feat(helm): update chart app-template to 3.5.1

fix: try to fix radarr volsync backups
fix(radarr): use correct path to volsync templates
2024-10-14 01:20:08 +00:00 · 2024-10-13 19:26:00 -04:00 · 2024-10-13 18:57:22 -04:00 · 2024-10-13 18:54:24 -04:00 · 2024-10-13 18:53:00 -04:00 · 2024-10-13 18:28:28 -04:00
23 changed files with 514 additions and 124 deletions
--- a/kubernetes/common/apps/volsync-system/kustomization.yaml
+++ b/kubernetes/common/apps/volsync-system/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./namespace.yaml
+- ./snapshot-controller/ks.yaml
+- ./volsync/ks.yaml
--- a/kubernetes/common/apps/volsync-system/namespace.yaml
+++ b/kubernetes/common/apps/volsync-system/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: volsync-system
--- a/kubernetes/common/apps/volsync-system/snapshot-controller/app/helm-release.yaml
+++ b/kubernetes/common/apps/volsync-system/snapshot-controller/app/helm-release.yaml
@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: snapshot-controller
+  namespace: volsync-system
+spec:
+  interval: 30m
+  timeout: 15m
+  chart:
+    spec:
+      chart: snapshot-controller
+      version: 3.0.6
+      sourceRef:
+        kind: HelmRepository
+        name: piraeus
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    webhook:
+      enabled: false
--- a/kubernetes/common/apps/volsync-system/snapshot-controller/app/helm-repo.yaml
+++ b/kubernetes/common/apps/volsync-system/snapshot-controller/app/helm-repo.yaml
@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: piraeus
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://piraeus.io/helm-charts/
--- a/kubernetes/common/apps/volsync-system/snapshot-controller/app/kustomization.yaml
+++ b/kubernetes/common/apps/volsync-system/snapshot-controller/app/kustomization.yaml
@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+- ./helm-repo.yaml
 - ./helm-release.yaml
- ./radarr-exportarr-metrics.yaml
--- a/kubernetes/common/apps/volsync-system/snapshot-controller/ks.yaml
+++ b/kubernetes/common/apps/volsync-system/snapshot-controller/ks.yaml
@ -0,0 +1,19 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: volsync
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  #targetNamespace: volsync-system
+  path: ./kubernetes/common/apps/volsync-system/snapshot-controller/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
--- a/kubernetes/common/apps/volsync-system/volsync/app/helm-release.yaml
+++ b/kubernetes/common/apps/volsync-system/volsync/app/helm-release.yaml
@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: volsync
+  namespace: volsync-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: volsync
+      version: 0.10.0
+      sourceRef:
+        kind: HelmRepository
+        name: backube
+        namespace: flux-system
+  values:
+    manageCRDs: true
+    metrics:
+      disableAuth: true
--- a/kubernetes/common/apps/volsync-system/volsync/app/helm-repo.yaml
+++ b/kubernetes/common/apps/volsync-system/volsync/app/helm-repo.yaml
@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: backube
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://backube.github.io/helm-charts/
--- a/kubernetes/common/apps/volsync-system/volsync/app/kustomization.yaml
+++ b/kubernetes/common/apps/volsync-system/volsync/app/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./helm-repo.yaml
+- ./helm-release.yaml
--- a/kubernetes/common/apps/volsync-system/volsync/ks.yaml
+++ b/kubernetes/common/apps/volsync-system/volsync/ks.yaml
@ -0,0 +1,19 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: volsync
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  #targetNamespace: volsync-system
+  path: ./kubernetes/common/apps/volsync-system/volsync/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
--- a/kubernetes/common/templates/volsync/b2.yaml
+++ b/kubernetes/common/templates/volsync/b2.yaml
@ -0,0 +1,25 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: "${APP}-b2"
+spec:
+  sourcePVC: "${APP}"
+  trigger:
+    schedule: "0 0 * * *"
+  restic:
+    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
+    pruneIntervalDays: 7
+    repository: "${APP}-volsync-b2-secret"
+    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}"
+    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
+    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
+    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
+    storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}"
+    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
+    moverSecurityContext:
+      runAsUser: 10000
+      runAsGroup: 10000
+      fsGroup: 10000
+    retain:
+      daily: 7
--- a/kubernetes/common/templates/volsync/kustomization.yaml
+++ b/kubernetes/common/templates/volsync/kustomization.yaml
@ -0,0 +1,7 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./pvc.yaml
+- ./minio.yaml
+- ./b2.yaml
--- a/kubernetes/common/templates/volsync/minio.yaml
+++ b/kubernetes/common/templates/volsync/minio.yaml
@ -0,0 +1,51 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: "${APP}"
+spec:
+  sourcePVC: "${APP}"
+  trigger:
+    schedule: "0 * * * *"
+  restic:
+    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
+    pruneIntervalDays: 7
+    repository: "${APP}-volsync-secret"
+    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}"
+    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
+    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
+    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
+    storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}"
+    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
+    moverSecurityContext:
+      runAsUser: 10000
+      runAsGroup: 10000
+      fsGroup: 10000
+    retain:
+      hourly: 24
+      daily: 7
+      weekly: 5
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+  name: "${APP}-dst"
+spec:
+  trigger:
+    manual: restore-once
+  restic:
+    repository: "${APP}-volsync-secret"
+    copyMethod: Snapshot # must be Snapshot
+    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}"
+    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
+    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
+    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
+    storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}"
+    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
+    capacity: "${VOLSYNC_CAPACITY}"
+    # moverSecurityContext:
+    #   runAsUser: 10000
+    #   runAsGroup: 10000
+    #   fsGroup: 10000
--- a/kubernetes/common/templates/volsync/pvc.yaml
+++ b/kubernetes/common/templates/volsync/pvc.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "${APP}"
+spec:
+  accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
