Compare commits
180 commits
c0568711d5
...
39b11f9d26
Author | SHA1 | Date | |
---|---|---|---|
39b11f9d26 | |||
4d9a8e32d7 | |||
2f275ed5b9 | |||
f532b5416f | |||
58a3d4919b | |||
b4ecf685c3 | |||
c8b07d60c7 | |||
1bc4e9fdf3 | |||
f821f153d7 | |||
a63223df51 | |||
455218cf64 | |||
6b0cb19bfd | |||
65de770fcc | |||
c223f3e889 | |||
1e512d354c | |||
c3443e87be | |||
a070f8381b | |||
f4ec9777a5 | |||
3f2c831c66 | |||
f87492fb84 | |||
1f6a00c005 | |||
347aa68119 | |||
7b8ed73b92 | |||
e6878640ee | |||
a696c83d44 | |||
67c92a6f2d | |||
f5c5ab732d | |||
eb43276149 | |||
cfcb7ebe19 | |||
e0fd822691 | |||
7e91167a4c | |||
3849281f09 | |||
c4c03d75fb | |||
632d260a2e | |||
7b86253515 | |||
2c8cc873a7 | |||
36ec208d8d | |||
70fd6f6d3d | |||
a786069bcc | |||
c2a8a165e0 | |||
be0f0bc52e | |||
09baa7cf09 | |||
d9c56177da | |||
7f9e4a2504 | |||
ac4282a6c5 | |||
93d34a811b | |||
fe1088b239 | |||
646583d2aa | |||
ef47408716 | |||
aadd06696e | |||
19ca047ca1 | |||
7a94a4f790 | |||
b1820e8aea | |||
62b671125f | |||
c6de327c75 | |||
a2414374df | |||
4d18b83b81 | |||
6966e74fa6 | |||
d3692d298a | |||
22fbadfade | |||
91694926a7 | |||
e8892fa22a | |||
e3167d2370 | |||
1594910dd2 | |||
9a8e6b6291 | |||
84ed40827f | |||
b6dc54e192 | |||
9384099003 | |||
3dd13b051c | |||
aada4fd258 | |||
86a9bfd1cd | |||
612714efd6 | |||
845443720d | |||
e5a944afb8 | |||
ebbbbbc33c | |||
b096523f33 | |||
848f1a545a | |||
9e567aac0d | |||
767b4624d8 | |||
be4818bbb7 | |||
4a4089be7d | |||
fba72f86ef | |||
cddce8ed5b | |||
f5597e33c7 | |||
b54324d594 | |||
43d9ce9593 | |||
82cf626562 | |||
23f4d92e50 | |||
7861e27b6b | |||
2a3e7139fc | |||
c5b36d8ce2 | |||
b48e4a02c2 | |||
0cf1087754 | |||
4214515c6a | |||
acc8c0b920 | |||
5cde98f529 | |||
dde7c66b70 | |||
acf7bc72f0 | |||
302bdd77b2 | |||
cf3cd03a04 | |||
368dfad63f | |||
82eb531702 | |||
867f6a97ea | |||
db791c40c3 | |||
f65c3bb2b6 | |||
0582ccd81d | |||
16b79d9447 | |||
bc7e3294df | |||
68cdf5531e | |||
dbb62d28eb | |||
0bf3a2e727 | |||
362ffcdccc | |||
83e86b4b23 | |||
75a288c381 | |||
5e23e0fddd | |||
857d5f9f25 | |||
be59ac6eb6 | |||
491639f911 | |||
5e8a66dbf9 | |||
af1d0827c1 | |||
11470b3ddd | |||
f0d3933cd0 | |||
21394584fe | |||
eb0eacf99f | |||
94bee873e7 | |||
a567eda576 | |||
d6199e8db2 | |||
4154700932 | |||
279096ea11 | |||
9fed1b350f | |||
e45976ebf1 | |||
19c1d0d618 | |||
5e51ebcb9c | |||
3c8e5baa7b | |||
7cfc65d647 | |||
b0063fe8c4 | |||
9e94135f55 | |||
6abe2b9c4b | |||
fd8eb9cf19 | |||
fbe5c55308 | |||
9a0afa2aa4 | |||
877380899e | |||
93afdb3fe7 | |||
d85993b354 | |||
750b19f1e5 | |||
5f034598a9 | |||
6aea997c48 | |||
c05674b76b | |||
28d581634d | |||
5e8add9c86 | |||
338004fa0a | |||
a7b8662796 | |||
76e7901a2f | |||
4f604ba608 | |||
de94de0b2a | |||
4bc53661ad | |||
f1fdda6bdd | |||
6aaf58e8be | |||
ae41bd8a6e | |||
a894c9932b | |||
134cc34515 | |||
52a4fc077b | |||
5051f5b6f4 | |||
587565c0ed | |||
ba526c130b | |||
c7037694fa | |||
45d91c392d | |||
acba2f290f | |||
aa7119a6e4 | |||
b56314020a | |||
d67ed006ca | |||
d0d86351c1 | |||
1ee483d322 | |||
efb553e50b | |||
487976e388 | |||
7c8802e3bf | |||
e906b8239d | |||
e6b1302167 | |||
4ec7a417e7 | |||
fdc61be74e |
218 changed files with 6716 additions and 606 deletions
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -3,9 +3,12 @@
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: vault
|
name: &app vault
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
interval: 1m
|
interval: 1m
|
||||||
path: "./kubernetes/apps/security/vault/app"
|
path: "./kubernetes/apps/security/vault/app"
|
||||||
prune: true
|
prune: true
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
"automerge": true,
|
"automerge": true,
|
||||||
"automergeType": "branch",
|
"automergeType": "branch",
|
||||||
"matchUpdateTypes": ["digest"],
|
"matchUpdateTypes": ["digest"],
|
||||||
"matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s"],
|
"matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s", "ghcr.io/bjw-s-labs"],
|
||||||
"ignoreTests": true
|
"ignoreTests": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://taskfile.dev/schema.json
|
# yaml-language-server: $schema=https://taskfile.dev/schema.json
|
||||||
version: "3"
|
version: '3'
|
||||||
|
|
||||||
# This taskfile is used to manage certain VolSync tasks for a given application, limitations are described below.
|
# This taskfile is used to manage certain VolSync tasks for a given application, limitations are described below.
|
||||||
# 1. Fluxtomization, HelmRelease, PVC, ReplicationSource all have the same name (e.g. plex)
|
# 1. Fluxtomization, HelmRelease, PVC, ReplicationSource all have the same name (e.g. plex)
|
||||||
|
@ -8,215 +8,129 @@ version: "3"
|
||||||
# 3. Applications are deployed as either a Kubernetes Deployment or StatefulSet
|
# 3. Applications are deployed as either a Kubernetes Deployment or StatefulSet
|
||||||
# 4. Each application only has one PVC that is being replicated
|
# 4. Each application only has one PVC that is being replicated
|
||||||
|
|
||||||
x-env-vars: &env-vars
|
|
||||||
app: "{{.app}}"
|
|
||||||
claim: "{{.claim}}"
|
|
||||||
controller: "{{.controller}}"
|
|
||||||
job: "{{.job}}"
|
|
||||||
ns: "{{.ns}}"
|
|
||||||
pgid: "{{.pgid}}"
|
|
||||||
previous: "{{.previous}}"
|
|
||||||
puid: "{{.puid}}"
|
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
VOLSYNC_RESOURCES_DIR: "{{.ROOT_DIR}}/.taskfiles/volsync/resources"
|
VOLSYNC_RESOURCES_DIR: '{{.ROOT_DIR}}/.taskfiles/volsync/resources'
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
state-*:
|
state-*:
|
||||||
desc: Suspend or Resume Volsync
|
desc: Suspend or Resume Volsync
|
||||||
summary: |
|
summary: |-
|
||||||
state: resume or suspend (required)
|
CLUSTER: Cluster to run command against (default: main)
|
||||||
dotenv: ['{{.VOLSYNC_RESOURCES_DIR}}/.env']
|
STATE: resume or suspend (required)
|
||||||
cmds:
|
cmds:
|
||||||
- flux --context $CLUSTER {{.state}} kustomization volsync
|
# - until kubectl wait jobs --all --all-namespaces --for=condition=complete --timeout=5m &>/dev/null; do sleep 5; done
|
||||||
- flux --context $CLUSTER -n {{.ns}} {{.state}} helmrelease volsync
|
- flux {{.STATE}} kustomization volsync
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} scale deployment volsync --replicas {{if eq "suspend" .state}}0{{else}}1{{end}}
|
- flux --namespace {{.NS}} {{.STATE}} helmrelease volsync
|
||||||
env: *env-vars
|
- kubectl --namespace {{.NS}} scale deployment --all --replicas {{if eq .STATE "suspend"}}0{{else}}1{{end}}
|
||||||
vars:
|
vars:
|
||||||
ns: '{{.ns | default "volsync-system"}}'
|
NS: '{{.NS | default "volsync-system"}}'
|
||||||
state: '{{index .MATCH 0}}'
|
STATE: '{{index .MATCH 0}}'
|
||||||
|
|
||||||
list:
|
|
||||||
desc: List snapshots for an application
|
|
||||||
summary: |
|
|
||||||
ns: Namespace the PVC is in (default: default)
|
|
||||||
app: Application to list snapshots for (required)
|
|
||||||
dotenv: ['{{.VOLSYNC_RESOURCES_DIR}}/.env']
|
|
||||||
cmds:
|
|
||||||
