diff --git a/kubernetes/main/apps/download/kustomization.yaml b/kubernetes/main/apps/download/kustomization.yaml index 697443b..179c7b9 100644 --- a/kubernetes/main/apps/download/kustomization.yaml +++ b/kubernetes/main/apps/download/kustomization.yaml @@ -6,7 +6,7 @@ resources: - ./qbittorrent - ./qbit-manage - ./radarr/ks.yaml -- ./sonarr +- ./sonarr/ks.yaml - ./prowlarr - ./bazarr - ./readarr diff --git a/kubernetes/main/apps/download/sonarr/app/helm-release.yaml b/kubernetes/main/apps/download/sonarr/app/helm-release.yaml new file mode 100644 index 0000000..2814a9b --- /dev/null +++ b/kubernetes/main/apps/download/sonarr/app/helm-release.yaml @@ -0,0 +1,123 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: sonarr + namespace: download +spec: + interval: 5m + chart: + spec: + chart: app-template + version: 3.4.0 + sourceRef: + kind: HelmRepository + name: bjws-charts + namespace: flux-system + + values: + controllers: + main: + pod: + securityContext: + runAsNonRoot: true + runAsUser: 10000 + runAsGroup: 10000 + fsGroup: 10000 + fsGroupChangePolicy: OnRootMismatch + + containers: + sonarr: + image: + repository: ghcr.io/onedr0p/sonarr-develop + tag: 4.0.9.2457 + envFrom: + - secretRef: + name: sonarr-secret + env: + TZ: America/New_York + SONARR__APP__INSTANCENAME: Sonarr + SONARR__APP__THEME: dark + SONARR__AUTH_METHOD: External + SONARR__AUTH__REQUIRED: DisabledForLocalAddresses + SONARR__LOG__DBENABLED: "False" + SONARR__LOG__LEVEL: info + SONARR__SERVER__PORT: &port 7878 + SONARR__UPDATE__BRANCH: develop + SONARR__POSTGRES__HOST: postgresql.database.svc + SONARR__POSTGRES__PORT: "5432" + SONARR__POSTGRES__MAINDB: sonarr_main + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + memory: 100Mi + limits: + memory: 4Gi + + exportarr: + image: + repository: ghcr.io/onedr0p/exportarr + tag: v2.0.1 + args: + - sonarr + env: + URL: "http://localhost" + CONFIG: "/config/config.xml" + PORT: &metricsPort 9000 + ENABLE_ADDITIONAL_METRICS : "true" + ENABLE_UNKNOWN_QUEUE_ITEMS: "true" + + ingress: + main: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + + hosts: + - host: "sonarr.${SECRET_NEW_DOMAIN}" + paths: + - path: / + service: + identifier: main + port: http + + service: + main: + controller: main + + ports: + http: + port: *port + metrics: + port: *metricsPort + protocol: HTTP + + persistence: + config: + existingClaim: sonarr + globalMounts: + - path: /config + storage: + type: hostPath + hostPath: /mnt/MainPool/Media + advancedMounts: + main: # controller name + sonarr: # container name + - path: /storage diff --git a/kubernetes/main/apps/download/sonarr/kustomization.yaml b/kubernetes/main/apps/download/sonarr/app/kustomization.yaml similarity index 59% rename from kubernetes/main/apps/download/sonarr/kustomization.yaml rename to kubernetes/main/apps/download/sonarr/app/kustomization.yaml index c57d177..0ba8bb6 100644 --- a/kubernetes/main/apps/download/sonarr/kustomization.yaml +++ b/kubernetes/main/apps/download/sonarr/app/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- ./pvc.yaml +- ./secret.sops.yaml - ./helm-release.yaml - ./sonarr-exportarr-metrics.yaml \ No newline at end of file diff --git a/kubernetes/main/apps/download/sonarr/app/pvc.yaml b/kubernetes/main/apps/download/sonarr/app/pvc.yaml new file mode 100644 index 0000000..70d56e9 --- /dev/null +++ b/kubernetes/main/apps/download/sonarr/app/pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sonarr +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 15Gi + storageClassName: openebs-zfs-mainpool \ No newline at end of file diff --git a/kubernetes/main/apps/download/sonarr/app/secret.sops.yaml b/kubernetes/main/apps/download/sonarr/app/secret.sops.yaml new file mode 100644 index 0000000..934db64 --- /dev/null +++ b/kubernetes/main/apps/download/sonarr/app/secret.sops.