+  dataSourceRef:
+    kind: ReplicationDestination
+    apiGroup: volsync.backube
+    name: "${APP}-dst"
+  resources:
+    requests:
+      storage: "${VOLSYNC_CAPACITY}"
+  storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}"
--- a/kubernetes/main/apps/default/ganymede/helm-release.yaml
+++ b/kubernetes/main/apps/default/ganymede/helm-release.yaml
@ -38,9 +38,9 @@ spec:

            env:
            - name: PUID
-              value: 555
+              value: 10555
            - name: PGID
-              value: 555
+              value: 10555
            - name: TZ
              value: "America/New_York" # Set to your timezone
            - name: DB_HOST
--- a/kubernetes/main/apps/download/kustomization.yaml
+++ b/kubernetes/main/apps/download/kustomization.yaml
@ -5,7 +5,7 @@ resources:
 #- ./network_policy.yaml
 - ./qbittorrent
 - ./qbit-manage
- ./radarr
+- ./radarr/ks.yaml
 - ./sonarr
 - ./prowlarr
 - ./bazarr
--- a/kubernetes/main/apps/download/radarr/app/backup-creds.sops.yaml
+++ b/kubernetes/main/apps/download/radarr/app/backup-creds.sops.yaml
@ -0,0 +1,75 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: radarr-volsync-b2-secret
+    namespace: download
+type: Opaque
+stringData:
+    RESTIC_REPOSITORY: ENC[AES256_GCM,data:+veFT1W3b3seqmzYobKCeWbG6ENvg4Ldggq5Vr87x3l/IS+ZpNoUg4LvORbA4Bc=,iv:iNyL+43KLbTVcyyrHiZADht0/2e9xjlNmz6Su5alrsM=,tag:OzLJHB4JKZtudbF15SQqHg==,type:str]
+    RESTIC_PASSWORD: ENC[AES256_GCM,data:e1Ji5tLyO+D83LTrCX0Vn2ElbvZ5zjzwmfqukwhm4yI=,iv:s8MtgLlI4zw/tR9/BipWKSjJb3YkawNAoAfYTSnVssE=,tag:nRn5KViI/ap0NHQ/KbDZrQ==,type:str]
+    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:HqlLzU1aRhxs6jPVFPJwC2VvJJKT2se0YQ==,iv:rxkIrlwPz+SpeJzySUqlac36H2UF4aXJPWOieStvVAA=,tag:piy0i2GJ27RdB52f1HN9Pw==,type:str]
+    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:Sc8p4PCOtpedx4RCwiPBokMf6VZK2AIEhqlFWJLMxQ==,iv:WcSlztDPaJ74DOYvLNdMys8qvGcU75hB6ah75BwqS6I=,tag:clEW+2no+iyauPxA9Nogcw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-10-13T22:45:06Z"
+    mac: ENC[AES256_GCM,data:Ah819y/70by3PifAVnUxD4Fo0RDvSRB2z85zjmNJe2WMye4OLBY31kfdtG+ExM6wnO5SlRX8MVWxqMHRuR2wDdj1jZ0JauhVEOjffftQ1gVWZDoDPmQPYycDIk6/M+Go/1hh744CGACddxDeLGecnsgYqqXCEMUdOn9V8+7WZwk=,iv:FxVGayNbqsOC/CV0FuEnNhdpuOcUZ57BwqN0u/3KOW8=,tag:DsFqasdTw7yg8Ox2zSL9kw==,type:str]
+    pgp:
+        - created_at: "2024-10-13T22:45:06Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwAAAAAAAAAAAQ/9ElsB9yOzGtSZLfjScPCE7XE9xLfVnZqzWtBQBzpXf9rC
+            AvA9bvFI6nUCHnJ8amqAKIeijm8pAiMdVFuKtDOqAbJm6R5H0c6xs0bWzN0K1c5Z
+            wXECLpgf9x+aDQGSAwu7lJTuuSvunDYY2AxzId5N2l294U8LMHX9tP3mmKr/Yp88
+            mwIfHZyl+2V6RhCBpaSfOcpz+9267Ktgzb6jhkq3kIBJKAAxGVZsGRjSjTlGP6Oo
+            NvpMZ7sWNAcVTG30lHcL2idzXNPC1VHuRoMiJeBvKT8kkv2AIibfN+Aw278TcmXk
+            FXdcgzvctUHkf/gKkPzLn5Bt337mEQbaqdvIbwXLggFI/KgXuNWGWDKLALme10Mt
+            t3XaEoag62HrgvXK2W5WMfuy4lfGzhuM0sdbN2nvR5xEwxSst4fmOBZYmWAdsq9s
+            VkHyPNvPTjJ5/0k7rvyZoy1V131l8GPplf5ZQUxvcF6VFxQsuKv1YQKxcVUE6ye4
+            SrxRhh2fOZUANSiNeh71HRXFfFrwenY/wsM/pmnEXplocAiL5PbNFPQVBrsQ31SC
+            rj50oqdTc7Evwn/CI/SyNB9qdt/huEKL7Yxw8zCm51xh6Wd1k/4KDwW+ACz51ObO
+            Uu21Dyug3ww2Fced2ZyB412z6cJVYGWI7vFYco2X66XCj/Cdfk2EbkcPLPSKxeSF
+            AgwDAAAAAAAAAAABD/9x+giHppcxPjHOeBg4EmXIPLDP7wDvIURBMVFpQLPs1vVY
