From ff1ae1c137f97d91aa13221f5125c813292d5e19 Mon Sep 17 00:00:00 2001 From: Nikita Volodin Date: Mon, 13 Nov 2023 18:54:34 -0500 Subject: [PATCH] refactor(apps/romm): switch to app template v2 --- .../apps/default/romm/app/helmrelease.yaml | 79 +++++++++++-------- .../romm/app/patches/minio-init-bucket.yaml | 54 +++++++------ .../apps/default/romm/app/secret.sops.yaml | 10 +-- 3 files changed, 81 insertions(+), 62 deletions(-) diff --git a/kubernetes/apps/default/romm/app/helmrelease.yaml b/kubernetes/apps/default/romm/app/helmrelease.yaml index 5af946a17..a92e62169 100644 --- a/kubernetes/apps/default/romm/app/helmrelease.yaml +++ b/kubernetes/apps/default/romm/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.2.0 sourceRef: kind: HelmRepository name: bjw-s @@ -29,65 +29,80 @@ spec: - name: minio namespace: default values: - controller: - type: statefulset - image: - repository: zurdi15/romm - tag: latest@sha256:d26b35b3f4ca3bd7587a009dcc2c90f0d5b4b9e3d77abc82f053bd67528c8a6b - env: - TZ: ${TIMEZONE} - ROMM_DB_DRIVER: sqlite - envFrom: - - secretRef: - name: romm-secret + controllers: + main: + type: statefulset + statefulset: + volumeClaimTemplates: + - name: database + mountPath: /romm/database + accessMode: ReadWriteMany + size: 5Gi + storageClass: nfs-fast + containers: + main: + image: + repository: ghcr.io/zurdi15/romm + tag: 2.1.0@sha256:5403e58d0ec714a1aa45c5caf9c897b4eb7fecb403c3041468a707bce4f6bd3b + env: + TZ: ${TIMEZONE} + ROMM_DB_DRIVER: sqlite + ENABLE_EXPERIMENTAL_REDIS: false + envFrom: + - secretRef: + name: romm-secret + resources: + requests: + cpu: 10m + memory: 250Mi + limits: + memory: 1Gi service: main: ports: http: - port: 80 + port: 8080 ingress: main: enabled: true ingressClassName: internal annotations: - hajimari.io/icon: mdi:filmstrip + hajimari.io/icon: mdi:disc hosts: - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" paths: - path: "/" - pathType: Prefix + service: + name: main + port: http tls: - hosts: - *host - volumeClaimTemplates: - - name: database - mountPath: /romm/database - accessMode: ReadWriteMany - size: 5Gi - storageClass: nfs-fast persistence: config: enabled: true type: configMap name: romm-config - subPath: config.yml - mountPath: /romm/config.yml - readOnly: true + globalMounts: + - path: /romm/config.yml + subPath: config.yml + readOnly: true + logs: + enabled: true + type: emptyDir + globalMounts: + - path: /romm/logs library: enabled: true type: nfs server: nova.home.arpa path: /downloads/romm/library - mountPath: /romm/library + globalMounts: + - path: /romm/library resources: enabled: true type: nfs server: nova.home.arpa path: /downloads/romm/resources - mountPath: /romm/resources - resources: - requests: - cpu: 10m - memory: 250Mi - limits: - memory: 1Gi + globalMounts: + - path: /romm/resources diff --git a/kubernetes/apps/default/romm/app/patches/minio-init-bucket.yaml b/kubernetes/apps/default/romm/app/patches/minio-init-bucket.yaml index de012d1f3..fc869087d 100644 --- a/kubernetes/apps/default/romm/app/patches/minio-init-bucket.yaml +++ b/kubernetes/apps/default/romm/app/patches/minio-init-bucket.yaml @@ -6,28 +6,32 @@ metadata: namespace: default spec: values: - initContainers: - minio-init-bucket: - image: ghcr.io/qlonik/minio-init-bucket:RELEASE.2023-04-12T02-21-51Z@sha256:4ce4b3e62f4a1922bbcb9cfbcac529d42ba1702a0914fbdcd79a3bb00425ee2c - env: - MINIO_HOST: http://minio.default.svc.cluster.local:9000 - MINIO_SUPER_ACCESS_KEY: - valueFrom: - secretKeyRef: - name: minio-secret - key: MINIO_ROOT_USER - MINIO_SUPER_SECRET_KEY: - valueFrom: - secretKeyRef: - name: minio-secret - key: MINIO_ROOT_PASSWORD - MINIO_BUCKET_NAME: - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-restic-secret" - key: AWS_ACCESS_KEY_ID - MINIO_BUCKET_PASSWORD: - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-restic-secret" - key: AWS_SECRET_ACCESS_KEY + controllers: + main: + initContainers: + minio-init-bucket: + image: + repository: ghcr.io/qlonik/minio-init-bucket + tag: RELEASE.2023-04-12T02-21-51Z@sha256:4ce4b3e62f4a1922bbcb9cfbcac529d42ba1702a0914fbdcd79a3bb00425ee2c + env: + MINIO_HOST: http://minio.default.svc.cluster.local:9000 + MINIO_SUPER_ACCESS_KEY: + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_ROOT_USER + MINIO_SUPER_SECRET_KEY: + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_ROOT_PASSWORD + MINIO_BUCKET_NAME: + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-restic-secret" + key: AWS_ACCESS_KEY_ID + MINIO_BUCKET_PASSWORD: + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-restic-secret" + key: AWS_SECRET_ACCESS_KEY diff --git a/kubernetes/apps/default/romm/app/secret.sops.yaml b/kubernetes/apps/default/romm/app/secret.sops.yaml index b5614a1ae..158277a81 100644 --- a/kubernetes/apps/default/romm/app/secret.sops.yaml +++ b/kubernetes/apps/default/romm/app/secret.sops.yaml @@ -4,8 +4,8 @@ metadata: name: romm-secret namespace: default stringData: - CLIENT_ID: ENC[AES256_GCM,data:euXlNPAAJ6gITpc+7hQt4wEViDceT2JI7SpbWBeC,iv:giENXahc11ttIcPhj/G4LqqfmY9x7jV3X5nHrMV8LF8=,tag:Se0xyB0lQJkKP4SFAfQAWw==,type:str] - CLIENT_SECRET: ENC[AES256_GCM,data:90DbkJNIOzlRdKH/GnL9XcEjSOWgMbo2cF0/n+qn,iv:pdvB3l4VuERbwEGgFc0XKc6unms3ol03Gu7oi30tGeA=,tag:p6R7g10cZ6BusD/oUj2/9w==,type:str] + IGDB_CLIENT_ID: ENC[AES256_GCM,data:AOAeelKA80GLFMgZ5LYI2+hB3Kdk2LJ0QJU65ce9,iv:AqCud0X+hHeY/JyXkpxakSU2P0TtIe+62dBEyMqiYrI=,tag:2BTHJoTiTgnUXy6LaK+JwA==,type:str] + IGDB_CLIENT_SECRET: ENC[AES256_GCM,data:G04sUV06U4Gr3pXZla/RtG4Hftf0ELcJBsIxQmY1,iv:NOrB9NjeC83fONLTQ0TObVk6JLhYfqaf2E5ji5F2dAE=,tag:0mcHBqJBZb0S8aG9dL5IPw==,type:str] STEAMGRIDDB_API_KEY: ENC[AES256_GCM,data:w5V8ELPOv9U6JcTfdLWaPOOmxZIgfdWDlUWyuQtSTfo=,iv:YW0eFc4nMgAdQfVIeS9ZkWXVeK1eynty6mkTR+FnhHg=,tag:iOwpRIVzSMTdPaRiCn/7dQ==,type:str] sops: kms: [] @@ -22,8 +22,8 @@ sops: QVdqMlJYZzZrUzI0b2p6RkZUQ216UEkKXO56OjE2k/7715/N0O8Pv7vzc+ooIwcx uEDn8eeut4SCstvuPkhrxEynY7MhXOXybKEJUJnDSRK6o4tYm1jOkg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-18T19:13:34Z" - mac: ENC[AES256_GCM,data:70h2fEqydrpYoHxffGU14kVMoEET2IHWK8a/SmoecjIyfaRo54Pwpc2Ojv/AwOFnsg6//Bu2p+nIBf9obWIjzF2TRpNtndt93ssro2UrzUeydQUFgIFKLNj5fOL2zmHpTdg5kgLouxpIROW9eThxaTY+8swIPnJL4GVqFGHgKGY=,iv:vgm/Z5QHMt9FyPOjfb2lewom79u3HiWa1C8XpwPt0Js=,tag:qHqwi0pB9Y2G4jVAb82cMg==,type:str] + lastmodified: "2023-11-13T23:45:19Z" + mac: ENC[AES256_GCM,data:oVK4VxgFy1r14ukB+TMPQYw2qw4lFIhQ5rqYe91LJGrZeij0kKZxMrWRH3EvbSBw6kdEtf/KqerXoQSG9aP782q4zZOI+CZQm1RbzHOHWgTP172bawe64N2iIH3gSZou9Wan8ndzM4msx99/Zf7Nn1fiO8gPDs5pT6wiTQBuQP8=,iv:aS8iCF3t4K9u53jLii59sDIqDynCWoArqBxyto9kOOA=,tag:3cMDsg30WhkuI7SQ73sSFg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ - version: 3.7.3 + version: 3.8.1