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: Secret +metadata: + name: sonarr-secret + namespace: download +stringData: + SONARR__AUTH__APIKEY: ENC[AES256_GCM,data:Z0TKYOp2veBJ/ctC3z1ooj/b8J1p7ewUWX7ItIFWcpA=,iv:oY+k9x+BZxsGW5oAmNncApU+6M6YUx1q+pXDMldsg0M=,tag:lBJHGeSHw8IKS2nSFP/0aA==,type:str] + SONARR__POSTGRES__USER: ENC[AES256_GCM,data:vdcAhdIh,iv:tCRA3HFh6G7GUPpt5jFuqunaSRFiD90+b857vrt7tys=,tag:k02ojbFwZi6iufAOP2Fvjg==,type:str] + SONARR__POSTGRES__PASSWORD: ENC[AES256_GCM,data:0uqO/FMm3b/DXtthjBLI7HXoujqpjCvs66yTbzuAiDM=,iv:E/FP0rDmFQPlAM00hOGR3lB4WW22W7XezSKYGfStUGM=,tag:cC+IOkw6Oqzz8iFoTrZq1Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-10-15T21:30:43Z" + mac: ENC[AES256_GCM,data:cX94qYBsvl4+cUOrEI6xSpHY/mlQAvk4d6Q5KyRE1QaqX/pau0zJEzczaF4j9UvWGfl7dm5xuR0mrSldwRBg6M/lA6B8xxIACXaCNxdDBj2pmwOCROi6v78BLtB5P7E8Y+wwoQzVxEQQnOQDIFQJ/mMmy+D6a9BmJ5ulneEeouc=,iv:aZf9GZXAOeU3Z3oq2rQ1P6fW8TMKVHwJXjn2CpZHNjg=,tag:wK0iU+FRJylxmYl5qcq4xg==,type:str] + pgp: + - created_at: "2024-10-15T21:30:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAAQ/+J4pyPCDaePFBF+1IgYzwaefDpRFAkP0kNzHObPZL1vUD + 4GM3dQTqN8Ay8NoBAasq/dNKzDSjOvMTShZO2YXQJoA8019Q6yZhgc+l1B7bnB+W + 6tDz5Rtlu+gbJWngvyLFkUhFCmOQ6UyQHKPpC2iObrNj3Rb9ZxxxVTCRa2n6/2g3 + Bp2lRAIESK/cWxmQbus8PZnzphIAmfwEijot5tQjQy7Virhz4xMiqbxvuWowA2zk + X5PY5dHv+l7p+3Ckr7qbOGA/oAxbvFvL3hzLlE0xYj6sXdgWY5a5yqXhbxDtSQ8u + rT0QxtDtt3lPie0e4w+f/cxNURw4yitb7IzGFhwvyPi+7eRfzgAaQHndffFv9RM8 + 26la2JeamyXCQgUOJF7EGBD6Ix6fZJE8mHF80yerlC27unZ75Rac7ckxq9GYpKia + tdyrU8OrV+f9uUdEyNCeD6wuZrxuKyyL6f+zQs6uj+zzaLYg3/p8iZLgT5HsxBLs + dMRVnCEvCWyYd9OJrOLVld9qrvbmuypLuPOUQpTYt9WrC5SxfMPkQQYNnXEGcI0K + n2s4eSv4tFOQw4xjRH4hl1H678faXen83F9ScOXWyHpqE54fFCCMAJV6NXMWKByv + 9l/Rz81+J8kd1wQ4+CcJslsVM06XpwEPPRM9xunxwxPWB2wZQYCF9mQitRmnIliF + AgwDAAAAAAAAAAABD/0YtuvVooC7OW45KsL7rJwRMJOryjkJmffl5ocjyU6aicQw + MRjD+d8xa3WUsVbCnSYHQATpAltPrKLybi1MpneRk3j7b6kAz8iJaawEcgTUiM3H + h6SjtrwCpjNSI7RN3eRAUyxDtdrrvR5P1ynfmMHUWnuQjXlYcBZqtnA/THWOIGnC + joEixpi7e2RlAUzFuG2+Mlux2nLdtO+YcGI2ta9qHHp1O1+46HxvYO982dFRTuLq + VAHJcdROw1eNBCvwK2n27mKBMo9kfQMLrcUyO8PZqZyxEIimsHM4aQbYp8NvxAtx + LuveKR3s60VjC7gHIqfWJw/fqPlv73V/ONwwruC/2WSzZSfZ0C1Z7LPJt84wqbXz + 7+t7St0R+u4cJ+Vim/XXRpTQOX+xnfO3UZu9Nwszm144uWdkt/5L9zGGLPnYBmPy + eAfhcSz7S0xe9qBM1LWXQHqQ3U1U0cSlizE87oYrJgfYCRQ4CsT3MOWEhwfFpd9E + wLLXOgCLiFIw77OUBNa4Rcg/v6oYrHKf2UKklOtt6QrqcnVnZT2l2bTUaWupD0Rl + lq0/sadpV8FsYtIS1EQ6j7EVvAOZNEdC6L090CQ7bnPiwQyHdS3b6J49RE55TcOP + n743wfZNcmqEeV0ooUkGoW6r5q0jvaUBrTbVpJszktps9uBybO5qgqobjdexUtRo + AQkCEIda5ST1hWg6TgORmRI2cHqUdw+b4dMy74l3a1RZpBPHyKPbP9e7J98BGm7C + XAyNC9vgDwjfp+BwHzPjfA3KtXZDjg2Gu5PFU3cdWWlWhLSreG1+mtsjWjXGAKq+ + GN4DyUYIF60= + =DCkn + -----END PGP MESSAGE----- + fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD + - created_at: "2024-10-15T21:30:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAAQ//bqiURh1qRFK0fbL6E7UlU9wIw0Q2jkGQ+FF4gYKTTTtr + XdBS+CTBYLlTTpEGMMCSRJJsfOAXVUVRzpgopDt8Imhckqdx4/+I9VVsd6urEkOA + MyYXaKc2dY9rQjFj4kKB0vcEJ+tqZ8BrpMktUdt+3/g8QdgTWEfzv2inKi2OsrHQ + RevUJpM2FgBjR6f+JbsrbnOuEfYw0B9uD6otBre88HM2uECfEvuu+jMtPbA3X4YZ + J7UcmEsiH5oHxIFXNBvJiRQJycbrXwMWaU8m6IkbuADua2dcjsu9kYvPyM5OB1xX + f/3UIUa+UFTgS47GadXV/r8Voychp8mo9KflmY+7A66oxnmBo3hSYj83vBKiK+QP + qL78M9OSITicDeLYidDRUg5f+J3Ybc9O9duj5w8O/bS4LXWkD8B+9wiytbL80gkV + SU8TIat0f0U52ygZH72F60hdXsHoFTfUVD61nrtbIUwDTsS0A6se/5leXrI+23uq + boJU5Sz/Q0vzybOUeFjKU40r23D1mYsBqxDoD6LoMwAuZjd//T6yx5ZIVdp8kE5s + MMycUsDLAy7jmbsZvG2QmRgaRiTKvKLcvrWeYLrGHsrcExO5sbDDzLjeC61B3tSb + X3GUVg+9aOPPoUVB/COG1554F4l2Bbq9aYA9/Uw1tFZGWC9WjCRa3z/HMQQHm4vU + aAEJAhAgzTiHxfIdJmKQxVlkdME8Orw11Xo3hdbee9j9qx75+TkPifuNSkUIxKon + ufOAcIGDynnUpqD/xStmwCqS3uqpVEy6PGIfXTls34+nLPDWJ4wQ71P3v3kSHLYY + Q7jW3gYe3ohw + =xHcO + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/download/sonarr/sonarr-exportarr-metrics.yaml b/kubernetes/main/apps/download/sonarr/app/sonarr-exportarr-metrics.yaml similarity index 100% rename from kubernetes/main/apps/download/sonarr/sonarr-exportarr-metrics.yaml rename to kubernetes/main/apps/download/sonarr/app/sonarr-exportarr-metrics.yaml diff --git a/kubernetes/main/apps/download/sonarr/helm-release.yaml b/kubernetes/main/apps/download/sonarr/helm-release.yaml deleted file mode 100644 index 0c4d48c..0000000 --- a/kubernetes/main/apps/download/sonarr/helm-release.yaml +++ /dev/null @@ -1,120 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: sonarr - namespace: download -spec: - interval: 5m - chart: - spec: - chart: app-template - version: 1.3.x - sourceRef: - kind: HelmRepository - name: bjws-charts - namespace: flux-system - - values: - image: - repository: ghcr.io/onedr0p/sonarr-develop - tag: "4.0.9.2457" - - # Metrics sidecar - sidecars: - exportarr: - image: ghcr.io/onedr0p/exportarr:v2.0.1 - args: - - sonarr - ports: - - name: metrics - containerPort: 9000 - env: - - name: URL - value: "http://localhost" - - name: CONFIG - value: "/config/config.xml" - - name: PORT - value: 9000 - - name: ENABLE_ADDITIONAL_METRICS - value: "true" - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: "true" - volumeMounts: - - name: config - mountPath: /config - readOnly: true - - env: - TZ: America/New_York - SONARR__AUTHENTICATION_METHOD: "External" - - service: - main: - labels: - app: sonarr-service - - ports: - http: - port: 8989 - - metrics: - enabled: true - port: 9000 - protocol: HTTP - - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 8989 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: false - - ingress: - main: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd - hosts: - - host: &host "sonarr.${SECRET_NEW_DOMAIN}" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - - persistence: - config: - enabled: true - type: hostPath - hostPath: /mnt/MainPool/Kubernetes/sonarr - mountPath: /config - storage: - enabled: true - type: hostPath - hostPath: /mnt/MainPool/Media - mountPath: /storage - - podSecurityContext: - runAsNonRoot: true - runAsUser: 10000 - runAsGroup: 10000 - fsGroup: 10000 - fsGroupChangePolicy: OnRootMismatch - - resources: - requests: - cpu: 2m - memory: 350Mi - limits: - memory: 2500Mi \ No newline at end of file diff --git a/kubernetes/main/apps/download/sonarr/ks.yaml b/kubernetes/main/apps/download/sonarr/ks.yaml new file mode 100644 index 0000000..f13013b --- /dev/null +++ b/kubernetes/main/apps/download/sonarr/ks.yaml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: sonarr + namespace: flux-system +spec: + timeout: 5m + interval: 10m + targetNamespace: download + path: ./kubernetes/main/apps/download/sonarr/app + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs + - name: openebs-sc + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets