--- # Source: tubearchivist/templates/namespace.yaml apiVersion: v1 kind: Namespace metadata: name: tubearchivist labels: app.kubernetes.io/name: tubearchivist app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged --- # Source: tubearchivist/templates/persistent-volume.yaml apiVersion: v1 kind: PersistentVolume metadata: name: tubearchivist-nfs-storage namespace: tubearchivist labels: app.kubernetes.io/name: tubearchivist-nfs-storage app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadWriteMany nfs: path: /volume2/Storage/YouTube server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- # Source: tubearchivist/charts/tubearchivist/templates/common.yaml --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: tubearchivist labels: app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: tubearchivist helm.sh/chart: tubearchivist-4.4.0 annotations: helm.sh/resource-policy: keep namespace: tubearchivist spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "40Gi" storageClassName: "ceph-block" --- # Source: tubearchivist/templates/persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tubearchivist-nfs-storage namespace: tubearchivist labels: app.kubernetes.io/name: tubearchivist-nfs-storage app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: volumeName: tubearchivist-nfs-storage storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- # Source: tubearchivist/charts/tubearchivist/templates/common.yaml apiVersion: v1 kind: Service metadata: name: tubearchivist labels: app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: tubearchivist app.kubernetes.io/service: tubearchivist helm.sh/chart: tubearchivist-4.4.0 namespace: tubearchivist spec: type: ClusterIP ports: - port: 80 targetPort: 24000 protocol: TCP name: http selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: tubearchivist app.kubernetes.io/name: tubearchivist --- # Source: tubearchivist/charts/tubearchivist/templates/common.yaml apiVersion: apps/v1 kind: Deployment metadata: name: tubearchivist labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: tubearchivist app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: tubearchivist helm.sh/chart: tubearchivist-4.4.0 namespace: tubearchivist spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: tubearchivist app.kubernetes.io/instance: tubearchivist template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: tubearchivist app.kubernetes.io/name: tubearchivist spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: VPN_SERVICE_PROVIDER value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: key: private-key name: tubearchivist-wireguard-conf - name: VPN_PORT_FORWARDING value: "on" - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 10.0.0.0/8 - name: FIREWALL_INPUT_PORTS value: 80,8000,24000 - name: DOT value: "false" - name: DNS_KEEP_NAMESERVER value: "true" - name: DNS_PLAINTEXT_ADDRESS value: 10.96.0.10 image: ghcr.io/qdm12/gluetun:v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 imagePullPolicy: IfNotPresent name: gluetun resources: limits: devic.es/tun: "1" requests: cpu: 10m devic.es/tun: "1" memory: 128Mi securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE privileged: true - env: - name: TZ value: US/Central - name: HOST_UID value: "1000" - name: HOST_GID value: "1000" - name: ES_URL value: https://elasticsearch-tubearchivist-es-http.tubearchivist:9200 - name: ES_DISABLE_VERIFY_SSL value: "true" - name: REDIS_CON value: redis://redis-replication-tubearchivist-master.tubearchivist:6379 - name: TA_HOST value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/ - name: TA_PORT value: "24000" - name: TA_USERNAME value: admin envFrom: - secretRef: name: tubearchivist-config-secret image: bbilly1/tubearchivist:v0.5.8 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 1Gi volumeMounts: - mountPath: /cache name: data - mountPath: /youtube name: youtube volumes: - name: data persistentVolumeClaim: claimName: tubearchivist - name: youtube persistentVolumeClaim: claimName: tubearchivist-nfs-storage --- # Source: tubearchivist/templates/elasticsearch.yaml apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch-tubearchivist namespace: tubearchivist labels: app.kubernetes.io/name: elasticsearch-tubearchivist app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: version: 8.18.0 auth: fileRealm: - secretName: tubearchivist-elasticsearch-secret nodeSets: - name: default count: 1 config: node.store.allow_mmap: false path.repo: /usr/share/elasticsearch/data/snapshot podTemplate: spec: volumes: - name: tubearchivist-snapshot-nfs-storage nfs: path: /volume2/Storage/TubeArchivist server: synologybond.alexlebens.net containers: - name: elasticsearch volumeMounts: - name: tubearchivist-snapshot-nfs-storage mountPath: /usr/share/elasticsearch/data/snapshot volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ceph-block --- # Source: tubearchivist/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: tubearchivist-config-secret namespace: tubearchivist labels: app.kubernetes.io/name: tubearchivist-config-secret app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ELASTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/tubearchivist/env metadataPolicy: None property: ELASTIC_PASSWORD - secretKey: TA_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/tubearchivist/env metadataPolicy: None property: TA_PASSWORD --- # Source: tubearchivist/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: tubearchivist-elasticsearch-secret namespace: tubearchivist labels: app.kubernetes.io/name: tubearchivist-elasticsearch-secret app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: username remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/tubearchivist/elasticsearch metadataPolicy: None property: username - secretKey: password remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/tubearchivist/elasticsearch metadataPolicy: None property: password - secretKey: roles remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/tubearchivist/elasticsearch metadataPolicy: None property: roles --- # Source: tubearchivist/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: tubearchivist-wireguard-conf namespace: tubearchivist labels: app.kubernetes.io/name: tubearchivist-wireguard-conf app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: private-key remoteRef: conversionStrategy: Default decodingStrategy: None key: /protonvpn/conf/cl01tl metadataPolicy: None property: private-key --- # Source: tubearchivist/templates/http-route.yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: http-route-tubearchivist namespace: tubearchivist labels: app.kubernetes.io/name: http-route-tubearchivist app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - tubearchivist.alexlebens.net rules: - matches: - path: type: PathPrefix value: / backendRefs: - group: '' kind: Service name: tubearchivist port: 80 weight: 100 --- # Source: tubearchivist/templates/redis-replication.yaml apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisReplication metadata: name: redis-replication-tubearchivist namespace: tubearchivist labels: app.kubernetes.io/name: redis-replication-tubearchivist app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: clusterSize: 3 podSecurityContext: runAsUser: 1000 fsGroup: 1000 kubernetesConfig: image: quay.io/opstree/redis:v8.0.3 imagePullPolicy: IfNotPresent resources: requests: cpu: 50m memory: 128Mi storage: volumeClaimTemplate: spec: storageClassName: ceph-block accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi redisExporter: enabled: true image: quay.io/opstree/redis-exporter:v1.48.0 --- # Source: tubearchivist/templates/service-monitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: redis-replication-tubearchivist namespace: tubearchivist labels: app.kubernetes.io/name: redis-replication-tubearchivist app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist redis-operator: "true" env: production spec: selector: matchLabels: redis_setup_type: replication endpoints: - port: redis-exporter interval: 30s scrapeTimeout: 10s