diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml index 84c7c6aa0..cab09add5 100644 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml +++ b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml @@ -18,7 +18,7 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /discord/alertmanager + key: /discord/webhook/alertmanager metadataPolicy: None property: webhook - secretKey: pushover_token diff --git a/clusters/cl01tl/platform/authentik/Chart.yaml b/clusters/cl01tl/platform/authentik/Chart.yaml new file mode 100644 index 000000000..c319ca94f --- /dev/null +++ b/clusters/cl01tl/platform/authentik/Chart.yaml @@ -0,0 +1,35 @@ +apiVersion: v2 +name: authentik +version: 1.0.0 +description: Authentik +keywords: + - authentik + - sso + - oidc + - ldap + - idp + - authentication +home: https://wiki.alexlebens.dev/doc/authentik-q2d4WDhqpe +sources: + - https://github.com/goauthentik/authentik + - https://github.com/cloudflare/cloudflared + - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/goauthentik/helm + - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared + - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: authentik + version: 2024.12.3 + repository: https://charts.goauthentik.io/ + - name: cloudflared + alias: cloudflared + repository: http://alexlebens.github.io/helm-charts + version: 1.13.0 + - name: postgres-cluster + alias: postgres-17-cluster + version: 4.1.4 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/authentik.png +appVersion: 2024.10.5 diff --git a/clusters/cl01tl/platform/authentik/templates/config-map.yaml b/clusters/cl01tl/platform/authentik/templates/config-map.yaml new file mode 100644 index 000000000..f749d50f5 --- /dev/null +++ b/clusters/cl01tl/platform/authentik/templates/config-map.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: authentik-custom-css + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + custom.css: | + /* Change sign button color */ + .pf-c-button.pf-m-primary { + color: black; + background-color: white; + } + + /* Remove background */ + .pf-c-login__main { + background-color: rgba(3, 3, 3, 0.16); + } + + /* Remove specific height */ + .pf-c-brand { + height: auto; + } + + /* Center text */ + .pf-c-title { + text-align: center; + } + + /* Match text field to login button */ + .pf-c-form-control { + border-radius: 3px; + background-color: white; + color: black; + } + + /* Force border color */ + .pf-c-form-control { + border-color: white; + } + + /* Use default cursor on this div */ + .pf-c-form__label { + cursor: default; + } + + /* Hide required asterik */ + .pf-c-form__label-required { + display: none; + } + + /* Change link color to white */ + .a { + color: white; + } diff --git a/clusters/cl01tl/platform/authentik/templates/external-secret.yaml b/clusters/cl01tl/platform/authentik/templates/external-secret.yaml new file mode 100644 index 000000000..17ba4cf91 --- /dev/null +++ b/clusters/cl01tl/platform/authentik/templates/external-secret.yaml @@ -0,0 +1,80 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: authentik-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/authentik/key + metadataPolicy: None + property: key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: authentik-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/authentik + metadataPolicy: None + property: token + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: authentik-postgresql-17-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/platform/authentik/templates/ingress.yaml b/clusters/cl01tl/platform/authentik/templates/ingress.yaml new file mode 100644 index 000000000..b0a72161e --- /dev/null +++ b/clusters/cl01tl/platform/authentik/templates/ingress.yaml @@ -0,0 +1,32 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: authentik-local + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-local + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer +spec: + ingressClassName: traefik + tls: + - hosts: + - authentik.alexlebens.net + secretName: authentik-tls-secret + rules: + - host: authentik.alexlebens.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: authentik-server + port: + number: 80 diff --git a/clusters/cl01tl/platform/authentik/values.yaml b/clusters/cl01tl/platform/authentik/values.yaml new file mode 100644 index 000000000..52e3f22c5 --- /dev/null +++ b/clusters/cl01tl/platform/authentik/values.yaml @@ -0,0 +1,83 @@ +authentik: + global: + env: + - name: AUTHENTIK_SECRET_KEY + valueFrom: + secretKeyRef: + name: authentik-key-secret + key: key + - name: AUTHENTIK_POSTGRESQL__HOST + valueFrom: + secretKeyRef: + name: authentik-postgresql-17-cluster-app + key: host + - name: AUTHENTIK_POSTGRESQL__NAME + valueFrom: + secretKeyRef: + name: authentik-postgresql-17-cluster-app + key: dbname + - name: AUTHENTIK_POSTGRESQL__USER + valueFrom: + secretKeyRef: + name: authentik-postgresql-17-cluster-app + key: user + - name: AUTHENTIK_POSTGRESQL__PASSWORD + valueFrom: + secretKeyRef: + name: authentik-postgresql-17-cluster-app + key: password + server: + name: server + replicas: 1 + volumes: + - name: custom-css + configMap: + name: authentik-custom-css + volumeMounts: + - name: custom-css + mountPath: /web/dist/custom.css + subPath: custom.css + metrics: + enabled: true + serviceMonitor: + enabled: true + ingress: + enabled: true + ingressClassName: tailscale + annotations: + tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" + hosts: + - auth-cl01tl + paths: + - / + tls: + - secretName: auth-cl01tl + hosts: + - auth-cl01tl + worker: + name: worker + replicas: 1 + prometheus: + rules: + enabled: true + postgresql: + enabled: false + redis: + enabled: true +cloudflared: + existingSecretName: authentik-cloudflared-secret +postgres-17-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + backup: + enabled: true + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster + endpointCredentials: authentik-postgresql-17-cluster-backup-secret + backupIndex: 1 diff --git a/clusters/cl01tl/platform/qbittorrent/Chart.yaml b/clusters/cl01tl/platform/qbittorrent/Chart.yaml new file mode 100644 index 000000000..3784d1c15 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: qbittorrent +version: 1.0.0 +description: qBittorrent +keywords: + - qbittorrent + - downloads + - torrent + - vpn + - metrics +home: https://wiki.alexlebens.dev/doc/qbittorrent-5jBMHjtzCZ +sources: + - https://github.com/qbittorrent/qBittorrent + - https://github.com/qdm12/gluetun + - https://github.com/esanchezm/prometheus-qbittorrent-exporter + - https://docs.linuxserver.io/images/docker-qbittorrent/ + - https://github.com/qdm12/gluetun/pkgs/container/gluetun + - https://hub.docker.com/r/esanchezm/prometheus-qbittorrent-exporter + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: qbittorrent + repository: https://bjw-s.github.io/helm-charts/ + version: 3.6.1 +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/qbittorrent.png +appVersion: 5.0.2 diff --git a/clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml b/clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml new file mode 100644 index 000000000..ec5c95806 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: glutun-update-script + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: glutun-update-script + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: gluetun + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + update.sh: | + if ! command -v curl 2>&1 >/dev/null + then + echo "curl could not be found, installing"; + apk add curl; + fi; + echo "updating port with $1"; + curl -i -X POST -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences"; diff --git a/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml new file mode 100644 index 000000000..bc8f2c9bf --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml @@ -0,0 +1,48 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: qbittorrent-auth + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbittorrent-auth + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: admin-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/qbittorrent/auth + metadataPolicy: None + property: admin-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: qbittorrent-wireguard-conf + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbittorrent-wireguard-conf + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/qbittorrent/config + metadataPolicy: None + property: private-key diff --git a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..1ffe67f2a --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbittorrent-config + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: qbittorrent-config + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: qbittorrent-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml new file mode 100644 index 000000000..d228daca4 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: qbittorrent-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbittorrent-config + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Torrent/QBITTORRENT + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: qbittorrent-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbittorrent-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml b/clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml new file mode 100644 index 000000000..2e788707a --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml @@ -0,0 +1,21 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: qbittorrent + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbittorrent + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + endpoints: + - port: metrics + interval: 30s + scrapeTimeout: 15s + path: /metrics + selector: + matchLabels: + app.kubernetes.io/name: qbittorrent + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/clusters/cl01tl/platform/qbittorrent/values.yaml b/clusters/cl01tl/platform/qbittorrent/values.yaml new file mode 100644 index 000000000..e0255c3cb --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/values.yaml @@ -0,0 +1,164 @@ +qbittorrent: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + initContainers: + init-sysctl: + image: + repository: busybox + tag: 1.37.0 + pullPolicy: IfNotPresent + securityContext: + privileged: True + resources: + requests: + cpu: 100m + memory: 128Mi + command: + - /bin/sh + args: + - -ec + - | + sysctl -w net.ipv4.ip_forward=1; + sysctl -w net.ipv6.conf.all.disable_ipv6=1 + containers: + qbittorrent: + image: + repository: ghcr.io/linuxserver/qbittorrent + tag: 5.0.2@sha256:00360a0160872bffeaea5e232acfdb086063be5f03e0cba48b129b7087cb7ba1 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: UMASK_SET + value: "002" + - name: WEBUI_PORT + value: 8080 + resources: + requests: + cpu: 500m + memory: 1Gi + gluetun: + image: + repository: ghcr.io/qdm12/gluetun + tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00 + pullPolicy: IfNotPresent + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: qbittorrent-wireguard-conf + key: private-key + - name: VPN_PORT_FORWARDING + value: "on" + - name: VPN_PORT_FORWARDING_UP_COMMAND + value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"' + - name: PORT_FORWARD_ONLY + value: "on" + - name: FIREWALL_OUTBOUND_SUBNETS + value: 192.168.1.0/24,10.244.0.0/16 + - name: FIREWALL_INPUT_PORTS + value: 8080,9022 + - name: DOT + value: "off" + securityContext: + privileged: True + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + resources: + limits: + squat.ai/tun: "1" + requests: + cpu: 10m + memory: 64Mi + exporter: + image: + repository: esanchezm/prometheus-qbittorrent-exporter + tag: v1.6.0 + pullPolicy: IfNotPresent + env: + - name: QBITTORRENT_HOST + value: localhost + - name: QBITTORRENT_PORT + value: "8080" + - name: EXPORTER_PORT + value: "9022" + - name: EXPORTER_LOG_LEVEL + value: INFO + resources: + requests: + cpu: 10m + memory: 64Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 8080 + targetPort: 8080 + protocol: HTTP + health: + port: 9999 + targetPort: 9999 + protocol: HTTP + metrics: + port: 9022 + targetPort: 9022 + protocol: HTTP + ingress: + tailscale: + enabled: true + className: tailscale + hosts: + - host: qbittorrent-cl01tl + paths: + - path: / + pathType: Prefix + service: + name: qbittorrent + port: 8080 + tls: + - hosts: + - qbittorrent-cl01tl + persistence: + config: + type: persistentVolumeClaim + existingClaim: qbittorrent-config + advancedMounts: + main: + qbittorrent: + - path: /config + readOnly: false + update-script: + enabled: true + type: configMap + name: glutun-update-script + defaultMode: 0755 + advancedMounts: + main: + gluetun: + - path: /gluetun/update.sh + subPath: update.sh + storage: + type: persistentVolumeClaim + existingClaim: qbittorrent-nfs-storage + advancedMounts: + main: + qbittorrent: + - path: /mnt/store + readOnly: false diff --git a/clusters/cl01tl/platform/unpackerr/Chart.yaml b/clusters/cl01tl/platform/unpackerr/Chart.yaml new file mode 100644 index 000000000..8017749fe --- /dev/null +++ b/clusters/cl01tl/platform/unpackerr/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: unpackerr +version: 1.0.0 +description: Unpackerr +keywords: + - unpackerr + - archive + - servarr +home: https://wiki.alexlebens.dev/doc/unpackerr-ZCcVdSxo4s +sources: + - https://github.com/Unpackerr/unpackerr + - https://hub.docker.com/r/golift/unpackerr + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: unpackerr + repository: https://bjw-s.github.io/helm-charts/ + version: 3.6.1 +icon: https://avatars.githubusercontent.com/u/104323643?s=48&v=4 +appVersion: 0.14.5 diff --git a/clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml b/clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml new file mode 100644 index 000000000..5a114caff --- /dev/null +++ b/clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml @@ -0,0 +1,72 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: unpackerr-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: unpackerr-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: UN_SONARR_0_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/sonarr4/key + metadataPolicy: None + property: key + - secretKey: UN_SONARR_1_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/sonarr4-4k/key + metadataPolicy: None + property: key + - secretKey: UN_SONARR_2_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/sonarr4-anime/key + metadataPolicy: None + property: key + - secretKey: UN_RADARR_0_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/radarr5/key + metadataPolicy: None + property: key + - secretKey: UN_RADARR_1_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/radarr5-4k/key + metadataPolicy: None + property: key + - secretKey: UN_RADARR_2_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/radarr5-anime/key + metadataPolicy: None + property: key + - secretKey: UN_RADARR_3_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/radarr5-standup/key + metadataPolicy: None + property: key + - secretKey: UN_LIDARR_0_API_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/lidarr2/key + metadataPolicy: None + property: key diff --git a/clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..6718f0752 --- /dev/null +++ b/clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: unpackerr-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: unpackerr-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: unpackerr-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml b/clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml new file mode 100644 index 000000000..bff4dd12b --- /dev/null +++ b/clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: unpackerr-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: unpackerr-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/platform/unpackerr/values.yaml b/clusters/cl01tl/platform/unpackerr/values.yaml new file mode 100644 index 000000000..9ccad5edd --- /dev/null +++ b/clusters/cl01tl/platform/unpackerr/values.yaml @@ -0,0 +1,67 @@ +unpackerr: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: golift/unpackerr + tag: 0.14.5 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: UN_WEBSERVER_METRICS + value: true + - name: UN_SONARR_0_URL + value: http://sonarr4.sonarr4:80 + - name: UN_SONARR_0_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_SONARR_1_URL + value: http://sonarr4-4k.sonarr4-4k:80 + - name: UN_SONARR_1_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_SONARR_2_URL + value: http://sonarr4-anime.sonarr4-anime:80 + - name: UN_SONARR_2_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_RADARR_0_URL + value: http://radarr5.radarr5:80 + - name: UN_RADARR_0_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_RADARR_1_URL + value: http://radarr5-4k.radarr5-4k:80 + - name: UN_RADARR_1_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_RADARR_2_URL + value: http://radarr5-anime.radarr5-anime:80 + - name: UN_RADARR_2_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_RADARR_3_URL + value: http://radarr5-standup.radarr5-standup:80 + - name: UN_RADARR_3_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + - name: UN_LIDARR_0_URL + value: http://lidarr2.lidarr2:80 + - name: UN_LIDARR_0_PATHS_0 + value: /mnt/store/Torrent/FINISHED/COMPLETED + envFrom: + - secretRef: + name: unpackerr-key-secret + resources: + requests: + cpu: 10m + memory: 128Mi + serviceAccount: + create: true + persistence: + storage: + existingClaim: unpackerr-nfs-storage + advancedMounts: + main: + main: + - path: /mnt/store + readOnly: false