- /etc/profiles/per-user/jahanson/bin/envsubst < <(cat {{.VOLSYNC_RESOURCES_DIR}}/list.tmpl.yaml) | kubectl --context $CLUSTER apply -f -
|
|
||||||
- bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}} $CLUSTER
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=1m
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} logs job/{{.job}} --container main
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} delete job {{.job}}
|
|
||||||
env: *env-vars
|
|
||||||
requires:
|
requires:
|
||||||
vars: ["app"]
|
vars: [CLUSTER]
|
||||||
vars:
|
|
||||||
ns: '{{.ns | default "default"}}'
|
|
||||||
job: volsync-list-{{.app}}
|
|
||||||
preconditions:
|
|
||||||
- test -f /etc/profiles/per-user/jahanson/bin/envsubst
|
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh
|
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/list.tmpl.yaml
|
|
||||||
silent: true
|
|
||||||
|
|
||||||
unlock:
|
unlock:
|
||||||
desc: Unlock a Restic repository for an application
|
desc: Unlock all Restic repositories
|
||||||
summary: |
|
summary: |-
|
||||||
ns: Namespace the PVC is in (default: default)
|
CLUSTER: Cluster to run command against (default: main)
|
||||||
app: Application to unlock (required)
|
cmd: >
|
||||||
dotenv: ['{{.VOLSYNC_RESOURCES_DIR}}/.env']
|
kubectl get replicationsources --all-namespaces --no-headers -A | awk '{print $1, $2}'
|
||||||
cmds:
|
| xargs --max-procs=2 -l bash -c 'kubectl --namespace "$0" patch --field-manager=flux-client-side-apply replicationsources "$1" --type merge --patch "{\"spec\":{\"restic\":{\"unlock\":\"{{now | unixEpoch}}\"}}}"'
|
||||||
- /etc/profiles/per-user/jahanson/bin/envsubst < <(cat {{.VOLSYNC_RESOURCES_DIR}}/unlock.tmpl.yaml) | kubectl --context $CLUSTER apply -f -
|
|
||||||
- bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}} $CLUSTER
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=1m
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} logs job/{{.job}} --container minio
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} logs job/{{.job}} --container r2
|
|
||||||
- kubectl --context $CLUSTER -n {{.ns}} delete job {{.job}}
|
|
||||||
env: *env-vars
|
|
||||||
requires:
|
requires:
|
||||||
vars: ["app"]
|
vars: [CLUSTER]
|
||||||
vars:
|
|
||||||
ns: '{{.ns | default "default"}}'
|
|
||||||
job: volsync-unlock-{{.app}}
|
|
||||||
preconditions:
|
|
||||||
- test -f /etc/profiles/per-user/jahanson/bin/envsubst
|
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh
|
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/unlock.tmpl.yaml
|
|
||||||
silent: true
|
|
||||||
|
|
||||||
# To run backup jobs in parallel for all replicationsources:
|
# To run backup jobs in parallel for all replicationsources:
|
||||||
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:snapshot app=$0 ns=$1'
|
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:snapshot APP=$0 NS=$1'
|
||||||
snapshot:
|
snapshot:
|
||||||
desc: Snapshot a PVC for an application
|
desc: Snapshot an application
|
||||||
summary: |
|
summary: |-
|
||||||
cluster: Cluster to run command against (required)
|
CLUSTER: Cluster to run command against (default: main)
|
||||||
ns: Namespace the PVC is in (default: default)
|
NS: Namespace the application is in (default: default)
|
||||||
app: Application to snapshot (required)
|
APP: Application to snapshot (required)
|
||||||
cmds:
|
cmds:
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} patch replicationsources {{.app}} --type merge -p '{"spec":{"trigger":{"manual":"{{.now}}"}}}'
|
- kubectl --namespace {{.NS}} patch replicationsources {{.APP}} --type merge -p '{"spec":{"trigger":{"manual":"{{now | unixEpoch}}"}}}'
|
||||||
- bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}} {{.cluster}}
|
- until kubectl --namespace {{.NS}} get job/{{.JOB}} &>/dev/null; do sleep 5; done
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=120m
|
- kubectl --namespace {{.NS}} wait job/{{.JOB}} --for=condition=complete --timeout=120m
|
||||||
env: *env-vars
|
|
||||||
requires:
|
|
||||||
vars: ["cluster", "app"]
|
|
||||||
vars:
|
vars:
|
||||||
now: '{{now | date "150405"}}'
|
NS: '{{.NS | default "default"}}'
|
||||||
ns: '{{.ns | default "default"}}'
|
JOB: volsync-src-{{.APP}}
|
||||||
job: volsync-src-{{.app}}
|
requires:
|
||||||
controller:
|
vars: [CLUSTER, APP]
|
||||||
sh: true && {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh {{.app}} {{.ns}} {{.cluster}}
|
|
||||||
preconditions:
|
preconditions:
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh
|
- kubectl --namespace {{.NS}} get replicationsources {{.APP}}
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh
|
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} get replicationsources {{.app}}
|
|
||||||
|
|
||||||
# To run restore jobs in parallel for all replicationdestinations:
|
# To run restore jobs in parallel for all replicationdestinations:
|
||||||
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:restore app=$0 ns=$1'
|
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:restore APP=$0 NS=$1'
|
||||||
restore:
|
restore:
|
||||||
desc: Restore a PVC for an application
|
desc: Restore an application
|
||||||
summary: |
|
summary: |-
|
||||||
cluster: Cluster to run command against (required)
|
CLUSTER: Cluster to run command against (default: main)
|
||||||
ns: Namespace the PVC is in (default: default)
|
NS: Namespace the application is in (default: default)
|
||||||
app: Application to restore (required)
|
APP: Application to restore (required)
|
||||||
previous: Previous number of snapshots to restore (default: 2)
|
PREVIOUS: Previous number of snapshots to restore (default: 2)
|
||||||
cmds:
|
cmds:
|
||||||
- { task: .suspend, vars: *env-vars }
|
- task: .suspend
|
||||||
- { task: .wipe, vars: *env-vars }
|
- task: .restore
|
||||||
- { task: .restore, vars: *env-vars }
|
- task: .resume
|
||||||
- { task: .resume, vars: *env-vars }
|
|
||||||
env: *env-vars
|
|
||||||
requires:
|
requires:
|
||||||
vars: ["cluster", "app"]
|
vars: [CLUSTER, APP]
|
||||||
vars:
|
|
||||||
ns: '{{.ns | default "default"}}'
|
|
||||||
previous: '{{.previous | default 2}}'
|
|
||||||
controller:
|
|
||||||
sh: "{{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh {{.app}} {{.ns}}"
|
|
||||||
claim:
|
|
||||||
sh: kubectl --context {{.cluster}} -n {{.ns}} get replicationsources/{{.app}} -o jsonpath="{.spec.sourcePVC}"
|
|
||||||
puid:
|
|
||||||
sh: kubectl --context {{.cluster}} -n {{.ns}} get replicationsources/{{.app}} -o jsonpath="{.spec.restic.moverSecurityContext.runAsUser}"
|
|
||||||
pgid:
|
|
||||||
sh: kubectl --context {{.cluster}} -n {{.ns}} get replicationsources/{{.app}} -o jsonpath="{.spec.restic.moverSecurityContext.runAsGroup}"
|
|
||||||
preconditions:
|
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
desc: Delete volume populator PVCs in all namespaces
|
|
||||||
summary: |
|
|
||||||
cluster: Cluster to run command against (required)
|
|
||||||
cmds:
|
|
||||||
- for: { var: dest }
|
|
||||||
cmd: |
|
|
||||||
{{- $items := (split "/" .ITEM) }}
|
|
||||||
