diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index 46d7b09b..0dbc1af7 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -5,5 +5,6 @@ kind: Kustomization resources: # Flux-Kustomizations - ./jellyfin/ks.yaml + - ./prowlarr/ks.yaml - ./sabnzbd/ks.yaml - ./qbittorrent/ks.yaml diff --git a/kubernetes/apps/default/prowlarr/app/externalsecret.yaml b/kubernetes/apps/default/prowlarr/app/externalsecret.yaml new file mode 100644 index 00000000..1ea3aa1a --- /dev/null +++ b/kubernetes/apps/default/prowlarr/app/externalsecret.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: prowlarr +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: prowlarr-secret + template: + engineVersion: v2 + data: + PROWLARR__API_KEY: "{{ .api_key }}" + dataFrom: + - extract: + key: prowlarr diff --git a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml new file mode 100644 index 00000000..8f1adce5 --- /dev/null +++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml @@ -0,0 +1,123 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: prowlarr +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 2.5.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + main: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/onedr0p/prowlarr-develop + tag: 1.12.2.4211@sha256:14fc79c3380bba72cd635dc6fa5949ac149c29f8a1afea8308ffe5490d0208f9 + env: + # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518 + # Ref: https://github.com/dotnet/runtime/issues/9336 + COMPlus_EnableDiagnostics: "0" + PROWLARR__INSTANCE_NAME: Prowlarr + PROWLARR__PORT: &port 80 + PROWLARR__LOG_LEVEL: info + PROWLARR__AUTHENTICATION_METHOD: External + PROWLARR__THEME: dark + TZ: America/Chicago + PROWLARR__POSTGRES_HOST: + valueFrom: + secretKeyRef: + name: "${APP}-pguser-${DB_USER}" + key: host + PROWLARR__POSTGRES_PORT: "5432" + PROWLARR__POSTGRES_USER: + valueFrom: + secretKeyRef: + name: "${APP}-pguser-${DB_USER}" + key: user + PROWLARR__POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: "${APP}-pguser-${DB_USER}" + key: password + PROWLARR__POSTGRES_MAIN_DB: prowlarr_main + PROWLARR__POSTGRES_LOG_DB: prowlarr_log + envFrom: + - secretRef: + name: prowlarr-secret + + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 1Gi + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + service: + main: + ports: + http: + port: *port + ingress: + main: + enabled: true + className: internal + hosts: + - host: &host "{{ .Release.Name }}.jahanson.tech" + paths: + - path: / + service: + name: main + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + type: emptyDir + tmp: + type: emptyDir diff --git a/kubernetes/apps/default/prowlarr/app/kustomization.yaml b/kubernetes/apps/default/prowlarr/app/kustomization.yaml new file mode 100644 index 00000000..92fefa2e --- /dev/null +++ b/kubernetes/apps/default/prowlarr/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./externalsecret.yaml + - ./postgresCluster.yaml diff --git a/kubernetes/apps/default/prowlarr/app/postgresCluster.yaml b/kubernetes/apps/default/prowlarr/app/postgresCluster.yaml new file mode 100644 index 00000000..79cd44c6 --- /dev/null +++ b/kubernetes/apps/default/prowlarr/app/postgresCluster.yaml @@ -0,0 +1,87 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json +apiVersion: postgres-operator.crunchydata.com/v1beta1 +kind: PostgresCluster +metadata: + name: "${APP}" +spec: + postgresVersion: 16 + dataSource: + pgbackrest: + stanza: db + configuration: + - secret: + name: pgo-s3-creds + global: + repo1-path: "/${APP}/repo1" + repo1-s3-uri-style: path + repo: + name: repo1 + s3: + bucket: "crunchy-postgres" + endpoint: "s3.hsn.dev" + region: "us-east-1" + patroni: + dynamicConfiguration: + synchronous_mode: true + postgresql: + synchronous_commit: "on" + pg_hba: + - hostnossl all all 10.32.0.0/16 md5 + - hostssl all all all md5 + instances: + - name: postgres + metadata: + labels: + app.kubernetes.io/name: pgo-${APP} + replicas: 2 + dataVolumeClaimSpec: + storageClassName: local-hostpath + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: "DoNotSchedule" + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/cluster: ${APP} + postgres-operator.crunchydata.com/data: postgres + users: + - name: "${DB_USER}" + databases: + - "prowlarr_main" + - "prowlarr_logs" + options: "SUPERUSER" + password: + type: AlphaNumeric + backups: + pgbackrest: + configuration: + - secret: + name: pgo-s3-creds + global: + archive-push-queue-max: 4GiB + repo1-retention-full: "14" + repo1-retention-full-type: time + repo1-path: "/${APP}/repo1" + repo1-s3-uri-style: path + manual: + repoName: repo1 + options: + - --type=full + metadata: + labels: + app.kubernetes.io/name: pgo-${APP}-backup + repos: + - name: repo1 + schedules: + full: "0 1 * * 0" + differential: "0 1 * * 1-6" + s3: + bucket: "crunchy-postgres" + endpoint: "s3.hsn.dev" + region: "us-east-1" diff --git a/kubernetes/apps/default/prowlarr/ks.yaml b/kubernetes/apps/default/prowlarr/ks.yaml new file mode 100644 index 00000000..14cefa34 --- /dev/null +++ b/kubernetes/apps/default/prowlarr/ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app prowlarr + namespace: flux-system +spec: + targetNamespace: default + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: crunchy-postgres-operator + - name: external-secrets-stores + path: ./kubernetes/apps/default/prowlarr/app + prune: true + sourceRef: + kind: GitRepository + name: homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app + DB_NAME: prowlarr + DB_USER: prowlarr