+            82xfD+GkQyYTvEsaUXy1ts4KaIEYZ7Zc/P1KnsKzDomjPs22fJXxE37YbJqfok2H
+            O1aUfx85g3fLgL7kFf2ASIG1g+NPaiyGH0Z59w1gMv5ag1qQkWCmg1iLWNtngE9F
+            ELnS/DXtNbxOcOB5LfgahdVIkXhfiwl8NPcPgdPq0Pm2n8ckmQTWHLcK/tQ7Es0y
+            6sNx3ofAYfAk1SfZOFxq4yrBNt/hvC+jRkSXHh5G9zcfeoKmH6rptzTw6N980sTv
+            PiyU8TSeccq0+tyz6ZlMmuGQeThTgTZ3Nwxo/JUGlDqw8DYm7ch0Q8EN1JN/rJM6
+            wjxlBGZlH4jIhovSkwgv4X+spQB6kIsZR91M+ZECuvp5tlT5bfHXYkLw/wPilrCS
+            cVXBpIB9vr9fd6Rb2p8U/EJ+AV+fb1UsaBRVkPhDNgOGK7npYeyL8Aoc4IA0oQue
+            TyJKVyyueeUvIJ4X60ho/6DTqn7OIWw0frVshZ7cw73WbT1KSJQGFX+U+Q2Laxj/
+            1zUNyNi2bqHnIn81Yo7aqgiKxXJhUnmV2Ky1EbyZ2aZbjoWVmz2IwO2AJXIO1MpA
+            CjijpJBEI/w9Y54LtGxREZB4cRBB0wiJoXNcMMsQYOxVLQ6oyh0t5vQi5lY6DtRo
+            AQkCECjduK5Lcsdtn+uNenCrDoIArYdDaWyIitEP7MEzMOxTySNbFLrVB2ufovOc
+            ikh61nMtBjjw0cX+rNha1MDQRQxo7eakDhUm/1D3dOmUxoc2sJ/++kBl6qA9OnG/
+            Wo1Ic6rcgl0=
+            =pHI2
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2024-10-13T22:45:06Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwAAAAAAAAAAAQ/9HbXhN5NSTcWa5g8C12QP1recnZryBwNh2AJdhRmdZS8R
+            SRZcBzhMm02zoToKSqjy4aYMIoJk6ZShVdtheh4uYxQXI8M6a/CTcurNot+taD96
+            D8iK5GXsIM+mriorCZZhgJK0n9n3oUSp2kMSOyzXzm/Cl24yG+vvbEur3JOh4Tic
+            GogkE6oeyytf6/YeGYtgvRXbsaFD1tRoUrTvzeYkOPL+ii66CDIbVgzOsAyGbg/P
+            DSu0ME9TVCeg+8w0RP/TAnvnsmTP6Pt/fDl+QPJcm7ysqKWkrmxb3pxuIQ3p3Epf
+            qWKxkjqf0GOXf9rzArL1l4my/tzXJyiobuq2felSJUZ4KvWyqRSQeTWuncKQQhVT
+            xK2tBZQDzpRvXugZ1Pu9kTqhhFa9A3T5gR5NTbzyfQraMfzGAHO08vKOYPN/LMgi
+            7hHfnP2tG++zKfvKhaAPMWvW/1TOzxgyHDDOjNwHRaXH4NuuYfEmy+vgcnq2Vohh
+            ej1q+ke5qSDuG6KMAkxq0PcUwD8H8zbJv7VR/QlnL51aauMIVCmqoUUd8i3SZhJV
+            4gskUMjVvSYpq3tdOyAMwfP0c4BI0Ft7ldX7zithfGiNfCKngyrMXEzaRnKx95/n
+            p26pvJudVXBOt7T4MyFSYbH5rlqgnVLehFn/IJS4QUhgC8pAlcc0f2vLJUkZ9n/U
+            aAEJAhDnzLrepQGdEqdiLU4WtLUCd5VPGEk7ROuUe7H3N3f4x5bQHhhjJnNvdjf/
+            DNZ0Jmc7glBUjp+hY8NfhkV2KcpDOmJ7OgSiS+fdAAsLyYuLoDupINpvKU8KHl3N
+            InfTWfiVu02S
+            =zhN+
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1
--- a/kubernetes/main/apps/download/radarr/app/helm-release.yaml
+++ b/kubernetes/main/apps/download/radarr/app/helm-release.yaml
@ -0,0 +1,110 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: radarr
+  namespace: download
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    controllers:
+      main:
+        pod:
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
+            fsGroup: 10000
+            fsGroupChangePolicy: OnRootMismatch
+
+        containers:
+          radarr:
+            image:
+              repository: ghcr.io/onedr0p/radarr-develop
+              tag: 5.12.0.9255
+
+            env:
+              TZ: America/New_York
+
+            resources:
+              requests:
+                cpu: 1m
+                memory: 350Mi
+              limits:
+                memory: 1500Mi
+
+          exportarr:
+            image:
+              repository: ghcr.io/onedr0p/exportarr
+              tag: v2.0.1
+
+            args:
+            - radarr
+            
+            env:
+            - name: URL
+              value: "http://localhost"
+            - name: CONFIG
+              value: "/config/config.xml"
+            - name: PORT