kubectl --context {{.cluster}} delete pvc -n {{ $items._0 }} {{ $items._1 }}
|
|
||||||
- for: { var: cache }
|
|
||||||
cmd: |
|
|
||||||
{{- $items := (split "/" .ITEM) }}
|
|
||||||
kubectl --context {{.cluster}} delete pvc -n {{ $items._0 }} {{ $items._1 }}
|
|
||||||
- for: { var: snaps }
|
|
||||||
cmd: |
|
|
||||||
{{- $items := (split "/" .ITEM) }}
|
|
||||||
kubectl --context {{.cluster}} delete volumesnapshot -n {{ $items._0 }} {{ $items._1 }}
|
|
||||||
env: *env-vars
|
|
||||||
requires:
|
|
||||||
vars: ["cluster"]
|
|
||||||
vars:
|
|
||||||
dest:
|
|
||||||
sh: kubectl --context {{.cluster}} get pvc --all-namespaces --no-headers | grep "dst-dest" | awk '{print $1 "/" $2}'
|
|
||||||
cache:
|
|
||||||
sh: kubectl --context {{.cluster}} get pvc --all-namespaces --no-headers | grep "dst-cache" | awk '{print $1 "/" $2}'
|
|
||||||
snaps:
|
|
||||||
sh: kubectl --context {{.cluster}} get volumesnapshot --all-namespaces --no-headers | grep "dst-dest" | awk '{print $1 "/" $2}'
|
|
||||||
|
|
||||||
# Suspend the Flux ks and hr
|
|
||||||
.suspend:
|
.suspend:
|
||||||
internal: true
|
internal: true
|
||||||
cmds:
|
cmds:
|
||||||
- flux --context {{.cluster}} -n flux-system suspend kustomization {{.app}}
|
- flux --namespace flux-system suspend kustomization {{.APP}}
|
||||||
- flux --context {{.cluster}} -n {{.ns}} suspend helmrelease {{.app}}
|
- flux --namespace {{.NS}} suspend helmrelease {{.APP}}
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} scale {{.controller}} --replicas 0
|
- kubectl --namespace {{.NS}} scale {{.CONTROLLER}}/{{.APP}} --replicas 0
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} wait pod --for delete --selector="app.kubernetes.io/name={{.app}}" --timeout=2m
|
- kubectl --namespace {{.NS}} wait pod --for=delete --selector="app.kubernetes.io/name={{.APP}}" --timeout=5m
|
||||||
env: *env-vars
|
|
||||||
|
|
||||||
# Wipe the PVC of all data
|
|
||||||
.wipe:
|
|
||||||
internal: true
|
|
||||||
cmds:
|
|
||||||
- /etc/profiles/per-user/jahanson/bin/envsubst < <(cat {{.VOLSYNC_RESOURCES_DIR}}/wipe.tmpl.yaml) | kubectl --context {{.cluster}} apply -f -
|
|
||||||
- bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}} {{.cluster}}
|
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=120m
|
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} logs job/{{.job}} --container main
|
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} delete job {{.job}}
|
|
||||||
env: *env-vars
|
|
||||||
vars:
|
vars:
|
||||||
job: volsync-wipe-{{.app}}
|
NS: '{{.NS | default "default"}}'
|
||||||
preconditions:
|
APP: '{{.APP}}'
|
||||||
- test -f /etc/profiles/per-user/jahanson/bin/envsubst
|
CONTROLLER:
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/wipe.tmpl.yaml
|
sh: kubectl --namespace {{.NS}} get deployment {{.APP}} &>/dev/null && echo deployment || echo statefulset
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh
|
|
||||||
|
|
||||||
# Create VolSync replicationdestination CR to restore data
|
|
||||||
.restore:
|
.restore:
|
||||||
internal: true
|
internal: true
|
||||||
cmds:
|
cmds:
|
||||||
- /etc/profiles/per-user/jahanson/bin/envsubst < <(cat {{.VOLSYNC_RESOURCES_DIR}}/replicationdestination.tmpl.yaml) | kubectl --context {{.cluster}} apply -f -
|
- minijinja-cli --env --trim-blocks --lstrip-blocks --autoescape=none {{.VOLSYNC_RESOURCES_DIR}}/replicationdestination.yaml.j2 | kubectl apply --server-side --filename -
|
||||||
- bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}} {{.cluster}}
|
- until kubectl --namespace {{.NS}} get job/{{.JOB}} &>/dev/null; do sleep 5; done
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=120m
|
- kubectl --namespace {{.NS}} wait job/{{.JOB}} --for=condition=complete --timeout=120m
|
||||||
- kubectl --context {{.cluster}} -n {{.ns}} delete replicationdestination {{.job}}
|
- kubectl --namespace {{.NS}} delete replicationdestination {{.JOB}}
|
||||||
env: *env-vars
|
|
||||||
vars:
|
vars:
|
||||||
job: volsync-dst-{{.app}}
|
NS: '{{.NS | default "default"}}'
|
||||||
|
JOB: volsync-dst-{{.APP}}
|
||||||
|
PREVIOUS: '{{.PREVIOUS | default 2}}'
|
||||||
|
CLAIM:
|
||||||
|
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.sourcePVC}"
|
||||||
|
ACCESS_MODES:
|
||||||
|
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.restic.accessModes}"
|
||||||
|
STORAGE_CLASS_NAME:
|
||||||
|
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.restic.storageClassName}"
|
||||||
|
PUID:
|
||||||
|
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.restic.moverSecurityContext.runAsUser}"
|
||||||
|
PGID:
|
||||||
|
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.restic.moverSecurityContext.runAsGroup}"
|
||||||
|
env:
|
||||||
|
NS: '{{.NS}}'
|
||||||
|
JOB: '{{.JOB}}'
|
||||||
|
APP: '{{.APP}}'
|
||||||
|
PREVIOUS: '{{.PREVIOUS}}'
|
||||||
|
CLAIM: '{{.CLAIM}}'
|
||||||
|
ACCESS_MODES: '{{.ACCESS_MODES}}'
|
||||||
|
STORAGE_CLASS_NAME: '{{.STORAGE_CLASS_NAME}}'
|
||||||
|
PUID: '{{.PUID}}'
|
||||||
|
PGID: '{{.PGID}}'
|
||||||
preconditions:
|
preconditions:
|
||||||
- test -f /etc/profiles/per-user/jahanson/bin/envsubst
|
- test -f {{.VOLSYNC_RESOURCES_DIR}}/replicationdestination.yaml.j2
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/replicationdestination.tmpl.yaml
|
|
||||||
- test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh
|
|
||||||
|
|
||||||
# Resume Flux ks and hr
|
|
||||||
.resume:
|
.resume:
|
||||||
internal: true
|
internal: true
|
||||||
cmds:
|
cmds:
|
||||||
- flux --context {{.cluster}} -n {{.ns}} resume helmrelease {{.app}}
|
- flux --namespace {{.NS}} resume helmrelease {{.APP}}
|
||||||
- flux --context {{.cluster}} -n flux-system resume kustomization {{.app}}
|
- flux --namespace flux-system resume kustomization {{.APP}}
|
||||||
env: *env-vars
|
- kubectl --namespace {{.NS}} scale {{.CONTROLLER}}/{{.APP}} --replicas 1
|
||||||
|
- kubectl --namespace {{.NS}} wait pod --for=condition=ready --selector="app.kubernetes.io/name={{.APP}}" --timeout=5m
|
||||||
|
vars:
|
||||||
|
NS: '{{.NS | default "default"}}'
|
||||||
|
APP: '{{.APP}}'
|
||||||
|
CONTROLLER:
|
||||||
|
sh: kubectl --namespace {{.NS}} get deployment {{.APP}} &>/dev/null && echo deployment || echo statefulset
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
CLUSTER=theshire
|
|
|
@ -1,20 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: ${job}
|
|
||||||
namespace: ${ns}
|
|
||||||
spec:
|
|
||||||
ttlSecondsAfterFinished: 3600
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
containers:
|
|
||||||
- name: main
|
|
||||||
image: docker.io/restic/restic:latest
|
|
||||||
args: ["snapshots"]
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: ${app}-volsync-r2-secret
|
|
||||||
resources: {}
|
|
|
@ -1,31 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: volsync.backube/v1alpha1
|
|
||||||
kind: ReplicationDestination
|
|
||||||
metadata:
|
|
||||||
name: ${job}
|
|
||||||
namespace: ${ns}
|
|
||||||
spec:
|
|
||||||
trigger:
|
|
||||||
manual: restore-once
|
|
||||||
restic:
