apiVersion: v1 kind: ConfigMap metadata: name: jellyfin-meilisearch-environment labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm data: MEILI_ENV: "production" MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: "true" MEILI_NO_ANALYTICS: "true" MEILI_EXPERIMENTAL_ENABLE_METRICS: "true" --- apiVersion: apps/v1 kind: Deployment metadata: name: jellyfin labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: jellyfin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin helm.sh/chart: jellyfin-4.6.2 namespace: jellyfin spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: jellyfin app.kubernetes.io/instance: jellyfin template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: jellyfin app.kubernetes.io/name: jellyfin spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - args: - --jellyfin.address=http://127.0.0.1:8096 - --jellyfin.token=$(TOKEN) env: - name: TOKEN valueFrom: secretKeyRef: key: token name: jellyfin-exporter-secret image: rebelcore/jellyfin-exporter:v1.4.0 imagePullPolicy: IfNotPresent name: exporter - env: - name: TZ value: US/Central - name: JELLYFIN_hostwebclient value: "true" - name: JELLYFIN_PublishedServerUrl value: https://jellyfin.alexlebens.net/ image: ghcr.io/jellyfin/jellyfin:10.11.6 imagePullPolicy: IfNotPresent name: main resources: limits: gpu.intel.com/i915: 1 requests: cpu: 1 gpu.intel.com/i915: 1 memory: 2Gi volumeMounts: - mountPath: /cache name: cache - mountPath: /config name: config - mountPath: /mnt/store name: media - mountPath: /mnt/youtube name: youtube readOnly: true volumes: - emptyDir: {} name: cache - name: config persistentVolumeClaim: claimName: jellyfin-config - name: media persistentVolumeClaim: claimName: jellyfin-nfs-storage - name: youtube persistentVolumeClaim: claimName: jellyfin-youtube-nfs-storage --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: jellyfin-config-backup-secret-external namespace: jellyfin labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/jellyfin/jellyfin-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: jellyfin-config-backup-secret-local namespace: jellyfin labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin-config-backup-secret-local spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/jellyfin/jellyfin-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: jellyfin-config-backup-secret-remote namespace: jellyfin labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin-config-backup-secret-remote spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/jellyfin/jellyfin-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: jellyfin-exporter-secret namespace: jellyfin labels: app.kubernetes.io/name: jellyfin-exporter-secret app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: token remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/jellyfin/exporter metadataPolicy: None property: token --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: jellyfin-meilisearch-master-key-secret namespace: jellyfin labels: app.kubernetes.io/name: jellyfin-meilisearch-master-key-secret app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: MEILI_MASTER_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/jellyfin/meilisearch metadataPolicy: None property: MEILI_MASTER_KEY --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: HTTPRoute metadata: name: jellyfin labels: app.kubernetes.io/instance: jellyfin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin helm.sh/chart: jellyfin-4.6.2 namespace: jellyfin spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - "jellyfin.alexlebens.net" rules: - backendRefs: - group: "" kind: Service name: jellyfin namespace: jellyfin port: 80 weight: 100 matches: - path: type: PathPrefix value: / --- apiVersion: v1 kind: PersistentVolume metadata: name: jellyfin-nfs-storage namespace: jellyfin labels: app.kubernetes.io/name: jellyfin-nfs-storage app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadWriteMany nfs: path: /volume2/Storage server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- apiVersion: v1 kind: PersistentVolume metadata: name: jellyfin-youtube-nfs-storage namespace: jellyfin labels: app.kubernetes.io/name: jellyfin-youtube-nfs-storage app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadOnlyMany nfs: path: /volume2/Storage/YouTube server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: jellyfin-config labels: app.kubernetes.io/instance: jellyfin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin helm.sh/chart: jellyfin-4.6.2 annotations: helm.sh/resource-policy: keep namespace: jellyfin spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "100Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: jellyfin-meilisearch labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "5Gi" storageClassName: "local-path" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jellyfin-nfs-storage namespace: jellyfin labels: app.kubernetes.io/name: jellyfin-nfs-storage app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin spec: volumeName: jellyfin-nfs-storage storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jellyfin-youtube-nfs-storage namespace: jellyfin labels: app.kubernetes.io/name: jellyfin-youtube-nfs-storage