diff --git a/clusters/cl01tl/applications/lazy-librarian/Chart.yaml b/clusters/cl01tl/applications/lazy-librarian/Chart.yaml new file mode 100644 index 000000000..15cd3d75f --- /dev/null +++ b/clusters/cl01tl/applications/lazy-librarian/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: lazy-librarian +version: 1.0.0 +description: A Helm chart for deploying LazyLibrarian +keywords: + - lazylibrarian + - ebooks +sources: + - https://gitlab.com/LazyLibrarian/LazyLibrarian.git + - https://lazylibrarian.gitlab.io +maintainers: + - name: alexlebens +dependencies: + - name: app-template + repository: https://bjw-s.github.io/helm-charts/ + version: 3.1.0 +icon: https://lazylibrarian.gitlab.io/logo.svg +appVersion: version-b3a081ec diff --git a/clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..f102c51b3 --- /dev/null +++ b/clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lazy-librarian-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: lazy-librarian-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: lazy-librarian-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume.yaml b/clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume.yaml new file mode 100644 index 000000000..ceda9996d --- /dev/null +++ b/clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: lazy-librarian-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: lazy-librarian-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/lazy-librarian/values.yaml b/clusters/cl01tl/applications/lazy-librarian/values.yaml new file mode 100644 index 000000000..82eaab6f1 --- /dev/null +++ b/clusters/cl01tl/applications/lazy-librarian/values.yaml @@ -0,0 +1,67 @@ +app-template: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: lscr.io/linuxserver/lazylibrarian + tag: version-b3a081ec + pullPolicy: IfNotPresent + env: + PUID: 1001 + PGID: 1001 + TZ: US/Central + DOCKER_MODS: linuxserver/mods:lazylibrarian-ffmpeg|linuxserver/mods:universal-calibre + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 10m + memory: 256Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 5299 + protocol: HTTP + ingress: + main: + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + className: traefik + hosts: + - host: lazylibrarian.alexlebens.net + paths: + - path: / + pathType: Prefix + service: + name: lazy-librarian + port: 5299 + tls: + - secretName: lazy-librarian-secret-tls + hosts: + - lazylibrarian.alexlebens.net + persistence: + config: + enabled: true + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + retain: true + globalMounts: + - path: /config + storage: + enabled: true + existingClaim: lazy-librarian-nfs-storage + globalMounts: + - path: /mnt/store diff --git a/clusters/cl01tl/applications/lidarr2/Chart.yaml b/clusters/cl01tl/applications/lidarr2/Chart.yaml new file mode 100644 index 000000000..ae52f70e6 --- /dev/null +++ b/clusters/cl01tl/applications/lidarr2/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: lidarr +version: 1.0.0 +sources: + - https://github.com/Lidarr/Lidarr + - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/lidarr + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +dependencies: + - name: lidarr + version: 15.1.1 + repository: https://k8s-home-lab.github.io/helm-charts/ + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.1.0 + repository: http://alexlebens.github.io/helm-charts +appVersion: "2.2.5.4141" diff --git a/clusters/cl01tl/applications/lidarr2/templates/external-secret.yaml b/clusters/cl01tl/applications/lidarr2/templates/external-secret.yaml new file mode 100644 index 000000000..a24c93851 --- /dev/null +++ b/clusters/cl01tl/applications/lidarr2/templates/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: lidarr2-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: lidarr2-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-lidarr-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-lidarr-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/lidarr2/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/lidarr2/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..ea8cc465d --- /dev/null +++ b/clusters/cl01tl/applications/lidarr2/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: "{{ .Release.Name }}-nfs-storage" + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/lidarr2/templates/persistent-volume.yaml b/clusters/cl01tl/applications/lidarr2/templates/persistent-volume.yaml new file mode 100644 index 000000000..a9976778f --- /dev/null +++ b/clusters/cl01tl/applications/lidarr2/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/lidarr2/values.yaml b/clusters/cl01tl/applications/lidarr2/values.yaml new file mode 100644 index 000000000..0889c8351 --- /dev/null +++ b/clusters/cl01tl/applications/lidarr2/values.yaml @@ -0,0 +1,108 @@ +lidarr: + image: + repository: ghcr.io/onedr0p/lidarr + tag: "2.3.3.4204" + env: + TZ: US/Central + LIDARR__POSTGRES_MAIN_DB: lidarr-main + LIDARR__POSTGRES_LOG_DB: lidarr-log + LIDARR__POSTGRES_HOST: + valueFrom: + secretKeyRef: + name: lidarr2-postgresql-16-cluster-app + key: host + LIDARR__POSTGRES_PORT: + valueFrom: + secretKeyRef: + name: lidarr2-postgresql-16-cluster-app + key: port + LIDARR__POSTGRES_USER: + valueFrom: + secretKeyRef: + name: lidarr2-postgresql-16-cluster-app + key: user + LIDARR__POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: lidarr2-postgresql-16-cluster-app + key: password + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: lidarr.alexlebens.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: lidarr2-secret-tls + hosts: + - lidarr.alexlebens.net + persistence: + config: + enabled: true + mountPath: /config + accessMode: ReadWriteOnce + size: 5Gi + media: + enabled: true + mountPath: /mnt/store + type: pvc + existingClaim: lidarr2-nfs-storage + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + metrics: + enabled: true + prometheusRule: + enabled: true + rules: + - alert: LidarrDown + annotations: + description: Lidarr service is down. + summary: Lidarr is down. + expr: | + lidarr_system_status == 0 + for: 5m + labels: + severity: critical + exporter: + image: + repository: ghcr.io/onedr0p/exportarr + tag: v2.0.1 +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net +postgres-16-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + initdb: + postInitApplicationSQL: + - CREATE DATABASE "lidarr-main" OWNER "app"; + - CREATE DATABASE "lidarr-log" OWNER "app"; + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/lidarr2 + endpointCredentials: lidarr2-postgresql-16-cluster-backup-secret + backupIndex: 1 + retentionPolicy: 14d diff --git a/clusters/cl01tl/applications/prowlarr/Chart.yaml b/clusters/cl01tl/applications/prowlarr/Chart.yaml new file mode 100644 index 000000000..571144ede --- /dev/null +++ b/clusters/cl01tl/applications/prowlarr/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: prowlarr +version: 0.0.1 +sources: + - https://github.com/Prowlarr/Prowlarr + - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/prowlarr +dependencies: + - name: prowlarr + version: 5.1.2 + repository: https://k8s-home-lab.github.io/helm-charts/ +appVersion: "1.13.3.4273" diff --git a/clusters/cl01tl/applications/prowlarr/values.yaml b/clusters/cl01tl/applications/prowlarr/values.yaml new file mode 100644 index 000000000..c562dbbfb --- /dev/null +++ b/clusters/cl01tl/applications/prowlarr/values.yaml @@ -0,0 +1,38 @@ +prowlarr: + image: + repository: ghcr.io/onedr0p/prowlarr + tag: "1.17.2.4511" + env: + TZ: US/Central + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: prowlarr.alexlebens.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: prowlarr-secret-tls + hosts: + - prowlarr.alexlebens.net + persistence: + config: + enabled: true + storageClass: ceph-block + size: 1Gi + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 diff --git a/clusters/cl01tl/applications/radarr5-4k/Chart.yaml b/clusters/cl01tl/applications/radarr5-4k/Chart.yaml new file mode 100644 index 000000000..e2457bdf0 --- /dev/null +++ b/clusters/cl01tl/applications/radarr5-4k/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: radarr5-4k +version: 1.0.0 +sources: + - https://github.com/Radarr/Radarr + - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/radarr + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +dependencies: + - name: radarr + version: 17.1.2 + repository: https://k8s-home-lab.github.io/helm-charts/ + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.1.0 + repository: http://alexlebens.github.io/helm-charts +appVersion: "5.4.6.8723" diff --git a/clusters/cl01tl/applications/radarr5-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr5-4k/templates/external-secret.yaml new file mode 100644 index 000000000..b6032217e --- /dev/null +++ b/clusters/cl01tl/applications/radarr5-4k/templates/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr5-4k-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr5-4k-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-radarr-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-radarr-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..ea8cc465d --- /dev/null +++ b/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: "{{ .Release.Name }}-nfs-storage" + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume.yaml b/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume.yaml new file mode 100644 index 000000000..a9976778f --- /dev/null +++ b/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/radarr5-4k/values.yaml b/clusters/cl01tl/applications/radarr5-4k/values.yaml new file mode 100644 index 000000000..6128bf4d6 --- /dev/null +++ b/clusters/cl01tl/applications/radarr5-4k/values.yaml @@ -0,0 +1,110 @@ +radarr: + image: + repository: ghcr.io/onedr0p/radarr + tag: "5.6.0.8846" + env: + TZ: US/Central + RADARR__POSTGRES_MAIN_DB: radarr-main + RADARR__POSTGRES_LOG_DB: radarr-log + RADARR__POSTGRES_HOST: + valueFrom: + secretKeyRef: + name: radarr5-4k-postgresql-16-cluster-app + key: host + RADARR__POSTGRES_PORT: + valueFrom: + secretKeyRef: + name: radarr5-4k-postgresql-16-cluster-app + key: port + RADARR__POSTGRES_USER: + valueFrom: + secretKeyRef: + name: radarr5-4k-postgresql-16-cluster-app + key: user + RADARR__POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: radarr5-4k-postgresql-16-cluster-app + key: password + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: radarr-4k.alexlebens.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: radarr5-4k-secret-tls + hosts: + - radarr-4k.alexlebens.net + persistence: + config: + enabled: true + mountPath: /config + accessMode: ReadWriteOnce + size: 20Gi + media: + enabled: true + mountPath: /mnt/store + type: pvc + existingClaim: radarr5-4k-nfs-storage + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + metrics: + enabled: true + prometheusRule: + enabled: true + rules: + - alert: RadarrDown + annotations: + description: Radarr 4k service is down. + summary: Radarr 4k is down. + expr: | + radarr_system_status == 0 + for: 5m + labels: + severity: critical + exporter: + image: + repository: ghcr.io/onedr0p/exportarr + tag: v2.0.1 +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net +postgres-16-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + initdb: + database: app + owner: app + postInitApplicationSQL: + - CREATE DATABASE "radarr-main" OWNER "app"; + - CREATE DATABASE "radarr-log" OWNER "app"; + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/radarr5-4k + endpointCredentials: radarr5-4k-postgresql-16-cluster-backup-secret + backupIndex: 1 + retentionPolicy: 14d diff --git a/clusters/cl01tl/applications/radarr5/Chart.yaml b/clusters/cl01tl/applications/radarr5/Chart.yaml new file mode 100644 index 000000000..d4b0e8e81 --- /dev/null +++ b/clusters/cl01tl/applications/radarr5/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: radarr5 +version: 1.0.0 +sources: + - https://github.com/Radarr/Radarr + - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/radarr + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +dependencies: + - name: radarr + version: 17.1.2 + repository: https://k8s-home-lab.github.io/helm-charts/ + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.1.0 + repository: http://alexlebens.github.io/helm-charts +appVersion: "5.4.6.8723" diff --git a/clusters/cl01tl/applications/radarr5/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr5/templates/external-secret.yaml new file mode 100644 index 000000000..decbbd4d6 --- /dev/null +++ b/clusters/cl01tl/applications/radarr5/templates/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr5-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr5-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-radarr-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-radarr-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/radarr5/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/radarr5/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..ea8cc465d --- /dev/null +++ b/clusters/cl01tl/applications/radarr5/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: "{{ .Release.Name }}-nfs-storage" + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/radarr5/templates/persistent-volume.yaml b/clusters/cl01tl/applications/radarr5/templates/persistent-volume.yaml new file mode 100644 index 000000000..a9976778f --- /dev/null +++ b/clusters/cl01tl/applications/radarr5/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/radarr5/values.yaml b/clusters/cl01tl/applications/radarr5/values.yaml new file mode 100644 index 000000000..30f9907f0 --- /dev/null +++ b/clusters/cl01tl/applications/radarr5/values.yaml @@ -0,0 +1,110 @@ +radarr: + image: + repository: ghcr.io/onedr0p/radarr + tag: "5.6.0.8846" + env: + TZ: US/Central + RADARR__POSTGRES_MAIN_DB: radarr-main + RADARR__POSTGRES_LOG_DB: radarr-log + RADARR__POSTGRES_HOST: + valueFrom: + secretKeyRef: + name: radarr5-postgresql-16-cluster-app + key: host + RADARR__POSTGRES_PORT: + valueFrom: + secretKeyRef: + name: radarr5-postgresql-16-cluster-app + key: port + RADARR__POSTGRES_USER: + valueFrom: + secretKeyRef: + name: radarr5-postgresql-16-cluster-app + key: user + RADARR__POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: radarr5-postgresql-16-cluster-app + key: password + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: radarr.alexlebens.