apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: seerr-seerr-chart-config-backup-secret-external namespace: seerr labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: seerr-seerr-chart-config-backup-secret-local namespace: seerr labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-local spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: seerr-seerr-chart-config-backup-secret-remote namespace: seerr labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-remote spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: seerr-seerr-chart labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - seerr.alexlebens.net rules: - backendRefs: - name: seerr-seerr-chart port: 80 matches: - path: type: PathPrefix value: / --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: seerr-seerr-chart-config labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm spec: accessModes: - ReadWriteOnce storageClassName: ceph-block resources: requests: storage: "5Gi" --- apiVersion: v1 kind: Pod metadata: name: "seerr-seerr-chart-test-connection" labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test spec: containers: - name: wget image: busybox command: ['wget'] args: ['seerr-seerr-chart:80'] restartPolicy: Never --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: seerr-seerr-chart-config-backup-source-external namespace: seerr labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: seerr-seerr-chart-config-backup spec: sourcePVC: seerr-seerr-chart-config trigger: schedule: 18 13 * * * restic: pruneIntervalDays: 7 repository: seerr-seerr-chart-config-backup-secret-external retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: seerr-seerr-chart-config-backup-source-local namespace: seerr labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: seerr-seerr-chart-config-backup spec: sourcePVC: seerr-seerr-chart-config trigger: schedule: 18 11 * * * restic: pruneIntervalDays: 7 repository: seerr-seerr-chart-config-backup-secret-local retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: seerr-seerr-chart-config-backup-source-remote namespace: seerr labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: seerr-seerr-chart-config-backup spec: sourcePVC: seerr-seerr-chart-config trigger: schedule: 18 12 * * * restic: pruneIntervalDays: 7 repository: seerr-seerr-chart-config-backup-secret-remote retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: v1 kind: Service metadata: name: seerr-seerr-chart labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr ipFamilyPolicy: PreferDualStack --- apiVersion: v1 kind: ServiceAccount metadata: name: seerr-seerr-chart labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm automountServiceAccountToken: true --- apiVersion: apps/v1 kind: StatefulSet metadata: name: seerr-seerr-chart labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm spec: serviceName: seerr-seerr-chart selector: matchLabels: app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr template: metadata: labels: helm.sh/chart: seerr-chart-3.3.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" app.kubernetes.io/part-of: seerr-chart app.kubernetes.io/managed-by: Helm spec: serviceAccountName: seerr-seerr-chart securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch containers: - name: seerr-chart securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault image: "ghcr.io/seerr-team/seerr:v3.1.0" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 5055 protocol: TCP livenessProbe: httpGet: path: / port: http initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: / port: http initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 resources: requests: cpu: 10m memory: 128Mi volumeMounts: - name: config mountPath: /app/config volumes: - name: config persistentVolumeClaim: claimName: seerr-seerr-chart-config