app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin spec: volumeName: jellyfin-youtube-nfs-storage storageClassName: nfs-client accessModes: - ReadOnlyMany resources: requests: storage: 1Gi --- apiVersion: v1 kind: Pod metadata: name: jellyfin-meilisearch-test-connection labels: app.kubernetes.io/name: meilisearch helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test-success spec: containers: - name: wget image: busybox command: ['wget'] args: ['--spider', '--timeout=5', 'jellyfin-meilisearch:7700'] restartPolicy: Never --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: jellyfin-config-backup-source-external namespace: jellyfin labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin-config-backup spec: sourcePVC: jellyfin-config trigger: schedule: 26 10 * * * restic: pruneIntervalDays: 7 repository: jellyfin-config-backup-secret-external retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 10Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: jellyfin-config-backup-source-local namespace: jellyfin labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin-config-backup spec: sourcePVC: jellyfin-config trigger: schedule: 26 8 * * * restic: pruneIntervalDays: 7 repository: jellyfin-config-backup-secret-local retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 10Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: jellyfin-config-backup-source-remote namespace: jellyfin labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: jellyfin app.kubernetes.io/part-of: jellyfin app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin-config-backup spec: sourcePVC: jellyfin-config trigger: schedule: 26 9 * * * restic: pruneIntervalDays: 7 repository: jellyfin-config-backup-secret-remote retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 10Gi --- apiVersion: v1 kind: Service metadata: name: jellyfin-meilisearch labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: - port: 7700 targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin --- apiVersion: v1 kind: Service metadata: name: jellyfin labels: app.kubernetes.io/instance: jellyfin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin app.kubernetes.io/service: jellyfin helm.sh/chart: jellyfin-4.6.2 namespace: jellyfin spec: type: ClusterIP ports: - port: 80 targetPort: 8096 protocol: TCP name: http - port: 9594 targetPort: 9594 protocol: TCP name: metrics selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: jellyfin app.kubernetes.io/name: jellyfin --- apiVersion: v1 kind: ServiceAccount metadata: name: jellyfin-meilisearch labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm automountServiceAccountToken: false --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: jellyfin-meilisearch namespace: jellyfin labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm spec: jobLabel: jellyfin namespaceSelector: matchNames: - jellyfin selector: matchLabels: app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin endpoints: - port: http path: /metrics interval: 1m scrapeTimeout: 10s bearerTokenSecret: name: jellyfin-meilisearch-master-key-secret key: MEILI_MASTER_KEY --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: jellyfin labels: app.kubernetes.io/instance: jellyfin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin helm.sh/chart: jellyfin-4.6.2 namespace: jellyfin spec: jobLabel: jellyfin namespaceSelector: matchNames: - jellyfin selector: matchLabels: app.kubernetes.io/instance: jellyfin app.kubernetes.io/name: jellyfin endpoints: - interval: 30s path: /metrics port: metrics scheme: http scrapeTimeout: 15s --- apiVersion: apps/v1 kind: StatefulSet metadata: name: jellyfin-meilisearch labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm spec: replicas: 1 serviceName: jellyfin-meilisearch selector: matchLabels: app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin template: metadata: labels: helm.sh/chart: meilisearch-0.27.0 app.kubernetes.io/name: meilisearch app.kubernetes.io/instance: jellyfin app.kubernetes.io/version: "v1.38.0" app.kubernetes.io/component: search-engine app.kubernetes.io/part-of: meilisearch app.kubernetes.io/managed-by: Helm annotations: checksum/config: fbbcc1dd0d161f68a49b73fa43d78e99986dbc7918dad1f551156b39c1c99b70 spec: serviceAccountName: jellyfin-meilisearch securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 volumes: - name: tmp emptyDir: {} - name: data persistentVolumeClaim: claimName: jellyfin-meilisearch containers: - name: meilisearch image: "getmeili/meilisearch:v1.38.0" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - name: tmp mountPath: /tmp - name: data mountPath: /meili_data envFrom: - configMapRef: name: jellyfin-meilisearch-environment - secretRef: name: jellyfin-meilisearch-master-key-secret ports: - name: http containerPort: 7700 protocol: TCP startupProbe: httpGet: path: /health port: http periodSeconds: 1 initialDelaySeconds: 1 failureThreshold: 60 timeoutSeconds: 1 livenessProbe: httpGet: path: /health port: http periodSeconds: 10 initialDelaySeconds: 0 timeoutSeconds: 10 readinessProbe: httpGet: path: /health port: http periodSeconds: 10 initialDelaySeconds: 0 timeoutSeconds: 10 resources: requests: cpu: 10m memory: 128Mi