diff --git a/kubernetes/main/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/main/apps/kube-system/cilium/app/helmrelease.yaml index 291adf3c..a7885777 100644 --- a/kubernetes/main/apps/kube-system/cilium/app/helmrelease.yaml +++ b/kubernetes/main/apps/kube-system/cilium/app/helmrelease.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: diff --git a/kubernetes/turing/flux/repositories/helm/bjw-s.yaml b/kubernetes/turing/flux/repositories/helm/bjw-s.yaml new file mode 100644 index 00000000..6494efb7 --- /dev/null +++ b/kubernetes/turing/flux/repositories/helm/bjw-s.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bjw-s + namespace: flux-system +spec: + type: oci + interval: 1h + url: oci://ghcr.io/bjw-s/helm diff --git a/kubernetes/turing/flux/repositories/helm/kustomization.yaml b/kubernetes/turing/flux/repositories/helm/kustomization.yaml index e251346a..11e25ef2 100644 --- a/kubernetes/turing/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/turing/flux/repositories/helm/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./bjw-s.yaml - ./cilium.yaml - ./ingress-nginx.yaml - ./jetstack.yaml diff --git a/kubernetes/turing/media/jellyfin/app/helmrelease.yaml b/kubernetes/turing/media/jellyfin/app/helmrelease.yaml new file mode 100644 index 00000000..38adf083 --- /dev/null +++ b/kubernetes/turing/media/jellyfin/app/helmrelease.yaml @@ -0,0 +1,133 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app jellyfin + namespace: &namespace media +spec: + interval: 30m + chart: + spec: + chart: app-template + interval: 30m + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + jellyfin: + pod: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + runAsNonRoot: true + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + containers: + main: + image: + repository: jellyfin/jellyfin + tag: "10.9.7" + env: + DOTNET_SYSTEM_IO_DISABLEFILELOCKING: "true" + JELLYFIN_FFmpeg__probesize: 50000000 + JELLYFIN_FFmpeg__analyzeduration: 50000000 + JELLYFIN_CACHE_DIR: /cache + TZ: ${TIMEZONE} + resources: + requests: + memory: 1Gi + limits: + memory: 2Gi + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: &port 8096 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + service: + main: + controller: jellyfin + ports: + http: + port: *port + discovery: + enabled: true + port: 7359 + protocol: UDP + dlna: + enabled: true + port: 1900 + protocol: UDP + ingress: + main: + enabled: true + className: internal + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Media + gethomepage.dev/icon: jellyfin.png + gethomepage.dev/name: Jellyfin + hosts: + - host: &host jellyfin.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + service: + identifier: main + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 1Gi + labels: + recurring-job-group.longhorn.io/backup: enabled + cache: + enabled: true + type: emptyDir + globalMounts: + - path: /cache + movies: + enabled: true + type: nfs + server: 192.168.0.154 + path: /movies + globalMounts: + - path: /media/movies + series: + enabled: true + type: nfs + server: 192.168.0.154 + path: /series + globalMounts: + - path: /media/series + transcode: + enabled: true + type: emptyDir + globalMounts: + - path: /transcodes diff --git a/kubernetes/turing/media/jellyfin/app/kustomization.yaml b/kubernetes/turing/media/jellyfin/app/kustomization.yaml new file mode 100644 index 00000000..e2b740ca --- /dev/null +++ b/kubernetes/turing/media/jellyfin/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helmrelease.yaml + - pdb.yaml diff --git a/kubernetes/turing/media/jellyfin/app/pdb.yaml b/kubernetes/turing/media/jellyfin/app/pdb.yaml new file mode 100644 index 00000000..6ec9bdf7 --- /dev/null +++ b/kubernetes/turing/media/jellyfin/app/pdb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: jellyfin-pdb + namespace: media +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: jellyfin diff --git a/kubernetes/turing/media/jellyfin/ks.yaml b/kubernetes/turing/media/jellyfin/ks.yaml new file mode 100644 index 00000000..fe474844 --- /dev/null +++ b/kubernetes/turing/media/jellyfin/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app jellyfin + namespace: flux-system +spec: + targetNamespace: media + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/turing/media/jellyfin/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + wait: false + interval: 30m + retryInterval: 1m + timeout: 15m diff --git a/kubernetes/turing/media/kustomization.yaml b/kubernetes/turing/media/kustomization.yaml new file mode 100644 index 00000000..1b4f3d06 --- /dev/null +++ b/kubernetes/turing/media/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./jellyfin/ks.yaml diff --git a/kubernetes/turing/media/namespace.yaml b/kubernetes/turing/media/namespace.yaml new file mode 100644 index 00000000..e4b066b2 --- /dev/null +++ b/kubernetes/turing/media/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: media + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/turing/network/cert-manager/issuers/issuers.yaml b/kubernetes/turing/network/cert-manager/issuers/issuers.yaml index 32148e30..c2bd87bd 100644 --- a/kubernetes/turing/network/cert-manager/issuers/issuers.yaml +++ b/kubernetes/turing/network/cert-manager/issuers/issuers.yaml @@ -18,6 +18,7 @@ spec: selector: dnsZones: - "${SECRET_DOMAIN}" + - "turing.${SECRET_DOMAIN}" --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer @@ -38,3 +39,4 @@ spec: selector: dnsZones: - "${SECRET_DOMAIN}" + - "*.${SECRET_DOMAIN}" diff --git a/kubernetes/turing/storage/longhorn/app/helmrelease.yaml b/kubernetes/turing/storage/longhorn/app/helmrelease.yaml index 58c35837..0c36f12c 100644 --- a/kubernetes/turing/storage/longhorn/app/helmrelease.yaml +++ b/kubernetes/turing/storage/longhorn/app/helmrelease.yaml @@ -29,7 +29,7 @@ spec: defaultClassReplicaCount: 2 defaultNodeSelector: enable: true - selector: "ssd" + selector: "nvme" metrics: serviceMonitor: enabled: true @@ -38,8 +38,9 @@ spec: ingress: enabled: true ingressClassName: internal - host: &host "longhorn2.${SECRET_DOMAIN}" + host: &host "longhorn.turing.${SECRET_DOMAIN}" tls: true + tlsSecret: longhorn-tls defaultSettings: backupTarget: "nfs://192.168.0.154:/longhorn" defaultDataPath: "/mnt/nvme/longhorn"