|
|
||||||
repository: ${app}-volsync-r2-secret
|
|
||||||
destinationPVC: ${claim}
|
|
||||||
copyMethod: Direct
|
|
||||||
storageClassName: ceph-block
|
|
||||||
# storageClassName: ceph-filesystem
|
|
||||||
# accessModes: ["ReadWriteMany"]
|
|
||||||
# IMPORTANT NOTE:
|
|
||||||
# Set to the last X number of snapshots to restore from
|
|
||||||
previous: ${previous}
|
|
||||||
# OR;
|
|
||||||
# IMPORTANT NOTE:
|
|
||||||
# On bootstrap set `restoreAsOf` to the time the old cluster was destroyed.
|
|
||||||
# This will essentially prevent volsync from trying to restore a backup
|
|
||||||
# from a application that started with default data in the PVC.
|
|
||||||
# Do not restore snapshots made after the following RFC3339 Timestamp.
|
|
||||||
# date --rfc-3339=seconds (--utc)
|
|
||||||
# restoreAsOf: "2022-12-10T16:00:00-05:00"
|
|
||||||
moverSecurityContext:
|
|
||||||
runAsUser: ${puid}
|
|
||||||
runAsGroup: ${pgid}
|
|
||||||
fsGroup: ${pgid}
|
|
23
.taskfiles/volsync/resources/replicationdestination.yaml.j2
Normal file
23
.taskfiles/volsync/resources/replicationdestination.yaml.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
apiVersion: volsync.backube/v1alpha1
|
||||||
|
kind: ReplicationDestination
|
||||||
|
metadata:
|
||||||
|
name: {{ ENV.JOB }}
|
||||||
|
namespace: {{ ENV.NS }}
|
||||||
|
spec:
|
||||||
|
trigger:
|
||||||
|
manual: restore-once
|
||||||
|
restic:
|
||||||
|
repository: {{ ENV.APP }}-volsync-secret
|
||||||
|
destinationPVC: {{ ENV.CLAIM }}
|
||||||
|
copyMethod: Direct
|
||||||
|
storageClassName: {{ ENV.STORAGE_CLASS_NAME }}
|
||||||
|
accessModes: {{ ENV.ACCESS_MODES }}
|
||||||
|
previous: {{ ENV.PREVIOUS }}
|
||||||
|
enableFileDeletion: true
|
||||||
|
cleanupCachePVC: true
|
||||||
|
cleanupTempPVC: true
|
||||||
|
moverSecurityContext:
|
||||||
|
runAsUser: {{ ENV.PUID }}
|
||||||
|
runAsGroup: {{ ENV.PGID }}
|
||||||
|
fsGroup: {{ ENV.PGID }}
|
|
@ -1,27 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: ${job}
|
|
||||||
namespace: ${ns}
|
|
||||||
spec:
|
|
||||||
ttlSecondsAfterFinished: 3600
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
containers:
|
|
||||||
- name: minio
|
|
||||||
image: docker.io/restic/restic:latest
|
|
||||||
args: ["unlock", "--remove-all"]
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: ${app}-volsync-secret
|
|
||||||
resources: {}
|
|
||||||
- name: r2
|
|
||||||
image: docker.io/restic/restic:latest
|
|
||||||
args: ["unlock", "--remove-all"]
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: ${app}-volsync-r2-secret
|
|
||||||
resources: {}
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
JOB=$1
|
|
||||||
NAMESPACE="${2:-default}"
|
|
||||||
CLUSTER="${3:-main}"
|
|
||||||
|
|
||||||
[[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1
|
|
||||||
while true; do
|
|
||||||
STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')"
|
|
||||||
if [ "${STATUS}" == "Pending" ]; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
sleep 1
|
|
||||||
done
|
|
|
@ -1,22 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
APP=$1
|
|
||||||
NAMESPACE="${2:-default}"
|
|
||||||
CLUSTER="${3:-theshire}"
|
|
||||||
|
|
||||||
is_deployment() {
|
|
||||||
kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get deployment "${APP}" >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
is_statefulset() {
|
|
||||||
kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get statefulset "${APP}" >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
if is_deployment; then
|
|
||||||
echo "deployment.apps/${APP}"
|
|
||||||
elif is_statefulset; then
|
|
||||||
echo "statefulset.apps/${APP}"
|
|
||||||
else
|
|
||||||
echo "No deployment or statefulset found for ${APP}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: ${job}
|
|
||||||
namespace: ${ns}
|
|
||||||
spec:
|
|
||||||
ttlSecondsAfterFinished: 3600
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
containers:
|
|
||||||
- name: main
|
|
||||||
image: docker.io/library/alpine:latest
|
|
||||||
command: ["/bin/sh", "-c", "cd /config; find . -delete"]
|
|
||||||
volumeMounts:
|
|
||||||
- name: config
|
|
||||||
mountPath: /config
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
resources: {}
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: ${claim}
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: docker.io/ollama/ollama
|
repository: docker.io/ollama/ollama
|
||||||
tag: 0.3.12
|
tag: 0.3.14
|
||||||
env:
|
env:
|
||||||
- name: OLLAMA_HOST
|
- name: OLLAMA_HOST
|
||||||
value: 0.0.0.0
|
value: 0.0.0.0
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
13
kubernetes/apps/anime/kustomization.yaml
Normal file
13
kubernetes/apps/anime/kustomization.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
# Pre Flux-Kustomizations
|
||||||
|
- ./namespace.yaml
|
||||||
|
# Flux-Kustomizations
|
||||||
|
# - ./jellyfin/ks.yaml # sqlite
|
||||||
|
# - ./jellyseerr/ks.yaml # sqlite
|
||||||
|
- ./radarr/ks.yaml # postgres
|
||||||
|
# - ./shoko/ks.yaml # sqlite
|
||||||
|
- ./sonarr/ks.yaml # postgres
|
9
kubernetes/apps/anime/namespace.yaml
Normal file
9
kubernetes/apps/anime/namespace.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: anime
|
||||||
|
labels:
|
||||||
|
kustomize.toolkit.fluxcd.io/prune: disabled
|
||||||
|
volsync.backube/privileged-movers: "true"
|
||||||
|
pgo-enabled-hsn.dev: "true"
|
46
kubernetes/apps/anime/radarr/app/externalsecret.yaml
Normal file
46
kubernetes/apps/anime/radarr/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: radarr
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: radarr-secret
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
PUSHOVER_TOKEN: "{{ .radarr_token }}"
|
||||||
|
PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}"
|
||||||
|
RADARR__AUTH__APIKEY: "{{ .api_key_anime }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: pushover
|
||||||
|
- extract:
|
||||||
|
key: radarr
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: radarr-db
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
name: crunchy-pgo-secrets
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: radarr-db-secret
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
RADARR__POSTGRES__HOST: "{{ index . \"pgbouncer-host\" }}"
|
||||||
|
RADARR__POSTGRES__USER: "{{ .user }}"
|
||||||
|
RADARR__POSTGRES__PASSWORD: "{{ .password }}"
|
||||||
|
RADARR__POSTGRES__PORT: "{{ .port }}"
|
||||||
|
RADARR__POSTGRES__MAINDB: "{{ .dbname }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: postgres-pguser-radarr-anime
|
119
kubernetes/apps/anime/radarr/app/helmrelease.yaml
Normal file
119
kubernetes/apps/anime/radarr/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: &app radarr-anime
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 3.5.1
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjw-s
|
||||||
|
namespace: flux-system
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
strategy: rollback
|
||||||
|
values:
|
||||||
|
controllers:
|
||||||
|
radarr:
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
containers:
|
||||||
|
app:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/radarr-develop
|
||||||
|
tag: 5.13.0.9361
|
||||||
|
env:
|
||||||
|
RADARR__APP__INSTANCENAME: Radarr-Anime
|
||||||
|
RADARR__APP__THEME: dark
|
||||||
|
RADARR__AUTH__METHOD: External
|
||||||
|
RADARR__AUTH__REQUIRED: DisabledForLocalAddresses
|
||||||
|
RADARR__LOG__DBENABLED: "False"
|
||||||
|
RADARR__LOG__LEVEL: info
|
||||||
|
RADARR__SERVER__PORT: &port 80
|
||||||
|
RADARR__UPDATE__BRANCH: develop
|
||||||
|
TZ: America/Chicago
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: radarr-secret
|
||||||
|
- secretRef:
|
||||||
|
name: radarr-db-secret
|
||||||
|
probes:
|
||||||
|
liveness: &probes
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
httpGet:
|
||||||
|
path: /ping
|
||||||
|
port: *port
|
||||||
|
initialDelaySeconds: 0
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 1
|
||||||
|
failureThreshold: 3
|
||||||
|
readiness: *probes
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities: { drop: ["ALL"] }
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
limits:
|
||||||
|
memory: 6Gi
|
||||||
|
pod:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 568
|
||||||
|
runAsGroup: 568
|
||||||
|
runAsNonRoot: true
|
||||||
|
fsGroup: 568
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
supplementalGroups: [10000]
|
||||||
|
service:
|
||||||
|
app:
|
||||||
|
controller: radarr
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: *port
|
||||||
|
ingress:
|
||||||
|
app:
|
||||||
|
enabled: true
|
||||||
|
className: internal-nginx
|
||||||
|
hosts:
|
||||||
|
- host: &host "{{ .Release.Name }}.jahanson.tech"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
service:
|
||||||
|
identifier: app
|
||||||
|
port: http
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: *app
|
||||||
|
tmp:
|
||||||
|
type: emptyDir
|
||||||
|
media:
|
||||||
|
type: nfs
|
||||||
|
server: 10.1.1.13
|
||||||
|
path: /eru/media
|
||||||
|
globalMounts:
|
||||||
|
- path: /data/nas-media
|
||||||
|
moria-media:
|
||||||
|
type: nfs
|
||||||
|
server: 10.1.1.61
|
||||||
|
path: /moria/media/
|
||||||
|
globalMounts:
|
||||||
|
- path: /data/moria-media
|
8
kubernetes/apps/anime/radarr/app/kustomization.yaml
Normal file
8
kubernetes/apps/anime/radarr/app/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./externalsecret.yaml
|
||||||
|
- ./helmrelease.yaml
|
||||||
|
- ../../../../templates/volsync
|
29
kubernetes/apps/anime/radarr/ks.yaml
Normal file
29
kubernetes/apps/anime/radarr/ks.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app radarr-anime
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: anime
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
dependsOn:
|
||||||
|
- name: crunchy-postgres-operator
|
||||||
|
- name: external-secrets-stores
|
||||||
|
- name: rook-ceph-cluster
|
||||||
|
- name: volsync
|
||||||
|
path: ./kubernetes/apps/anime/radarr/app
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
timeout: 5m
|
||||||
|
postBuild:
|
||||||
|
substitute:
|
||||||
|
APP: *app
|
||||||
|
VOLSYNC_CAPACITY: 5Gi
|
47
kubernetes/apps/anime/sonarr/app/externalsecret.yaml
Normal file
47
kubernetes/apps/anime/sonarr/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: sonarr
|
||||||
|
spec:
|
||||||
|
refreshInterval: 1m
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: sonarr-secret
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
PUSHOVER_TOKEN: "{{ .sonarr_token }}"
|
||||||
|
PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}"
|
||||||
|
SONARR__AUTH__APIKEY: "{{ .api_key_anime }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: pushover
|
||||||
|
- extract:
|
||||||
|
key: sonarr
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: sonarr-db
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
name: crunchy-pgo-secrets
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: sonarr-db-secret
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
SONARR__POSTGRES__HOST: "{{ index . \"pgbouncer-host\" }}"
|
||||||
|
SONARR__POSTGRES__USER: "{{ .user }}"
|
||||||
|
SONARR__POSTGRES__PASSWORD: "{{ .password }}"
|
||||||
|
SONARR__POSTGRES__PORT: "{{ .port }}"
|
||||||
|
SONARR__POSTGRES__MAINDB: "{{ .dbname }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: postgres-pguser-sonarr-anime
|
119
kubernetes/apps/anime/sonarr/app/helmrelease.yaml
Normal file
119
kubernetes/apps/anime/sonarr/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: &app sonarr-anime
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 3.5.1
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjw-s
|
||||||
|
namespace: flux-system
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
strategy: rollback
|
||||||
|
values:
|
||||||
|
controllers:
|
||||||
|
sonarr:
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
containers:
|
||||||
|
app:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/sonarr-develop
|
||||||
|
tag: 4.0.9.2513
|
||||||
|
env:
|
||||||
|
SONARR__APP__INSTANCENAME: Sonarr-Anime
|
||||||
|
SONARR__APP__THEME: dark
|
||||||
|
SONARR__AUTH__METHOD: External
|
||||||
|
SONARR__AUTH__REQUIRED: DisabledForLocalAddresses
|
||||||
|
SONARR__LOG__DBENABLED: "False"
|
||||||
|
SONARR__LOG__LEVEL: info
|
||||||
|
SONARR__SERVER__PORT: &port 80
|
||||||
|
SONARR__UPDATE__BRANCH: develop
|
||||||
|
TZ: America/Chicago
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: sonarr-secret
|
||||||
|
- secretRef:
|
||||||
|
name: sonarr-db-secret
|
||||||
|
probes:
|
||||||
|
liveness: &probes
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
httpGet:
|
||||||
|
path: /ping
|
||||||
|
port: *port
|
||||||
|
initialDelaySeconds: 0
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
|
readiness: *probes
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities: { drop: ["ALL"] }
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
limits:
|
||||||
|
memory: 6Gi
|
||||||
|
pod:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 568
|
||||||
|
runAsGroup: 568
|
||||||
|
runAsNonRoot: true
|
||||||
|
fsGroup: 568
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
supplementalGroups: [10000]
|
||||||
|
service:
|
||||||
|
app:
|
||||||
|
controller: sonarr
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: *port
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
className: internal-nginx
|
||||||
|
hosts:
|
||||||
|
- host: &host "{{ .Release.Name }}.jahanson.tech"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
service:
|
||||||
|
identifier: app
|
||||||
|
port: http
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: *app
|
||||||
|
tmp:
|
||||||
|
type: emptyDir
|
||||||
|
media:
|
||||||
|
type: nfs
|
||||||
|
server: 10.1.1.13
|
||||||
|
path: /eru/media
|
||||||
|
globalMounts:
|
||||||
|
- path: /data/nas-media
|
||||||
|
moria-media:
|
||||||
|
type: nfs
|
||||||
|
server: 10.1.1.61
|
||||||
|
path: /moria/media/
|
||||||
|
globalMounts:
|
||||||
|
- path: /data/moria-media
|
8
kubernetes/apps/anime/sonarr/app/kustomization.yaml
Normal file
8
kubernetes/apps/anime/sonarr/app/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./externalsecret.yaml
|
||||||
|
- ./helmrelease.yaml
|
||||||
|
- ../../../../templates/volsync
|
29
kubernetes/apps/anime/sonarr/ks.yaml
Normal file
29
kubernetes/apps/anime/sonarr/ks.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app sonarr-anime
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: anime
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
dependsOn:
|
||||||
|
- name: crunchy-postgres-operator
|
||||||
|
- name: external-secrets-stores
|
||||||
|
- name: volsync
|
||||||
|
- name: rook-ceph-cluster
|
||||||
|
path: ./kubernetes/apps/anime/sonarr/app
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
timeout: 5m
|
||||||
|
postBuild:
|
||||||
|
substitute:
|
||||||
|
APP: *app
|
||||||
|
VOLSYNC_CAPACITY: 5Gi
|
|
@ -3,9 +3,12 @@
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: cert-manager
|
name: &app cert-manager
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: "./kubernetes/apps/cert-manager/cert-manager/app"
|
path: "./kubernetes/apps/cert-manager/cert-manager/app"
|
||||||
prune: true
|
prune: true
|
||||||
|
@ -18,9 +21,12 @@ spec:
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: cert-manager-issuers
|
name: &app cert-manager-issuers
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: "./kubernetes/apps/cert-manager/cert-manager/issuers"
|
path: "./kubernetes/apps/cert-manager/cert-manager/issuers"
|
||||||
prune: true
|
prune: true
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -3,9 +3,12 @@
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: cert-manager-webhook-dnsimple
|
name: &app cert-manager-webhook-dnsimple
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
targetNamespace: cert-manager
|
targetNamespace: cert-manager
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: "./kubernetes/apps/cert-manager/webhook-dnsimple/app"
|
path: "./kubernetes/apps/cert-manager/webhook-dnsimple/app"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,5 +20,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -5,6 +5,7 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./externalsecret.yaml
|
- ./externalsecret.yaml
|
||||||
- ./gatus.yaml
|
- ./gatus.yaml
|
||||||
|
- ./podmonitor.yaml
|
||||||
- ./postgrescluster.yaml
|
- ./postgrescluster.yaml
|
||||||
- ./pushsecret.yaml
|
- ./pushsecret.yaml
|
||||||
- ./service.yaml
|
- ./service.yaml
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/podmonitor_v1.json
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: cpgo-postgres
|
||||||
|
spec:
|
||||||
|
jobLabel: cpgo-postgres
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- database
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- honorLabels: true
|
||||||
|
path: /metrics
|
||||||
|
port: exporter
|
||||||
|
relabelings:
|
||||||
|
- sourceLabels:
|
||||||
|
[
|
||||||
|
"__meta_kubernetes_namespace",
|
||||||
|
"__meta_kubernetes_pod_label_postgres_operator_crunchydata_com_cluster",
|
||||||
|
]
|
||||||
|
targetLabel: pg_cluster
|
||||||
|
separator: "/"
|
||||||
|
replacement: "$1$2"
|
||||||
|
- sourceLabels:
|
||||||
|
[
|
||||||
|
__meta_kubernetes_pod_label_postgres_operator_crunchydata_com_instance,
|
||||||
|
]
|
||||||