+              value: 9000
+            - name: ENABLE_ADDITIONAL_METRICS
+              value: "true"
+            - name: ENABLE_UNKNOWN_QUEUE_ITEMS
+              value: "true"
+
+    ingress:
+      main:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+
+        hosts:
+        - host: "radarr.${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /
+            service:
+              identifier: main
+              port: http
+
+    service:
+      main:
+        controller: main
+
+        ports:
+          http:
+            port: 7878
+          metrics:
+            port: 9000
+            protocol: HTTP
+    
+    persistence:
+      config:
+        #type: hostPath
+        #hostPath: /mnt/MainPool/Kubernetes/radarr
+        existingClaim: radarr
+        globalMounts:
+          - path: /config
+#          main: # controller name
+#            radarr: # container name
+#            - path: /config
+#            exportarr:
+#            - path: /config
+#              readOnly: true
+      storage:
+        type: hostPath
+        hostPath: /mnt/MainPool/Media
+        advancedMounts:
+          main: # controller name
+            radarr: # container name
+            - path: /storage
--- a/kubernetes/main/apps/download/radarr/app/kustomization.yaml
+++ b/kubernetes/main/apps/download/radarr/app/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./backup-creds.sops.yaml
+- ./minio-creds.sops.yaml
+- ./helm-release.yaml
+- ./radarr-exportarr-metrics.yaml
+- ../../../../../common/templates/volsync
--- a/kubernetes/main/apps/download/radarr/app/minio-creds.sops.yaml
+++ b/kubernetes/main/apps/download/radarr/app/minio-creds.sops.yaml
@ -0,0 +1,75 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: radarr-volsync-secret
+    namespace: download
+type: Opaque
+stringData:
+    RESTIC_REPOSITORY: ENC[AES256_GCM,data:ebolBMyKUaVKCE4oqtXn8tbgwVM+OG5W/oCNiIEy/dZuUOYUW/3kcP8qPcQ/TP+j,iv:MdfKuDIcOMIu7gKnT8nwAAqA8FXH0qIVGumW7XabnHM=,tag:NFCrjnVgKXHbXNDPqwa8LA==,type:str]
+    RESTIC_PASSWORD: ENC[AES256_GCM,data:OWRCCNHPe7izcDDyr1Df/78XSduQ1KmGrtIoC5iz5Hg=,iv:KPaOpeZbFS4Hg8RLYNf7+26OkHwAfcVqHgZmWwv9R1A=,tag:gOamlt5e3MUQ9b+CeSwTbw==,type:str]
+    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:kzoeP5dV2DBk+VL/31B6sg==,iv:MeQdxt82dWNsvl+OSTnKS+g9zmkwBQxXFlBa813o818=,tag:V2YxoFj3lz4FtGAWutbyFA==,type:str]
+    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:AibU/3Xgi/7qCxXkhdoOlzuN3ETDXg8bvNIg1IjQsfs=,iv:N6U1xM+HDPPHXDRLqY0BIC2ire9ZgN9g68Te8PObRt8=,tag:F8DRJiS4VUX19xO8RhZhEg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-10-13T23:24:58Z"
+    mac: ENC[AES256_GCM,data:+BAe3tCH1ZRYvOpktR6Sz4mHkQfNNjso2v70vMGUDgy0hgjkKR/AlvDcHJY6kf5kMoUVEBluPeQ58TVJuCMiXJhTgadTNRes4KPgW1Bm+/QR+TqGsvQYaSkT0YAj3EeUrFfXGU+VGgU/Pf+XE5oM8uqZG9Z3fwS6gZzCFy/JeiY=,iv:jHwrSLB4i9FG9gd4hYO8y+pH/FXhCKxgi3DGw8raSwc=,tag:rJ1sR1FdWcaFcfCOoInSfw==,type:str]
+    pgp:
+        - created_at: "2024-10-13T23:24:58Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwAAAAAAAAAAAQ/+K49WTFNnaDigRZz3RtzJsvuQisVxVBsEG7rUNuIfAtRx
+            AxvmmbhZ97LAwpEcGsXv7uo7HhINX3xNeuLPt77U6lvrWyPDrHwDQKoLEcYpkEBw
+            9NXsReKpyvSa1VP9hoIBhvd3+qoeb7rSgp+qWUWgGmvp/MM5GULI8gN0FV/pE85D
+            fIRd1nbZ6LcGC/gwIO4LgKuFg71V79RVuxFDNWHuyJUvaGnI2up4IFseDXDkfQHg
+            iA386/fzxtMBKrGcveEBFVXWZ4D3G9cacTSrknOfSnD8oGCzNoUArueOjpLvjx6n