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: radarr5-secret-tls + hosts: + - radarr.alexlebens.net + persistence: + config: + enabled: true + mountPath: /config + accessMode: ReadWriteOnce + size: 20Gi + media: + enabled: true + mountPath: /mnt/store + type: pvc + existingClaim: radarr5-nfs-storage + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + metrics: + enabled: true + prometheusRule: + enabled: true + rules: + - alert: RadarrDown + annotations: + description: Radarr service is down. + summary: Radarr is down. + expr: | + radarr_system_status == 0 + for: 5m + labels: + severity: critical + exporter: + image: + repository: ghcr.io/onedr0p/exportarr + tag: v2.0.1 +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net +postgres-16-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + initdb: + database: app + owner: app + postInitApplicationSQL: + - CREATE DATABASE "radarr-main" OWNER "app"; + - CREATE DATABASE "radarr-log" OWNER "app"; + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/radarr5 + endpointCredentials: radarr5-postgresql-16-cluster-backup-secret + backupIndex: 1 + retentionPolicy: 14d diff --git a/clusters/cl01tl/applications/sonarr4-4k/Chart.yaml b/clusters/cl01tl/applications/sonarr4-4k/Chart.yaml new file mode 100644 index 000000000..2e7dee174 --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4-4k/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: sonarr4-4k +version: 1.0.0 +sources: + - https://github.com/Sonarr/Sonarr + - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/sonarr + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +dependencies: + - name: sonarr + version: 17.1.1 + repository: https://k8s-home-lab.github.io/helm-charts/ + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.1.0 + repository: http://alexlebens.github.io/helm-charts +appVersion: "4.0.4.1491" diff --git a/clusters/cl01tl/applications/sonarr4-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr4-4k/templates/external-secret.yaml new file mode 100644 index 000000000..99ee98180 --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4-4k/templates/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr4-4k-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr4-4k-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-sonarr-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-sonarr-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..ea8cc465d --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: "{{ .Release.Name }}-nfs-storage" + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume.yaml b/clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume.yaml new file mode 100644 index 000000000..a9976778f --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/sonarr4-4k/values.yaml b/clusters/cl01tl/applications/sonarr4-4k/values.yaml new file mode 100644 index 000000000..ade3e65a3 --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4-4k/values.yaml @@ -0,0 +1,110 @@ +sonarr: + image: + repository: ghcr.io/onedr0p/sonarr + tag: "4.0.4.1491" + env: + TZ: US/Central + SONARR__POSTGRES_MAIN_DB: sonarr-main + SONARR__POSTGRES_LOG_DB: sonarr-log + SONARR__POSTGRES_HOST: + valueFrom: + secretKeyRef: + name: sonarr4-4k-postgresql-16-cluster-app + key: host + SONARR__POSTGRES_PORT: + valueFrom: + secretKeyRef: + name: sonarr4-4k-postgresql-16-cluster-app + key: port + SONARR__POSTGRES_USER: + valueFrom: + secretKeyRef: + name: sonarr4-4k-postgresql-16-cluster-app + key: user + SONARR__POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: sonarr4-4k-postgresql-16-cluster-app + key: password + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: sonarr-4k.alexlebens.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: sonarr4-4k-secret-tls + hosts: + - sonarr-4k.alexlebens.net + persistence: + config: + enabled: true + mountPath: /config + accessMode: ReadWriteOnce + size: 20Gi + media: + enabled: true + mountPath: /mnt/store + type: pvc + existingClaim: sonarr4-4k-nfs-storage + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + metrics: + enabled: true + prometheusRule: + enabled: true + rules: + - alert: SonarrDown + annotations: + description: Sonarr 4k service is down. + summary: Sonarr 4k is down. + expr: | + sonarr_system_status == 0 + for: 5m + labels: + severity: critical + exporter: + image: + repository: ghcr.io/onedr0p/exportarr + tag: v2.0.1 +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net +postgres-16-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + initdb: + database: app + owner: app + postInitApplicationSQL: + - CREATE DATABASE "sonarr-main" OWNER "app"; + - CREATE DATABASE "sonarr-log" OWNER "app"; + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/sonarr4-4k + endpointCredentials: sonarr4-4k-postgresql-16-cluster-backup-secret + backupIndex: 1 + retentionPolicy: 14d diff --git a/clusters/cl01tl/applications/sonarr4/Chart.yaml b/clusters/cl01tl/applications/sonarr4/Chart.yaml new file mode 100644 index 000000000..6045d9aaa --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: sonarr4 +version: 1.0.0 +sources: + - https://github.com/Sonarr/Sonarr + - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/sonarr + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +dependencies: + - name: sonarr + version: 17.1.1 + repository: https://k8s-home-lab.github.io/helm-charts/ + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.1.0 + repository: http://alexlebens.github.io/helm-charts +appVersion: "4.0.4.1491" diff --git a/clusters/cl01tl/applications/sonarr4/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr4/templates/external-secret.yaml new file mode 100644 index 000000000..0eb8b1597 --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4/templates/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr4-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr4-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-sonarr-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-sonarr-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/sonarr4/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/sonarr4/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..ea8cc465d --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: "{{ .Release.Name }}-nfs-storage" + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/sonarr4/templates/persistent-volume.yaml b/clusters/cl01tl/applications/sonarr4/templates/persistent-volume.yaml new file mode 100644 index 000000000..a9976778f --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: "{{ .Release.Name }}-nfs-storage" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/sonarr4/values.yaml b/clusters/cl01tl/applications/sonarr4/values.yaml new file mode 100644 index 000000000..934a1245a --- /dev/null +++ b/clusters/cl01tl/applications/sonarr4/values.yaml @@ -0,0 +1,110 @@ +sonarr: + image: + repository: ghcr.io/onedr0p/sonarr + tag: "4.0.4.1491" + env: + TZ: US/Central + SONARR__POSTGRES_MAIN_DB: sonarr-main + SONARR__POSTGRES_LOG_DB: sonarr-log + SONARR__POSTGRES_HOST: + valueFrom: + secretKeyRef: + name: sonarr4-postgresql-16-cluster-app + key: host + SONARR__POSTGRES_PORT: + valueFrom: + secretKeyRef: + name: sonarr4-postgresql-16-cluster-app + key: port + SONARR__POSTGRES_USER: + valueFrom: + secretKeyRef: + name: sonarr4-postgresql-16-cluster-app + key: user + SONARR__POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: sonarr4-postgresql-16-cluster-app + key: password + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: sonarr.alexlebens.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: sonarr4-secret-tls + hosts: + - sonarr.alexlebens.net + persistence: + config: + enabled: true + mountPath: /config + accessMode: ReadWriteOnce + size: 20Gi + media: + enabled: true + mountPath: /mnt/store + type: pvc + existingClaim: sonarr4-nfs-storage + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + metrics: + enabled: true + prometheusRule: + enabled: true + rules: + - alert: SonarrDown + annotations: + description: Sonarr service is down. + summary: Sonarr is down. + expr: | + sonarr_system_status == 0 + for: 5m + labels: + severity: critical + exporter: + image: + repository: ghcr.io/onedr0p/exportarr + tag: v2.0.1 +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net +postgres-16-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + initdb: + database: app + owner: app + postInitApplicationSQL: + - CREATE DATABASE "sonarr-main" OWNER "app"; + - CREATE DATABASE "sonarr-log" OWNER "app"; + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/sonarr4 + endpointCredentials: sonarr4-postgresql-16-cluster-backup-secret + backupIndex: 1 + retentionPolicy: 14d diff --git a/clusters/cl01tl/applications/tdarr/Chart.yaml b/clusters/cl01tl/applications/tdarr/Chart.yaml new file mode 100644 index 000000000..f6d6d191b --- /dev/null +++ b/clusters/cl01tl/applications/tdarr/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: tdarr +version: 0.0.3 +home: +sources: + - https://github.com/HaveAGitGat/Tdarr + - https://github.com/alexlebens/helm-charts/tree/main/charts/tdarr +dependencies: + - name: tdarr + version: 0.0.6 + repository: http://alexlebens.github.io/helm-charts +appVersion: "2.17.01" diff --git a/clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..7d51067a4 --- /dev/null +++ b/clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tdarr-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: tdarr-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml new file mode 100644 index 000000000..7c6b4cc80 --- /dev/null +++ b/clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: tdarr-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/tdarr/values.yaml b/clusters/cl01tl/applications/tdarr/values.yaml new file mode 100644 index 000000000..a8229bbd0 --- /dev/null +++ b/clusters/cl01tl/applications/tdarr/values.yaml @@ -0,0 +1,54 @@ +tdarr: + global: + persistence: + media: + claimName: tdarr-nfs-storage + mountPath: /mnt/store + server: + resources: + requests: + cpu: 50m + memory: 256Mi + limits: + cpu: 5000m + memory: 2Gi + ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + host: tdarr.alexlebens.net + persistence: + config: + storageClassName: ceph-block + storageSize: 50Gi + server: + storageClassName: ceph-block + storageSize: 50Gi + node: + replicas: 3 + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 100m + memory: 1Gi + limits: + gpu.intel.com/i915: 1 + cpu: 5000m + memory: 5Gi + persistence: + cache: + size: 5Gi + tdarr-exporter: + metrics: + serviceMonitor: + enabled: true + settings: + config: + url: https://tdarr.alexlebens.net +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net diff --git a/clusters/cl01tl/platform/qbittorrent/Chart.yaml b/clusters/cl01tl/platform/qbittorrent/Chart.yaml new file mode 100644 index 000000000..da9298a62 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: qbittorrent +version: 0.0.7 +home: +sources: + - https://github.com/qbittorrent/qBittorrent + - https://docs.linuxserver.io/images/docker-qbittorrent/ + - https://github.com/qdm12/gluetun + - https://github.com/alexlebens/helm-charts/tree/main/charts/homepage +dependencies: + - name: qbittorrent + version: 0.0.8 + repository: http://alexlebens.github.io/helm-charts +appVersion: "version-4.6.3-r0" diff --git a/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml new file mode 100644 index 000000000..479b90277 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml @@ -0,0 +1,48 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: qbittorrent-auth + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: admin-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /qbittorrent/auth + metadataPolicy: None + property: admin-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: qbittorrent-wireguard-conf + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: wg0.conf + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /qbittorrent/config + metadataPolicy: None + property: wg0.conf diff --git a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..d90b6d464 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: qbittorrent-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml new file mode 100644 index 000000000..34b561e03 --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: qbittorrent-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: {{ .Values.persistence.media.nfsPath }} + server: {{ .Values.persistence.media.nfsServer }} + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/platform/qbittorrent/values.yaml b/clusters/cl01tl/platform/qbittorrent/values.yaml new file mode 100644 index 000000000..af98abeac --- /dev/null +++ b/clusters/cl01tl/platform/qbittorrent/values.yaml @@ -0,0 +1,64 @@ +qbittorrent: + global: + persistence: + media: + claimName: qbittorrent-nfs-storage + mountPath: /mnt/store + server: + env: + - name: TZ + value: US/Central + - name: PUID + value: "1000" + - name: PGID + value: "1000" + resources: + requests: + cpu: 100m + memory: 2Gi + limits: + cpu: 2000m + memory: 2Gi + ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + host: qbittorrent.alexlebens.net + persistence: + config: + storageClassName: nfs-client + storageSize: 1Gi + gluetun: + enabled: true + env: + - name: VPN_SERVICE_PROVIDER + value: custom + - name: VPN_TYPE + value: wireguard + - name: FIREWALL_OUTBOUND_SUBNETS + value: 192.168.1.0/24,10.244.0.0/16 + - name: FIREWALL_INPUT_PORTS + value: 8080,9022 + - name: DOT + value: "off" + existingSecretName: qbittorrent-wireguard-conf + metrics: + enabled: true + serviceMonitor: + enabled: true + exporter: + env: + - name: QBITTORRENT_USER + value: admin + - name: QBITTORRENT_PASS + valueFrom: + secretKeyRef: + name: qbittorrent-auth + key: admin-password +persistence: + media: + nfsPath: /volume2/Storage + nfsServer: synologybond.alexlebens.net