Move things around

cluster/apps/kustomization.yaml

@@ -1,5 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources:
-- ./traefik
-- ./metallb
+resources: []
+#- ./media

cluster/apps/media/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./namespace.yaml
+- ./sonarr.yaml

cluster/apps/media/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: media

cluster/apps/media/sonarr/deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: aste88-charts
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://aste88.github.io/helm-charts/
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: sonarr
+  namespace: media
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: sonarr
+      version: '17.x.x'
+      sourceRef:
+        kind: HelmRepository
+        name: aste88-charts
+        namespace: flux-system
+      interval: 1m
+  values:
+    env:
+      TZ: America/New_York
+    ingress:
+      
+#    metrics.enabled: true

cluster/apps/media/sonarr/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./sonarr.yaml

cluster/apps/traefik/traefik-values.yaml

@@ -1,90 +0,0 @@
-additionalArguments:
-- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
-- --certificatesresolvers.cloudflare.acme.email=seanomik@gmail.com
-- --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
-- --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
-
-- --api.insecure
-- --providers.kubernetesingress
-
-logs:
-  general:
-    level: DEBUG
-
-ports:
-  traefik:
-    port: 9000
-    expose: true
-    exposedPort: 9000
-    # The port protocol (TCP/UDP)
-    protocol: TCP
-  web:
-    port: 8000
-    expose: true
-    exposedPort: 80
-    # (optional) Permanent Redirect to HTTPS
-    # redirectTo: websecure
-    protocol: TCP
-  websecure:
-    port: 8443
-    expose: true
-    exposedPort: 443
-    protocol: TCP
-    tls:
-      enabled: true
-      certResolver: cloudflare
-  metrics:
-    port: 9100
-    expose: true
-    exposedPort: 9100
-    protocol: TCP
-
-service:
-  enabled: true
-  single: true
-  type: LoadBalancer
-  externalIPs:
-    - 192.168.87.10
-
-env:
-- name: CF_DNS_API_TOKEN
-  valueFrom:
-    secretKeyRef:
-      key: apiToken
-      name: cloudflare-credentials
-
-# Disable Dashboard
-#ingressRoute:
-#  dashboard:
-#    enabled: true
-#    matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard/`) || PathPrefix(`/api`))
-#    entryPoints: ["websecure"]
-
-# Persistent Storage
-persistence:
-  enabled: true
-  name: ssl-certs
-  size: 1Gi
-  path: /ssl-certs
-
-#deployment:
-#  initContainers: 
-# The "volume-permissions" init container is required if you run into permission issues.
-# Related issue: https://github.com/containous/traefik/issues/6972
-#  - name: volume-permissions
-#    image: busybox:1.31.1
-#    command: ["sh", "-c", "chmod -Rv 600 /ssl-certs"]
-#    volumeMounts:
-#    - name: ssl-certs
-#      mountPath: /ssl-certs
-
-# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
-ingressClass:
-  enabled: true
-  isDefaultClass: true
-
-metrics:
-  prometheus:
-    entryPoint: metrics
-
-namespaceOverride: traefik

cluster/core/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./networking

cluster/core/networking/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./traefik
+- ./metallb

cluster/core/networking/traefik/helm-release.yaml

@@ -1,7 +1,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: traefik-helm
+  name: traefik
   namespace: traefik
 spec:
   interval: 5m
@@ -31,19 +31,39 @@ spec:
         level: DEBUG
 
     ports:
-      web:
+      traefik:
+        port: 9000
         expose: true
-        exposedPort: 8080
-      # (optional) Permanent Redirect to HTTPS
-      # redirectTo: websecure
+        exposedPort: 9000
+        # The port protocol (TCP/UDP)
+        protocol: TCP
+      web:
+        port: 8000
+        expose: true
+        exposedPort: 80
+        # (optional) Permanent Redirect to HTTPS
+        # redirectTo: websecure
+        protocol: TCP
       websecure:
+        port: 8443
+        expose: true
+        exposedPort: 443
+        protocol: TCP
         tls:
-          exposed: true
-          exposedPort: 8443
-
           enabled: true
           certResolver: cloudflare
+      metrics:
+        port: 9100
+        expose: true
+        exposedPort: 9100
+        protocol: TCP
 
+    service:
+      enabled: true
+      single: true
+      type: LoadBalancer
+      externalIPs:
+        - 192.168.87.10
 
     env:
     - name: CF_DNS_API_TOKEN
@@ -55,7 +75,9 @@ spec:
     # Disable Dashboard
     ingressRoute:
       dashboard:
-        enabled: false
+        enabled: true
+        matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard/`) || PathPrefix(`/api`))
+        entryPoints: ["websecure"]
 
     # Persistent Storage
     persistence:
@@ -80,4 +102,8 @@ spec:
       enabled: true
       isDefaultClass: true
 
+    metrics:
+      prometheus:
+        entryPoint: metrics
+
     namespaceOverride: traefik