add calibre web automated

2024-08-01 21:41:06 -05:00
parent 64a873b90a
commit f4af6cdd66
8 changed files with 271 additions and 0 deletions
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml
@@ -0,0 +1,57 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: calibre-web-automated-config-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: calibre-web-automated-config-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/calibre-web-automated/calibre-web-automated-config"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: secret_key
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/ingress-route.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/ingress-route.yaml
@@ -0,0 +1,33 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: calibre-web-automated
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: calibre-web-automated
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`calibre-automated.alexlebens.net`)
+      middlewares:
+        - name: authentik-calibre-web-automated
+          namespace: {{ .Release.Namespace }}
+      priority: 10
+      services:
+        - kind: Service
+          name: calibre-web-automated
+          port: 80
+    - kind: Rule
+      match: Host(`calibre-automated.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      services:
+        - kind: Service
+          name: authentik-outpost-proxy
+          port: 9000
+          namespace: authentik
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/middleware.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/middleware.yaml
@@ -0,0 +1,27 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik-calibre-web-automated
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: authentik-calibre-web-automated
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: auth
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume-claim.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: calibre-web-automated-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: calibre-web-automated-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: calibre-web-automated-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: calibre-web-automated-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: calibre-web-automated-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Calibre
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml
@@ -0,0 +1,30 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: calibre-web-automated-config-backup-source
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: calibre-web-automated-config-backup-source
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: calibre-web-automated-config
+  trigger:
+    schedule: 0 */6 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: calibre-web-automated-config-backup-secret
+    retain:
+      hourly: 1
+      daily: 1
+      weekly: 3
+      monthly: 2
+      yearly: 4
+    moverSecurityContext:
+      runAsUser: 1000
+      runAsGroup: 100      
+    copyMethod: Snapshot
+    storageClassName: ceph-block-delete
+    volumeSnapshotClassName: ceph-blockpool-snapshot