diff --git a/kubernetes/apps/anime/kustomization.yaml b/kubernetes/apps/anime/kustomization.yaml new file mode 100644 index 00000000..d4eb3a1e --- /dev/null +++ b/kubernetes/apps/anime/kustomization.yaml @@ -0,0 +1,13 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # Pre Flux-Kustomizations + - ./namespace.yaml + # Flux-Kustomizations + # - ./jellyfin/ks.yaml # sqlite + # - ./jellyseerr/ks.yaml # sqlite + - ./radarr/ks.yaml # postgres + # - ./shoko/ks.yaml # sqlite + - ./sonarr/ks.yaml # postgres diff --git a/kubernetes/apps/anime/namespace.yaml b/kubernetes/apps/anime/namespace.yaml new file mode 100644 index 00000000..ad5b410d --- /dev/null +++ b/kubernetes/apps/anime/namespace.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: anime + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + volsync.backube/privileged-movers: "true" + pgo-enabled-hsn.dev: "true" diff --git a/kubernetes/apps/anime/radarr/app/externalsecret.yaml b/kubernetes/apps/anime/radarr/app/externalsecret.yaml new file mode 100644 index 00000000..e3f97453 --- /dev/null +++ b/kubernetes/apps/anime/radarr/app/externalsecret.yaml @@ -0,0 +1,30 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: radarr-secret + template: + engineVersion: v2 + data: + PUSHOVER_TOKEN: "{{ .radarr_token }}" + PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}" + RADARR__AUTH__APIKEY: "{{ .api_key_anime }}" + RADARR__POSTGRES__HOST: "{{ .pgbouncer-host }}" + RADARR__POSTGRES__USER: "{{ .user }}" + RADARR__POSTGRES__PASSWORD: "{{ .password }}" + RADARR__POSTGRES__PORT: "{{ .port }}" + RADARR__POSTGRES__MAINDB: radarr_main + dataFrom: + - extract: + key: postgres-pguser-radarr-anime + - extract: + key: pushover + - extract: + key: radarr diff --git a/kubernetes/apps/anime/radarr/app/helmrelease.yaml b/kubernetes/apps/anime/radarr/app/helmrelease.yaml new file mode 100644 index 00000000..e2f18f43 --- /dev/null +++ b/kubernetes/apps/anime/radarr/app/helmrelease.yaml @@ -0,0 +1,117 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app radarr-anime +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + strategy: rollback + values: + controllers: + radarr: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/onedr0p/radarr-develop + tag: 5.13.0.9361 + env: + RADARR__APP__INSTANCENAME: Radarr-Anime + RADARR__APP__THEME: dark + RADARR__AUTH__METHOD: External + RADARR__AUTH__REQUIRED: DisabledForLocalAddresses + RADARR__LOG__DBENABLED: "False" + RADARR__LOG__LEVEL: info + RADARR__SERVER__PORT: &port 80 + RADARR__UPDATE__BRANCH: develop + TZ: America/Chicago + envFrom: + - secretRef: + name: radarr-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 16Gi + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [10000] + service: + app: + controller: radarr + ports: + http: + port: *port + ingress: + app: + enabled: true + className: internal-nginx + hosts: + - host: &host "{{ .Release.Name }}.jahanson.tech" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + existingClaim: *app + tmp: + type: emptyDir + media: + type: nfs + server: 10.1.1.13 + path: /eru/media + globalMounts: + - path: /data/nas-media + moria-media: + type: nfs + server: 10.1.1.61 + path: /moria/media/ + globalMounts: + - path: /data/moria-media diff --git a/kubernetes/apps/anime/radarr/app/kustomization.yaml b/kubernetes/apps/anime/radarr/app/kustomization.yaml new file mode 100644 index 00000000..be13d2db --- /dev/null +++ b/kubernetes/apps/anime/radarr/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ../../../../templates/volsync diff --git a/kubernetes/apps/anime/radarr/ks.yaml b/kubernetes/apps/anime/radarr/ks.yaml new file mode 100644 index 00000000..2ec55a65 --- /dev/null +++ b/kubernetes/apps/anime/radarr/ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app radarr-anime + namespace: flux-system +spec: + targetNamespace: anime + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: crunchy-postgres-operator + - name: external-secrets-stores + - name: rook-ceph-cluster + - name: volsync + path: ./kubernetes/apps/anime/radarr/app + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 5Gi diff --git a/kubernetes/apps/anime/sonarr/app/externalsecret.yaml b/kubernetes/apps/anime/sonarr/app/externalsecret.yaml new file mode 100644 index 00000000..63b544d1 --- /dev/null +++ b/kubernetes/apps/anime/sonarr/app/externalsecret.yaml @@ -0,0 +1,31 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr +spec: + refreshInterval: 1m + secretStoreRef: + name: crunchy-pgo-secrets + kind: ClusterSecretStore + target: + name: sonarr-secret + template: + engineVersion: v2 + data: + PUSHOVER_TOKEN: "{{ .sonarr_token }}" + PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}" + SONARR__AUTH__APIKEY: "{{ .api_key_anime }}" + SONARR__POSTGRES__HOST: "{{ .pgbouncer-host }}" + SONARR__POSTGRES__USER: "{{ .user }}" + SONARR__POSTGRES__PASSWORD: "{{ .password }}" + SONARR__POSTGRES__PORT: "{{ .port }}" + SONARR__POSTGRES__MAINDB: sonarr_main + dataFrom: + - extract: + key: postgres-pguser-sonarr-anime + - extract: + key: pushover + - extract: + key: sonarr diff --git a/kubernetes/apps/anime/sonarr/app/helmrelease.yaml b/kubernetes/apps/anime/sonarr/app/helmrelease.yaml new file mode 100644 index 00000000..0e3e527c --- /dev/null +++ b/kubernetes/apps/anime/sonarr/app/helmrelease.yaml @@ -0,0 +1,117 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app sonarr-anime +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + strategy: rollback + values: + controllers: + sonarr: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/onedr0p/sonarr-develop + tag: 4.0.9.2513 + env: + SONARR__APP__INSTANCENAME: Sonarr-Anime + SONARR__APP__THEME: dark + SONARR__AUTH__METHOD: External + SONARR__AUTH__REQUIRED: DisabledForLocalAddresses + SONARR__LOG__DBENABLED: "False" + SONARR__LOG__LEVEL: info + SONARR__SERVER__PORT: &port 80 + SONARR__UPDATE__BRANCH: develop + TZ: America/Chicago + envFrom: + - secretRef: + name: sonarr-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 16Gi + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [10000] + service: + app: + controller: sonarr + ports: + http: + port: *port + ingress: + main: + enabled: true + className: internal-nginx + hosts: + - host: &host "{{ .Release.Name }}.jahanson.tech" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + existingClaim: *app + tmp: + type: emptyDir + media: + type: nfs + server: 10.1.1.13 + path: /eru/media + globalMounts: + - path: /data/nas-media + moria-media: + type: nfs + server: 10.1.1.61 + path: /moria/media/ + globalMounts: + - path: /data/moria-media diff --git a/kubernetes/apps/anime/sonarr/app/kustomization.yaml b/kubernetes/apps/anime/sonarr/app/kustomization.yaml new file mode 100644 index 00000000..be13d2db --- /dev/null +++ b/kubernetes/apps/anime/sonarr/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ../../../../templates/volsync diff --git a/kubernetes/apps/anime/sonarr/ks.yaml b/kubernetes/apps/anime/sonarr/ks.yaml new file mode 100644 index 00000000..15981535 --- /dev/null +++ b/kubernetes/apps/anime/sonarr/ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app sonarr-anime + namespace: flux-system +spec: + targetNamespace: anime + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: crunchy-postgres-operator + - name: external-secrets-stores + - name: volsync + - name: rook-ceph-cluster + path: ./kubernetes/apps/anime/sonarr/app + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 5Gi diff --git a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml index 7d8d9e82..5731ea51 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml @@ -123,12 +123,22 @@ spec: - radarr_main password: type: AlphaNumeric + - name: radarr-anime + databases: + - radarr_main + password: + type: AlphaNumeric - name: sonarr databases: - sonarr_logs - sonarr_main password: type: AlphaNumeric + - name: sonarr-anime + databases: + - sonarr_main + password: + type: AlphaNumeric - name: jellyseerr databases: - jellyseerr