From 4d0b63ca051872e1e882a5a6bcb6c7463a56c6f6 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Wed, 14 Aug 2024 16:26:24 -0400 Subject: [PATCH] feat(plex): request intel gpu, use onedr0p plex image, switch to latest app-template chart --- cluster/apps/media/plex/helm-release.yaml | 154 ++++++++++++++-------- 1 file changed, 102 insertions(+), 52 deletions(-) diff --git a/cluster/apps/media/plex/helm-release.yaml b/cluster/apps/media/plex/helm-release.yaml index a60437c..5ef5a04 100644 --- a/cluster/apps/media/plex/helm-release.yaml +++ b/cluster/apps/media/plex/helm-release.yaml @@ -8,79 +8,129 @@ spec: chart: spec: chart: app-template - version: 1.3.x + version: 3.3.2 sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: + controllers: + plex: + containers: + app: + image: + repository: ghcr.io/onedr0p/plex + tag: 1.40.4.8679-424562606 + + env: + TZ: America/New_York + PLEX_ADVERTISE_URL: https://kube-plex.${SECRET_NEW_DOMAIN}:443,http://192.168.10.71:32400 + PLEX_NO_AUTH_NETWORKS: 192.168.10.0/24,192.168.20.0/24,10.0.0.0/16,10.43.0.0/16 + + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /identity + port: 32400 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 10 - image: - repository: lscr.io/linuxserver/plex - tag: "1.40.4" - - env: - TZ: "America/New_York" - PUID: "1000" - PGID: "1000" - VERSION: "docker" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + + resources: +# requests: +# cpu: 100m + limits: + gpu.intel.com/i915: 1 + memory: 16Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 10000 + runAsGroup: 10000 + fsGroup: 10000 + fsGroupChangePolicy: OnRootMismatch + #supplementalGroups: [44, 10000] + #seccompProfile: { type: RuntimeDefault } + nodeSelector: + intel.feature.node.kubernetes.io/gpu: "true" + service: - main: - type: LoadBalancer - - annotations: - metallb.universe.tf/loadBalancerIPs: "192.168.10.70" - metallb.universe.tf/allow-shared-ip: "main-ip-192.168.10.70" - + app: + controller: plex +# type: LoadBalancer +# annotations: +# io.cilium/lb-ipam-ips: 192.168.10.71 ports: http: port: 32400 - targetPort: 32400 - - probes: - liveness: - enabled: false - + ingress: - main: - enabled: true + app: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure + className: external hosts: - - host: &host "plex.${SECRET_NEW_DOMAIN}" + - host: "kube-plex.${SECRET_NEW_DOMAIN}" paths: - path: / - pathType: Prefix - tls: - - hosts: - - *host - + service: + identifier: app + port: http + persistence: config: - enabled: true - type: hostPath - hostPath: /mnt/MainPool/Kubernetes/plex - mountPath: /config + #existingClaim: plex + # TODO: If setting up Plex for the first time, you'll want to add the globalMounts section + type: persistentVolumeClaim + size: 15Gi + retain: true + storageClass: mainpool-hostpath + accessMode: ReadWriteOnce + globalMounts: + - path: /config/Library/Application Support/Plex Media Server + + # Separate PVC for cache to avoid backing up cache files + cache: + type: persistentVolumeClaim + size: 15Gi + retain: true + storageClass: mainpool-hostpath + accessMode: ReadWriteOnce + globalMounts: + - path: /config/Library/Application Support/Plex Media Server/Cache - storage: - enabled: true + logs: + type: emptyDir + globalMounts: + - path: /config/Library/Application Support/Plex Media Server/Logs + + tmp: + type: emptyDir + + transcode: + type: emptyDir + + media: type: hostPath hostPath: /mnt/MainPool/Media/Media - mountPath: /storage/Media - -# transcodes: -# enabled: true -# type: pvc -# accessMode: ReadWriteOnce -# size: 40Gi -# mountPath: /transcode - - resources: - requests: - memory: 720Mi - - limits: - memory: 5000Mi \ No newline at end of file + globalMounts: + - path: /media + readOnly: true