|
targetLabel: deployment
|
||||||
|
- sourceLabels:
|
||||||
|
[__meta_kubernetes_pod_label_postgres_operator_crunchydata_com_role]
|
||||||
|
targetLabel: role
|
||||||
|
- sourceLabels: [__meta_kubernetes_pod_name]
|
||||||
|
targetLabel: instance
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
postgres-operator.crunchydata.com/cluster: postgres
|
||||||
|
postgres-operator.crunchydata.com/crunchy-postgres-exporter: "true"
|
|
@ -23,7 +23,13 @@ spec:
|
||||||
pgmonitor:
|
pgmonitor:
|
||||||
exporter:
|
exporter:
|
||||||
# https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml
|
# https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml
|
||||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-3
|
# image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-12
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 64M
|
||||||
|
limits:
|
||||||
|
memory: 512M
|
||||||
|
|
||||||
patroni: # turn on sync writes to at least 1 other replica
|
patroni: # turn on sync writes to at least 1 other replica
|
||||||
dynamicConfiguration:
|
dynamicConfiguration:
|
||||||
|
@ -39,7 +45,7 @@ spec:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: crunchy-postgres
|
app.kubernetes.io/name: crunchy-postgres
|
||||||
replicas: &replica 1
|
replicas: &replica 2
|
||||||
dataVolumeClaimSpec:
|
dataVolumeClaimSpec:
|
||||||
storageClassName: openebs-hostpath
|
storageClassName: openebs-hostpath
|
||||||
accessModes:
|
accessModes:
|
||||||
|
@ -117,12 +123,22 @@ spec:
|
||||||
- radarr_main
|
- radarr_main
|
||||||
password:
|
password:
|
||||||
type: AlphaNumeric
|
type: AlphaNumeric
|
||||||
|
- name: radarr-anime
|
||||||
|
databases:
|
||||||
|
- radarr_anime
|
||||||
|
password:
|
||||||
|
type: AlphaNumeric
|
||||||
- name: sonarr
|
- name: sonarr
|
||||||
databases:
|
databases:
|
||||||
- sonarr_logs
|
- sonarr_logs
|
||||||
- sonarr_main
|
- sonarr_main
|
||||||
password:
|
password:
|
||||||
type: AlphaNumeric
|
type: AlphaNumeric
|
||||||
|
- name: sonarr-anime
|
||||||
|
databases:
|
||||||
|
- sonarr_anime
|
||||||
|
password:
|
||||||
|
type: AlphaNumeric
|
||||||
- name: jellyseerr
|
- name: jellyseerr
|
||||||
databases:
|
databases:
|
||||||
- jellyseerr
|
- jellyseerr
|
||||||
|
@ -177,6 +193,12 @@ spec:
|
||||||
pgBouncer:
|
pgBouncer:
|
||||||
port: 5432
|
port: 5432
|
||||||
replicas: *replica
|
replicas: *replica
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: pgbouncer.jahanson.tech
|
||||||
|
io.cilium/lb-ipam-ips: 10.1.1.36
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: crunchy-postgres-pgbouncer
|
app.kubernetes.io/name: crunchy-postgres-pgbouncer
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: pgo
|
chart: pgo
|
||||||
version: 5.6.1
|
version: 5.7.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: crunchydata
|
name: crunchydata
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -5,7 +5,7 @@ kind: Dragonfly
|
||||||
metadata:
|
metadata:
|
||||||
name: dragonfly
|
name: dragonfly
|
||||||
spec:
|
spec:
|
||||||
image: ghcr.io/dragonflydb/dragonfly:v1.23.2
|
image: ghcr.io/dragonflydb/dragonfly:v1.24.0
|
||||||
replicas: 3
|
replicas: 3
|
||||||
env:
|
env:
|
||||||
- name: MAX_MEMORY
|
- name: MAX_MEMORY
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -42,5 +41,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -44,17 +44,17 @@ spec:
|
||||||
{
|
{
|
||||||
"user_id": "tasmota",
|
"user_id": "tasmota",
|
||||||
"password": "{{ .x_emqx_tasmota_password }}",
|
"password": "{{ .x_emqx_tasmota_password }}",
|
||||||
"is_superuser": true # Until I can figure out authorization in emqx
|
"is_superuser": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"user_id": "zwave",
|
"user_id": "zwave",
|
||||||
"password": "{{ .x_emqx_homeassistant_password }}",
|
"password": "{{ .x_emqx_homeassistant_password }}",
|
||||||
"is_superuser": true # Until I can figure out authorization in emqx
|
"is_superuser": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"user_id": "zwave",
|
"user_id": "zwave",
|
||||||
"password": "{{ .x_emqx_zwave_password }}",
|
"password": "{{ .x_emqx_zwave_password }}",
|
||||||
"is_superuser": true # Until I can figure out authorization in emqx
|
"is_superuser": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: emqx-operator
|
chart: emqx-operator
|
||||||
version: 2.2.24
|
version: 2.2.25
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: emqx
|
name: emqx
|
||||||
|
@ -26,6 +26,8 @@ spec:
|
||||||
- name: cert-manager
|
- name: cert-manager
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
values:
|
values:
|
||||||
|
podannotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
fullnameOverride: emqx-operator
|
fullnameOverride: emqx-operator
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/emqx/emqx-operator
|
repository: ghcr.io/emqx/emqx-operator
|
||||||
|
|
|
@ -5,7 +5,7 @@ kind: EMQX
|
||||||
metadata:
|
metadata:
|
||||||
name: emqx
|
name: emqx
|
||||||
spec:
|
spec:
|
||||||
image: public.ecr.aws/emqx/emqx:5.8.0
|
image: public.ecr.aws/emqx/emqx:5.8.1
|
||||||
config:
|
config:
|
||||||
mode: Merge
|
mode: Merge
|
||||||
coreTemplate:
|
coreTemplate:
|
||||||
|
|
|
@ -2,7 +2,7 @@ authentication {
|
||||||
backend = "built_in_database"
|
backend = "built_in_database"
|
||||||
mechanism = "password_based"
|
mechanism = "password_based"
|
||||||
password_hash_algorithm {
|
password_hash_algorithm {
|
||||||
name = "bcrypt",
|
name = "bcrypt"
|
||||||
}
|
}
|
||||||
user_id_type = "username"
|
user_id_type = "username"
|
||||||
bootstrap_file = "/opt/init-user.json"
|
bootstrap_file = "/opt/init-user.json"
|
||||||
|
@ -11,11 +11,6 @@ authentication {
|
||||||
|
|
||||||
authorization {
|
authorization {
|
||||||
sources = [
|
sources = [
|
||||||
{
|
|
||||||
type = file
|
|
||||||
enable = true
|
|
||||||
path = "/opt/acl.conf"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
type = built_in_database
|
type = built_in_database
|
||||||
enable = true
|
enable = true
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -42,5 +41,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/autobrr/autobrr
|
repository: ghcr.io/autobrr/autobrr
|
||||||
tag: v1.47.1@sha256:5364237a98b12bb269384dd4f4feaf7583027591c26bc2e6aaac0baa4e142b34
|
tag: v1.48.0@sha256:0ae19e3beedf491396e450b024c23e9e24df4d692286c0442a81fa699493def0
|
||||||
env:
|
env:
|
||||||
AUTOBRR__CHECK_FOR_UPDATES: "false"
|
AUTOBRR__CHECK_FOR_UPDATES: "false"
|
||||||
AUTOBRR__HOST: 0.0.0.0
|
AUTOBRR__HOST: 0.0.0.0
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -30,7 +30,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: docker.io/excalidraw/excalidraw
|
repository: docker.io/excalidraw/excalidraw
|
||||||
tag: latest@sha256:df3ddf00d7977d7007ea33b5397239ff20955eeeeafd38735cb1604be799564a
|
tag: latest@sha256:687708a6c879b9120c82b61faf9ff242367395be1d5f90c385989405e51b5433
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
probes:
|
probes:
|
||||||
liveness:
|
liveness:
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -36,7 +36,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/home-assistant
|
repository: ghcr.io/onedr0p/home-assistant
|
||||||
tag: 2024.10.1@sha256:04614835418d2bdacd64685b516e58e7c5446f72485d446e7635282ba1a06c43
|
tag: 2024.10.3@sha256:59cb3b01ea4695c5df8f4cc1e4d01fa7e22090caa3fd3f000a96b6a5de909f91
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
envFrom:
|
envFrom:
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false # no flux ks dependents
|
wait: false # no flux ks dependents
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,6 +22,7 @@ resources:
|
||||||
- ./recyclarr/ks.yaml
|
- ./recyclarr/ks.yaml
|
||||||
- ./redlib/ks.yaml
|
- ./redlib/ks.yaml
|
||||||
- ./sabnzbd/ks.yaml
|
- ./sabnzbd/ks.yaml
|
||||||
|
- ./scrypted/ks.yaml
|
||||||
- ./searxng/ks.yaml
|
- ./searxng/ks.yaml
|
||||||
- ./sonarr/ks.yaml
|
- ./sonarr/ks.yaml
|
||||||
- ./tautulli/ks.yaml
|
- ./tautulli/ks.yaml
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../../../templates/gatus/internal
|
|
||||||
- ../../../../templates/volsync
|
|
||||||
- ./externalsecret.yaml
|
- ./externalsecret.yaml
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
|
- ../../../../templates/gatus/internal
|
||||||
|
- ../../../../templates/volsync
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false # no flux ks dependents
|
wait: false # no flux ks dependents
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -5,4 +5,4 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
- ../../../../templates/volsync
|
- ../../../../templates/volsync
|
||||||
# - ../../../../templates/gatus/internal
|
- ../../../../templates/gatus/internal
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
- name: volsync
|
- name: volsync
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -18,6 +18,11 @@ spec:
|
||||||
values:
|
values:
|
||||||
defaultPodOptions:
|
defaultPodOptions:
|
||||||
automountServiceAccountToken: false
|
automountServiceAccountToken: false
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
controllers:
|
controllers:
|
||||||
backend:
|
backend:
|
||||||
|
@ -25,13 +30,6 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
secret.reloader.stakater.com/reload: piped-secret
|
secret.reloader.stakater.com/reload: piped-secret
|
||||||
|
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 1000
|
|
||||||
runAsGroup: 1000
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
|
@ -58,21 +56,13 @@ spec:
|
||||||
|
|
||||||
frontend:
|
frontend:
|
||||||
strategy: RollingUpdate
|
strategy: RollingUpdate
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 101
|
|
||||||
runAsGroup: 101
|
|
||||||
fsGroup: 101
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/bjw-s-labs/piped-frontend
|
repository: ghcr.io/bjw-s-labs/piped-frontend
|
||||||
tag: latest@sha256:c4cb0cfbdf149cdb738fb9e41a5cc748a7ea53053f4c5e036b9f7578d9273328
|
tag: 2024.10.19@sha256:73dc140014c715b503b0b8b806fd2e6ed070eeef6b2556b28a4381c690ebfdc8
|
||||||
env:
|
env:
|
||||||
HTTP_PORT: 8080
|
|
||||||
HTTP_WORKERS: 4
|
|
||||||
BACKEND_HOSTNAME: piped-api.hsn.dev
|
BACKEND_HOSTNAME: piped-api.hsn.dev
|
||||||
probes:
|
probes:
|
||||||
liveness:
|
liveness:
|
||||||
|
@ -87,21 +77,19 @@ spec:
|
||||||
memory: 256Mi
|
memory: 256Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
|
||||||
ytproxy:
|
ytproxy:
|
||||||
strategy: RollingUpdate
|
strategy: RollingUpdate
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 1000
|
|
||||||
runAsGroup: 1000
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: 1337kavin/piped-proxy
|
repository: 1337kavin/piped-proxy
|
||||||
tag: latest@sha256:9872edd2c47c9c33dfa44c334e4cef4e2c6ec91638eb2dcf6ca36b7b3037fd59
|
tag: latest@sha256:47cf993679d1bf6b1dbfd3282e143818f2f11106832605789d1e26df52ac7b41
|
||||||
command:
|
command:
|
||||||
- /app/piped-proxy
|
- /app/piped-proxy
|
||||||
probes:
|
probes:
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/prowlarr-develop
|
repository: ghcr.io/onedr0p/prowlarr-develop
|
||||||
tag: 1.25.1.4770@sha256:8b59eb7f9e5321b702bdacae3468b63d71720091ba3b0e9dfaca686a7705d2b8
|
tag: 1.25.4.4818@sha256:5a936e5c73ebedfc45f1fa2541e84862a6c0df75b8f5148a082119fb65d55e2b
|
||||||
env:
|
env:
|
||||||
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
||||||
# Ref: https://github.com/dotnet/runtime/issues/9336
|
# Ref: https://github.com/dotnet/runtime/issues/9336
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/radarr-develop
|
repository: ghcr.io/onedr0p/radarr-develop
|
||||||
tag: 5.12.0.9255
|
tag: 5.13.0.9361
|
||||||
env:
|
env:
|
||||||
RADARR__APP__INSTANCENAME: Radarr
|
RADARR__APP__INSTANCENAME: Radarr
|
||||||
RADARR__APP__THEME: dark
|
RADARR__APP__THEME: dark
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -11,6 +11,12 @@ sonarr:
|
||||||
quality_definition:
|
quality_definition:
|
||||||
type: series
|
type: series
|
||||||
|
|
||||||
|
include:
|
||||||
|
# Comment out any of the following includes to disable them
|
||||||
|
- template: sonarr-quality-definition-anime
|
||||||
|
- template: sonarr-v4-quality-profile-anime
|
||||||
|
- template: sonarr-v4-custom-formats-anime
|
||||||
|
|
||||||
quality_profiles:
|
quality_profiles:
|
||||||
- name: Web 1080p
|
- name: Web 1080p
|
||||||
reset_unmatched_scores:
|
reset_unmatched_scores:
|
||||||
|
@ -100,6 +106,22 @@ sonarr:
|
||||||
assign_scores_to:
|
assign_scores_to:
|
||||||
- name: Web 1080p
|
- name: Web 1080p
|
||||||
- name: Web 720p
|
- name: Web 720p
|
||||||
|
# Anime Score Overrides
|
||||||
|
- trash_ids:
|
||||||
|
- 026d5aadd1a6b4e550b134cb6c72b3ca # Uncensored
|
||||||
|
assign_scores_to:
|
||||||
|
- name: Remux-1080p - Anime
|
||||||
|
score: 0 # Adjust scoring as desired
|
||||||
|
- trash_ids:
|
||||||
|
- b2550eb333d27b75833e25b8c2557b38 # 10bit
|
||||||
|
assign_scores_to:
|
||||||
|
- name: Remux-1080p - Anime
|
||||||
|
score: 0 # Adjust scoring as desired
|
||||||
|
- trash_ids:
|
||||||
|
- 418f50b10f1907201b6cfdf881f467b7 # Anime Dual Audio
|
||||||
|
assign_scores_to:
|
||||||
|
- name: Remux-1080p - Anime
|
||||||
|
score: 0 # Adjust scoring as desired
|
||||||
|
|
||||||
radarr:
|
radarr:
|
||||||
radarr:
|
radarr:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -38,7 +38,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: quay.io/redlib/redlib
|
repository: quay.io/redlib/redlib
|
||||||
tag: latest@sha256:e61e2535518e0b574f92642612f33f6fbee1aa22b2ff36ee740e26a025bb0039
|
tag: latest@sha256:a3f1eca3ebfc043eea4bc8274b1e9fe86ec15d0efa13536bd519f36eb18f763d
|
||||||
env:
|
env:
|
||||||
REDLIB_DEFAULT_SHOW_NSFW: on
|
REDLIB_DEFAULT_SHOW_NSFW: on
|
||||||
REDLIB_DEFAULT_WIDE: on
|
REDLIB_DEFAULT_WIDE: on
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/sabnzbd
|
repository: ghcr.io/onedr0p/sabnzbd
|
||||||
tag: 4.3.3@sha256:6614d759bbaa6884926c6aa75018339bd35cd1add0ff92c907087327dd470477
|
tag: 4.3.3@sha256:86c645db93affcbf01cc2bce2560082bfde791009e1506dba68269b9c50bc341
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
SABNZBD__PORT: &port 80
|
SABNZBD__PORT: &port 80
|
||||||
|
|
|
@ -21,7 +21,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
120
kubernetes/apps/default/scrypted/app/helmrelease.yaml
Normal file
120
kubernetes/apps/default/scrypted/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: &app scrypted
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 3.5.1
|
||||||
|
interval: 30m
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjw-s
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
controllers:
|
||||||
|
scrypted:
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
pod:
|
||||||
|
nodeSelector:
|
||||||
|
google.feature.node.kubernetes.io/coral: "true"
|
||||||
|
nvidia.com/gpu.present: "true"
|
||||||
|
securityContext:
|
||||||
|
supplementalGroups:
|
||||||
|
- 568
|
||||||
|
containers:
|
||||||
|
app:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/koush/scrypted
|
||||||
|
tag: v0.121.0-jammy-nvidia
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
readiness:
|
||||||
|
enabled: true
|
||||||
|
startup:
|
||||||
|
enabled: true
|
||||||
|
spec:
|
||||||
|
failureThreshold: 30
|
||||||
|
periodSeconds: 5
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 136m
|
||||||
|
memory: 1024Mi
|
||||||
|
limits:
|
||||||
|
nvidia.com/gpu: 1
|
||||||
|
memory: 8192Mi
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
service:
|
||||||
|
app:
|
||||||
|
controller: *app
|
||||||
|
type: LoadBalancer
|
||||||
|
annotations:
|
||||||
|
io.cilium/lb-ipam-ips: 10.1.1.33
|
||||||
|
nameOverride: *app
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 11080
|
||||||
|
primary: true
|
||||||
|
rebroadcast1: # driveway
|
||||||
|
port: 39655
|
||||||
|
rebroadcast2: # sideyard
|
||||||
|
port: 46561
|
||||||
|
rebroadcast3: # doorbell
|
||||||
|
port: 44759
|
||||||
|
homekit: # homekit
|
||||||
|
port: 42010
|
||||||
|
homekit-bridge: # bridge
|
||||||
|
port: 33961
|
||||||
|
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
app:
|
||||||
|
className: "internal-nginx"
|
||||||
|
annotations:
|
||||||
|
hosts:
|
||||||
|
- host: &host scrypted.jahanson.tech
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
service:
|
||||||
|
identifier: app
|
||||||
|
port: http
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
existingClaim: scrypted
|
||||||
|
advancedMounts:
|
||||||
|
scrypted:
|
||||||
|
app:
|
||||||
|
- path: /server/volume
|
||||||
|
cache:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /.cache
|
||||||
|
cache-npm:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /.npm
|
||||||
|
dev-bus-usb:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /dev/bus/usb
|
||||||
|
hostPathType: Directory
|
||||||
|
sys-bus-usb:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /sys/bus/usb
|
||||||
|
hostPathType: Directory
|
||||||
|
recordings:
|
||||||
|
type: nfs
|
||||||
|
server: shadowfax.jahanson.tech
|
||||||
|
path: /nahar/scrypted
|
||||||
|
globalMounts:
|
||||||
|
- path: /recordings
|
7
kubernetes/apps/default/scrypted/app/kustomization.yaml
Normal file
7
kubernetes/apps/default/scrypted/app/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./helmrelease.yaml
|
||||||
|
- ../../../../templates/volsync
|
30
kubernetes/apps/default/scrypted/ks.yaml
Normal file
30
kubernetes/apps/default/scrypted/ks.yaml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &appname scrypted
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: default
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *appname
|
||||||
|
interval: 30m
|
||||||
|
timeout: 5m
|
||||||
|
path: "./kubernetes/apps/default/scrypted/app"
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
dependsOn:
|
||||||
|
- name: rook-ceph-cluster
|
||||||
|
- name: volsync
|
||||||
|
- name: external-secrets-stores
|
||||||
|
postBuild:
|
||||||
|
substitute:
|
||||||
|
APP: *appname
|
||||||
|
APP_UID: "0"
|
||||||
|
APP_GID: "0"
|
||||||
|
VOLSYNC_CAPACITY: 5Gi
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/tautulli/tautulli
|
repository: ghcr.io/tautulli/tautulli
|
||||||
tag: v2.14.5@sha256:6017b491d8e9100a97391b639fff5824ad36a315c69aae3c9ed78407994a626e
|
tag: v2.14.6@sha256:f54d2d3a78780c765cd7a10b882474909f50247b5d2d118badaa9c035421effd
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
command: ["/usr/local/bin/python", "Tautulli.py"]
|
command: ["/usr/local/bin/python", "Tautulli.py"]
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
- name: volsync
|
- name: volsync
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -19,5 +19,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -36,7 +36,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/zwave-js/zwave-js-ui
|
repository: ghcr.io/zwave-js/zwave-js-ui
|
||||||
tag: 9.21.1@sha256:a28eaf01060dbe2fa30045d6b2ac6a31bc34efbebb7aa7d19787929929aea16a
|
tag: 9.24.0@sha256:ed648be6b058c6aa74abca1868c3ac48cb82b06b22ef0ef4f7ba66dd9d331bfc
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
PORT: &port 80
|
PORT: &port 80
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -3,11 +3,14 @@
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: flux-webhooks
|
name: &app flux-webhooks
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
labels:
|
labels:
|
||||||
substitution.flux.home.arpa/enabled: "true"
|
substitution.flux.home.arpa/enabled: "true"
|
||||||
spec:
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: ./kubernetes/apps/flux-system/add-ons/webhooks
|
path: ./kubernetes/apps/flux-system/add-ons/webhooks
|
||||||
prune: true
|
prune: true
|
||||||
|
@ -20,11 +23,14 @@ spec:
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: flux-monitoring
|
name: &app flux-monitoring
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
labels:
|
labels:
|
||||||
substitution.flux.home.arpa/enabled: "true"
|
substitution.flux.home.arpa/enabled: "true"
|
||||||
spec:
|
spec:
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: ./kubernetes/apps/flux-system/add-ons/monitoring
|
path: ./kubernetes/apps/flux-system/add-ons/monitoring
|
||||||
prune: true
|
prune: true
|
||||||
|
|
56
kubernetes/apps/kube-system/chronyd/app/helmrelease.yaml
Normal file
56
kubernetes/apps/kube-system/chronyd/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: &app chronyd
|
||||||
|
spec:
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 3.5.1
|
||||||
|
interval: 30m
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjw-s
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 30m
|
||||||
|
values:
|
||||||
|
controllers:
|
||||||
|
chronyd:
|
||||||
|
type: daemonset
|
||||||
|
strategy: RollingUpdate
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
pod:
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
containers:
|
||||||
|
app:
|
||||||
|
image:
|
||||||
|
repository: docker.io/library/rockylinux
|
||||||
|
tag: 9
|
||||||
|
args:
|
||||||
|
- "/bin/bash"
|
||||||
|
- "-c"
|
||||||
|
- "dnf install -y chrony iputils dnsutils && chronyd -n -d"
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 23m
|
||||||
|
memory: 50M
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
type: configMap
|
||||||
|
name: chronyd-configmap
|
||||||
|
globalMounts:
|
||||||
|
- path: /etc/chrony.conf
|
||||||
|
subPath: chrony.conf
|
||||||
|
readOnly: true
|
||||||
|
data:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /var/lib/chrony
|
12
kubernetes/apps/kube-system/chronyd/app/kustomization.yaml
Normal file
12
kubernetes/apps/kube-system/chronyd/app/kustomization.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./helmrelease.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: chronyd-configmap
|
||||||
|
files:
|
||||||
|
- chrony.conf=./resources/chrony.conf
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Cloudflare time servers
|
||||||
|
server time.cloudflare.com iburst
|
||||||
|
|
||||||
|
# Record the rate at which the system clock gains/losses time.
|
||||||
|
driftfile /var/lib/chrony/drift
|
||||||
|
|
||||||
|
# Allow the system clock to be stepped in the first three updates
|
||||||
|
# if its offset is larger than 1 second.
|
||||||
|
makestep 1.0 3
|
||||||
|
|
||||||
|
# Enable kernel synchronization of the real-time clock (RTC).
|
||||||
|
rtcsync
|
||||||
|
|
||||||
|
# Specify file containing keys for NTP authentication.
|
||||||
|
keyfile /etc/chrony.keys
|
||||||
|
|
||||||
|
# Save NTS keys and cookies.
|
||||||
|
ntsdumpdir /var/lib/chrony
|
||||||
|
|
||||||
|
# Insert/delete leap seconds by slewing instead of stepping.
|
||||||
|
#leapsecmode slew
|
||||||
|
|
||||||
|
# Get TAI-UTC offset and leap seconds from the system tz database.
|
||||||
|
leapsectz right/UTC
|
||||||
|
|
||||||
|
# Specify directory for log files.
|
||||||
|
logdir /var/log/chrony
|
20
kubernetes/apps/kube-system/chronyd/ks.yaml
Normal file
20
kubernetes/apps/kube-system/chronyd/ks.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app chronyd
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: kube-system
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
path: ./kubernetes/apps/kube-system/chronyd/app
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
timeout: 5m
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: cilium
|
chart: cilium
|
||||||
version: 1.16.2
|
version: 1.16.3
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: cilium
|
name: cilium
|
||||||
|
|
|
@ -7,7 +7,8 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
loadBalancerIPs: true
|
loadBalancerIPs: true
|
||||||
# interfaces: ["^enp.*|^eth.*|^ens.*|^eno.*"]
|
# interfaces: ["^enp.*|^eth.*|^ens.*|^eno.*"]
|
||||||
interfaces: ["^eno+|^enp+"]
|
interfaces: ["^eno+|^enp+|^bond+"]
|
||||||
|
# interfaces: ["^bond+"]
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -40,5 +39,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
64
kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml
Normal file
64
kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: descheduler
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: descheduler
|
||||||
|
version: 0.31.0
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: descheduler
|
||||||
|
namespace: flux-system
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
strategy: rollback
|
||||||
|
retries: 3
|
||||||
|
values:
|
||||||
|
replicas: 2
|
||||||
|
kind: Deployment
|
||||||
|
deschedulerPolicyAPIVersion: descheduler/v1alpha2
|
||||||
|
deschedulerPolicy:
|
||||||
|
profiles:
|
||||||
|
- name: Default
|
||||||
|
pluginConfig:
|
||||||
|
- name: DefaultEvictor
|
||||||
|
args:
|
||||||
|
evictFailedBarePods: true
|
||||||
|
evictLocalStoragePods: true
|
||||||
|
evictSystemCriticalPods: true
|
||||||
|
nodeFit: true
|
||||||
|
- name: RemovePodsViolatingInterPodAntiAffinity
|
||||||
|
- name: RemovePodsViolatingNodeAffinity
|
||||||
|
args:
|
||||||
|
nodeAffinityType:
|
||||||
|
- requiredDuringSchedulingIgnoredDuringExecution
|
||||||
|
- name: RemovePodsViolatingNodeTaints
|
||||||
|
- name: RemovePodsViolatingTopologySpreadConstraint
|
||||||
|
args:
|
||||||
|
constraints:
|
||||||
|
- DoNotSchedule
|
||||||
|
- ScheduleAnyway
|
||||||
|
plugins:
|
||||||
|
balance:
|
||||||
|
enabled:
|
||||||
|
- RemovePodsViolatingTopologySpreadConstraint
|
||||||
|
deschedule:
|
||||||
|
enabled:
|
||||||
|
- RemovePodsViolatingInterPodAntiAffinity
|
||||||
|
- RemovePodsViolatingNodeAffinity
|
||||||
|
- RemovePodsViolatingNodeTaints
|
||||||
|
service:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
leaderElection:
|
||||||
|
enabled: true
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./helmrelease.yaml
|
20
kubernetes/apps/kube-system/descheduler/ks.yaml
Normal file
20
kubernetes/apps/kube-system/descheduler/ks.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app descheduler
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: kube-system
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
path: ./kubernetes/apps/kube-system/descheduler/app
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
timeout: 5m
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue