From ed767436434376dabf9edb2939c611ece2421b21 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 3 Mar 2025 18:30:28 -0600 Subject: [PATCH] add tubearchivist --- .../applications/tubearchivist/Chart.yaml | 34 ++++ .../templates/external-secret.yaml | 80 +++++++++ .../tubearchivist/templates/http-route.yaml | 30 ++++ .../tubearchivist/templates/namespace.yaml | 8 + .../templates/persistent-volume-claim.yaml | 19 ++ .../templates/persistent-volume.yaml | 25 +++ .../applications/tubearchivist/values.yaml | 168 ++++++++++++++++++ 7 files changed, 364 insertions(+) create mode 100644 clusters/cl01tl/applications/tubearchivist/Chart.yaml create mode 100644 clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml create mode 100644 clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml create mode 100644 clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml create mode 100644 clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml create mode 100644 clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml create mode 100644 clusters/cl01tl/applications/tubearchivist/values.yaml diff --git a/clusters/cl01tl/applications/tubearchivist/Chart.yaml b/clusters/cl01tl/applications/tubearchivist/Chart.yaml new file mode 100644 index 000000000..a471a6dbd --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +name: tubearchivist +version: 1.0.0 +description: Tube Archivist +keywords: + - tubearchivist + - download + - video + - youtube +home: https://wiki.alexlebens.dev/doc/tube-archivist-Bv6xCDKPM5 +sources: + - https://github.com/tubearchivist/tubearchivist + - https://github.com/elastic/elasticsearch + - https://github.com/redis/redis + - https://hub.docker.com/r/bbilly1/tubearchivist + - https://hub.docker.com/r/redis/redis-stack-server + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/bitnami/charts/tree/main/bitnami/redis + - https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: tubearchivist + repository: https://bjw-s.github.io/helm-charts/ + version: 3.7.1 + - name: elasticsearch + version: 21.4.6 + repository: https://charts.bitnami.com/bitnami + - name: redis + version: 19.6.4 + repository: https://charts.bitnami.com/bitnami +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tube-archivist.png +appVersion: v0.4.11 diff --git a/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml new file mode 100644 index 000000000..d5f20b4f4 --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml @@ -0,0 +1,80 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tubearchivist-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ELASTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/tubearchivist/env + metadataPolicy: None + property: ELASTIC_PASSWORD + - secretKey: TA_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/tubearchivist/env + metadataPolicy: None + property: TA_PASSWORD + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tubearchivist-elasticsearch-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ELASTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/tubearchivist/env + metadataPolicy: None + property: ELASTIC_PASSWORD + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tubearchivist-wireguard-conf + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tubearchivist-wireguard-conf + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: private-key diff --git a/clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml b/clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml new file mode 100644 index 000000000..a9929d599 --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-tubearchivist + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-tubearchivist + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - tubearchivist.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: tubearchivist + port: 80 + weight: 100 diff --git a/clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml b/clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml new file mode 100644 index 000000000..df30bbfc0 --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tubearchivist + labels: + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..66f3958ff --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tubearchivist-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tubearchivist-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: tubearchivist-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml b/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml new file mode 100644 index 000000000..719c64ea6 --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: tubearchivist-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tubearchivist-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/YouTube + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/tubearchivist/values.yaml b/clusters/cl01tl/applications/tubearchivist/values.yaml new file mode 100644 index 000000000..507e52819 --- /dev/null +++ b/clusters/cl01tl/applications/tubearchivist/values.yaml @@ -0,0 +1,168 @@ +tubearchivist: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: bbilly1/tubearchivist + tag: v0.4.13 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: HOST_UID + value: 1000 + - name: HOST_GID + value: 1000 + - name: ES_URL + value: http://tubearchivist-elasticsearch:9200 + - name: REDIS_HOST + value: tubearchivist-redis-headless + - name: TA_HOST + value: tubearchivist.alexlebens.net tubearchivist.tubearchivist + - name: TA_PORT + value: 24000 + - name: TA_USERNAME + value: admin + envFrom: + - secretRef: + name: tubearchivist-config-secret + probes: + liveness: + enabled: false + custom: true + spec: + exec: + command: + - /usr/bin/env + - bash + - -c + - curl --fail http://localhost:8000/health + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 10m + memory: 1Gi + gluetun: + image: + repository: ghcr.io/qdm12/gluetun + tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00 + pullPolicy: IfNotPresent + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: tubearchivist-wireguard-conf + key: private-key + - name: VPN_PORT_FORWARDING + value: "on" + - name: PORT_FORWARD_ONLY + value: "on" + - name: FIREWALL_OUTBOUND_SUBNETS + value: 10.0.0.0/8 + - name: FIREWALL_INPUT_PORTS + value: 80,8000,24000 + - name: DOT + value: off + - name: DNS_KEEP_NAMESERVER + value: on + - name: DNS_PLAINTEXT_ADDRESS + value: 10.96.0.10 + securityContext: + privileged: True + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + resources: + requests: + squat.ai/tun: "1" + cpu: 10m + memory: 128Mi + limits: + squat.ai/tun: "1" + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 80 + targetPort: 24000 + protocol: HTTP + persistence: + data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 20Gi + retain: true + advancedMounts: + main: + main: + - path: /cache + readOnly: false + youtube: + existingClaim: tubearchivist-nfs-storage + advancedMounts: + main: + main: + - path: /youtube + readOnly: false +redis: + image: + repository: redis/redis-stack-server + tag: 7.2.0-v13 + architecture: standalone + auth: + enabled: false + commonConfiguration: |- + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # Enable Redis Json module + loadmodule /opt/redis-stack/lib/rejson.so +elasticsearch: + global: + storageClass: ceph-block + extraEnvVars: + - name: discovery.type + value: single-node + - name: xpack.security.enabled + value: "true" + extraEnvVarsSecret: tubearchivist-elasticsearch-secret + extraConfig: + path: + repo: /usr/share/elasticsearch/data/snapshot + extraVolumes: + - name: snapshot + nfs: + path: /volume2/Storage/TubeArchivist + server: synologybond.alexlebens.net + extraVolumeMounts: + - name: snapshot + mountPath: /usr/share/elasticsearch/data/snapshot + snapshotRepoPath: /usr/share/elasticsearch/data/snapshot + master: + masterOnly: false + replicaCount: 1 + data: + replicaCount: 0 + coordinating: + replicaCount: 0 + ingest: + enabled: false + replicaCount: 0