+            s6lfQarI75kcAclMYwxFINjSBf7VCIkTvYLlUAUaitcbIVQNEUVKAUrosSc7gKEI
+            lkCty3WCZqRHy5hWIGZpR6tlYSEzqB5GGhBKYnrYn16RtSOXLw37Dl7AzjOB7aOf
+            u5sge6ssPk5zQ0cb2rxBVTN8KJJNh1eFSKBYCmeTjzfG7LGQWJLvp5HWXiGCF+OF
+            6aiUnovEQrr3oNyVQ6oWBM36085hRUM3Gt/AhNaY9anixTYGNHgJO8uQ2HyTSP2p
+            AK69FFXbTAyYcxP5nZbNWctD3PyrhHM6QcqSH0lltZJiDEb6wIhk6c9zzDydDjuG
+            SzzGEWMqeqwu39eYW5Nfovd0IcZjVbC+jAnwwXWzP/tFutcM/OtI2Kpb8njLvLGF
+            AgwDAAAAAAAAAAABEACgTSOriPJ3jzfAGHyeqxHWFLtbBSMfdugXT4T74HNItkoY
+            9pHOzox9CgOpyvslMdJtcUgt4TtNmp1bOWCm4JRKG0mlF4zWjV8hjQa+pIzuHSTg
+            0SuQ+DqG8NelA94zr+H/jJVSSvhJUrv2GWTNsrZ44OGPY6moxhD67YO/2hiApafs
+            p8ololtBzxkdDoOJRjrgusoEOCxEW6AJOZV2Ckl4zWba7YyWQFV9mVUfmulcwNUS
+            7KTFC0nQB1cRYM8Z682W5VAcxzPvoonPfJBdQUTQmfhCtT9W2yN0QtDOOM+oNJ2K
+            OXaDwYspvpUb4A53fGKew7oJArDxxI1bDSmyMzq+vHRmQutmiDOxAj6KH8F0ya5y
+            n7aq4Npas0EPhtu6g8x5NK8TjEmiTn3rkAg0cXwfWuBR+B8ERzSwQGKyHlwBZc2s
+            E2E+N9A1Dgf/I4CtxHB4wZWHPGCiCaQBrxXwr/rTvcLvKH+mWon3S0G3mtF4SEJA
+            vIjSuDiE2o+X9BVdtODN4GUmVCj9QlBLy9l39REhL48T+5+pVVcsNOSlxV33nOyJ
+            Ci0WwmrIZOIHp8Y7Hh4k1uouoaWthHUSwc1DXo6HMfshoWzx6bINtzgErSOc7qTM
+            9ULjGQEOQ9AydZJdV+EGBlBNnC8FDGE1z31OmgAYKz0Tdg3Vmvblni3juzr1E9Ro
+            AQkCEDowXU0V0rKHx7n6ryYIW8u+f97RpQKiBvbYDS+4UvvyseFfSYBrRktp7jOK
+            mDfsaR4rAqSWvaOBg++8i/FTvdeiYoyjM3+CS+EoSt8e1fZS8zXAK9y+vC4VAAgF
+            +WWYmy4iQ9c=
+            =IkMC
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2024-10-13T23:24:58Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwAAAAAAAAAAARAAiOhijUf04+HMMqZluNZdp7yP4yavnr5jQinHDGSAJirr
+            +Q/YI1gmWzEsQQ6rBuzDxr+tjObW+M9o9xBTDeb1NC3bfu4+JV9qQMFP6fcj9UGs
+            HKji1jDFObhK1rg8FZaVTkxUL71ofZCxNo+IMo6PI8/uhJNdJ/EwrdnF08azWavI
+            2YsO1pcPCdoW4lvxyuqOxk4ge0zK8su3+uzEBz6sxq6jjWs1970E+ib5nA1KsDsV
+            wjMsb2SFCcxtDzsi1JTaNiHMvuXl08h3ORsRshG/MlOIDI5o52Nf5RS5Efnjwf4Y
+            AhQgpNoxNdN8xHzLrnCTxN2LJh0Z3BRzKtgWOHU7aO+YJsrXMWsr7dRHf6YUltJS
+            RJ+plFusYdoOozfuko+tksz9a6AlWLu9ieLNKnTZuWqqDD4Uy0YLR4DIIPU6+P+k
+            86i5klGgBpkB3y5U+nXoWJ/8dBsXOaaxPp/zpB4ttJv2ggC29fDBnf2bVgKo1TP5
+            mMMzHoFmJcjPo5DXiazCiViPoJDGUyUPhNKNM72atQDCCArVmlIQbE1LUIAhhaBJ
+            Cigmb0kIWpHKEBQ8nK2UlGMo8hfy1GKivIAgTSomsI/KLSBt0YeefnWd0kHK7OIX
+            VnBwPFNLuw9OHDFPTX1M8Dk/iT1J/ACvpbctOZyesSB42fMPjgeh3ZtYzJXoiezU
+            aAEJAhDyA9q1f+2syN92xpqwMdpew3K5l+xzdUHIjjdxL6XzugJRqyuQee6wCxVj
+            GTaS8Bsnx7fg6b/jwxXVPDfE7fv74jJ29CgfzWLXxc8GH47hp9VhQDBq3CqceraG
+            z7N/bgAze6sz
+            =5cXr
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1
--- a/kubernetes/main/apps/download/radarr/app/radarr-exportarr-metrics.yaml
+++ b/kubernetes/main/apps/download/radarr/app/radarr-exportarr-metrics.yaml
--- a/kubernetes/main/apps/download/radarr/helm-release.yaml
+++ b/kubernetes/main/apps/download/radarr/helm-release.yaml
@ -1,119 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: radarr
-  namespace: download
-spec:
-  interval: 5m
-  chart:
-    spec:
-      chart: app-template
-      version: 3.5.x
-      sourceRef:
-        kind: HelmRepository
-        name: bjws-charts
-        namespace: flux-system
-
-  values:
-    image:
-      repository: ghcr.io/onedr0p/radarr-develop
-      tag: "5.12.0.9255"
-
-    # Metrics sidecar
-    sidecars:
-      exportarr:
-        image: ghcr.io/onedr0p/exportarr:v2.0.1
-        args:
-        - radarr
-        ports:
-        - name: metrics
-          containerPort: 9000
-        env:
-        - name: URL
-          value: "http://localhost"
-        - name: CONFIG
-          value: "/config/config.xml"
-        - name: PORT
-          value: 9000
-        - name: ENABLE_ADDITIONAL_METRICS
-          value: "true"
-        - name: ENABLE_UNKNOWN_QUEUE_ITEMS
-          value: "true"
-        volumeMounts:
-        - name: config
-          mountPath: /config
-          readOnly: true
-      
-    env:
-      TZ: America/New_York
-
-    service:
-      main:
-        labels:
-          app: radarr-service
-
-        ports:
-          http:
-            port: 7878
-
-          metrics:
-            enabled: true
-            port: 9000
-            protocol: HTTP
-
-    probes:
-      liveness:
-        enabled: false
-#        custom: true
-#        spec:
-#          httpGet:
-#            path: /ping
-#            port: 7878
-#          initialDelaySeconds: 10
-#          periodSeconds: 10
-#          timeoutSeconds: 3
-#          failureThreshold: 3
-      startup:
-        enabled: false
-
-    ingress:
-      main:
-        enabled: true
-        annotations:
-          cert-manager.io/cluster-issuer: letsencrypt-production
-          traefik.ingress.kubernetes.io/router.entrypoints: websecure
-          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
-        hosts:
-          - host: &host "radarr.${SECRET_NEW_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-
-    persistence:
-      config:
-        enabled: true
-        type: hostPath
-        hostPath: /mnt/MainPool/Kubernetes/radarr
-        mountPath: /config
-      storage:
-        enabled: true
-        type: hostPath
-        hostPath: /mnt/MainPool/Media
-        mountPath: /storage
-
-    podSecurityContext:
-      runAsNonRoot: true
-      runAsUser: 10000
-      runAsGroup: 10000
-      fsGroup: 10000
-      fsGroupChangePolicy: OnRootMismatch
-
-    resources:
-      requests:
-        cpu: 1m
-        memory: 350Mi
-      limits:
-        memory: 1500Mi
--- a/kubernetes/main/apps/download/radarr/ks.yaml
+++ b/kubernetes/main/apps/download/radarr/ks.yaml
@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app radarr
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  targetNamespace: download
+  path: ./kubernetes/main/apps/download/radarr/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 15Gi
Author	SHA1	Message	Date
Renovate Bot	76a75e7347	feat(helm): update chart app-template to 3.5.1	2024-10-14 01:20:08 +00:00
SeanOMik	b4bfb3e11b	fix: try to fix radarr volsync backups	2024-10-13 19:26:00 -04:00
SeanOMik	84c6b4841f	fix(radarr): use correct path to volsync templates	2024-10-13 18:57:22 -04:00
SeanOMik	dc392a71cf	fix(radarr): use correct ks.yaml path	2024-10-13 18:54:24 -04:00
SeanOMik	9847eac88d	feat(radarr): update folder structure, try to implement b2 backups	2024-10-13 18:53:00 -04:00
SeanOMik	adc21e7861	chore: update app-template chart for radarr	2024-10-13 18:28:28 -04:00
SeanOMik	6bf0b594c0	feat: add volsync	2024-10-13 18:15:55 -04:00
SeanOMik	8744f71644	chore(ganymede): change uid and gid	2024-10-11 11:41:33 -04:00