespace="kyoo",pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0 + for: 5m + labels: + severity: critical + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterPGDatabaseXidAgeWarning + annotations: + summary: CNPG Cluster has a number of transactions from the frozen XID to the current one. + description: |- + Over 300,000,000 transactions from frozen xid + on pod {{ $labels.pod }} + expr: | + cnpg_pg_database_xid_age{namespace="kyoo"} > 300000000 + for: 1m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterPGReplicationWarning + annotations: + summary: CNPG Cluster standby is lagging behind the primary. + description: |- + Standby is lagging behind by over 300 seconds (5 minutes) + expr: | + cnpg_pg_replication_lag{namespace="kyoo"} > 300 + for: 1m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterReplicaFailingReplicationWarning + annotations: + summary: CNPG Cluster has a replica is failing to replicate. + description: |- + Replica {{ $labels.pod }} + is failing to replicate + expr: | + cnpg_pg_replication_in_recovery{namespace="kyoo"} > cnpg_pg_replication_is_wal_receiver_up{namespace="kyoo"} + for: 1m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster + - alert: CNPGClusterZoneSpreadWarning + annotations: + summary: CNPG Cluster instances in the same zone. + description: |- + CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" has instances in the same availability zone. + + A disaster in one availability zone will lead to a potential service disruption and/or data loss. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md + expr: | + 3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3 + for: 5m + labels: + severity: warning + namespace: kyoo + cnpg_cluster: kyoo-postgresql-18-cluster diff --git a/clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml new file mode 100644 index 000000000..ef8532d75 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml @@ -0,0 +1,24 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: "kyoo-postgresql-18-scheduled-backup-live-backup" + namespace: kyoo + labels: + app.kubernetes.io/name: "kyoo-postgresql-18-scheduled-backup-live-backup" + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + immediate: true + suspend: false + schedule: "0 5 14 * * *" + backupOwnerReference: self + cluster: + name: kyoo-postgresql-18-cluster + method: plugin + pluginConfiguration: + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: "kyoo-postgresql-18-backup-garage-local" diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-api.yaml new file mode 100644 index 000000000..14142d0e5 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-api.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-api + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + type: ClusterIP + ports: + - port: 3567 + targetPort: 3567 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-auth.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-auth.yaml new file mode 100644 index 000000000..11d81e5c3 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-auth.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-auth + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + type: ClusterIP + ports: + - port: 4568 + targetPort: 4568 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-front.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-front.yaml new file mode 100644 index 000000000..1bd0c5292 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-front.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-front + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + type: ClusterIP + ports: + - port: 8901 + targetPort: 8901 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-scanner.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-scanner.yaml new file mode 100644 index 000000000..88243ce58 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-scanner.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-scanner + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + type: ClusterIP + ports: + - port: 4389 + targetPort: 4389 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-transcoder.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-transcoder.yaml new file mode 100644 index 000000000..cba2dc53f --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-transcoder.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-transcoder + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" +spec: + type: ClusterIP + ports: + - port: 7666 + targetPort: 7666 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-api.yaml new file mode 100644 index 000000000..3b6a1eff5 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-api.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-api + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" diff --git a/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-auth.yaml b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-auth.yaml new file mode 100644 index 000000000..2c4bcbd71 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-auth.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-auth + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" diff --git a/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-front.yaml b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-front.yaml new file mode 100644 index 000000000..f0030d060 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-front.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-front + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" diff --git a/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-scanner.yaml b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-scanner.yaml new file mode 100644 index 000000000..ad45b72ec --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-scanner.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-scanner + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0" diff --git a/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-transcoder.yaml b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-transcoder.yaml new file mode 100644 index 000000000..f3caa52a1 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ServiceAccount-kyoo-transcoder.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-transcoder + namespace: kyoo + labels: + helm.sh/chart: kyoo-5.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "5.0.0"