Compare commits

...

2 Commits

Author SHA1 Message Date
SeanOMik adc21e7861
chore: update app-template chart for radarr 2024-10-13 18:28:28 -04:00
SeanOMik 6bf0b594c0
feat: add volsync 2024-10-13 18:15:55 -04:00
14 changed files with 239 additions and 84 deletions

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./snapshot-controller/ks.yaml
- ./volsync/ks.yaml

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: volsync-system

View File

@ -0,0 +1,28 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: snapshot-controller
namespace: volsync-system
spec:
interval: 30m
timeout: 15m
chart:
spec:
chart: snapshot-controller
version: 3.0.6
sourceRef:
kind: HelmRepository
name: piraeus
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
webhook:
enabled: false

View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: piraeus
namespace: flux-system
spec:
interval: 1m
url: https://piraeus.io/helm-charts/

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-repo.yaml
- ./helm-release.yaml

View File

@ -0,0 +1,19 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: volsync
namespace: flux-system
spec:
timeout: 5m
interval: 10m
#targetNamespace: volsync-system
path: ./kubernetes/common/apps/volsync-system/snapshot-controller/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg

View File

@ -0,0 +1,19 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: volsync
namespace: volsync-system
spec:
interval: 5m
chart:
spec:
chart: volsync
version: 0.10.0
sourceRef:
kind: HelmRepository
name: backube
namespace: flux-system
values:
manageCRDs: true
metrics:
disableAuth: true

View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: backube
namespace: flux-system
spec:
interval: 1m
url: https://backube.github.io/helm-charts/

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-repo.yaml
- ./helm-release.yaml

View File

@ -0,0 +1,19 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: volsync
namespace: flux-system
spec:
timeout: 5m
interval: 10m
#targetNamespace: volsync-system
path: ./kubernetes/common/apps/volsync-system/volsync/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg

View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}-b2"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 0 * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-r2-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-mainpool-hostpath}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
retain:
daily: 7

View File

@ -0,0 +1,6 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./pvc.yaml
- ./b2.yaml

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: "${APP}"
spec:
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
dataSourceRef:
kind: ReplicationDestination
apiGroup: volsync.backube
name: "${APP}-b2"
resources:
requests:
storage: "${VOLSYNC_CAPACITY}"
storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}"

View File

@ -1,3 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@ -8,26 +9,47 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 1.3.x version: 3.4.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjws-charts name: bjws-charts
namespace: flux-system namespace: flux-system
values: values:
controllers:
main:
pod:
securityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
containers:
radarr:
image: image:
repository: ghcr.io/onedr0p/radarr-develop repository: ghcr.io/onedr0p/radarr-develop
tag: "5.12.0.9255" tag: 5.12.0.9255
env:
TZ: America/New_York
resources:
requests:
cpu: 1m
memory: 350Mi
limits:
memory: 1500Mi
# Metrics sidecar
sidecars:
exportarr: exportarr:
image: ghcr.io/onedr0p/exportarr:v2.0.1 image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
args: args:
- radarr - radarr
ports:
- name: metrics
containerPort: 9000
env: env:
- name: URL - name: URL
value: "http://localhost" value: "http://localhost"
@ -39,81 +61,48 @@ spec:
value: "true" value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS - name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true" value: "true"
volumeMounts:
- name: config
mountPath: /config
readOnly: true
env:
TZ: America/New_York
service:
main:
labels:
app: radarr-service
ports:
http:
port: 7878
metrics:
enabled: true
port: 9000
protocol: HTTP
probes:
liveness:
enabled: false
# custom: true
# spec:
# httpGet:
# path: /ping
# port: 7878
# initialDelaySeconds: 10
# periodSeconds: 10
# timeoutSeconds: 3
# failureThreshold: 3
startup:
enabled: false
ingress: ingress:
main: main:
enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-production cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts: hosts:
- host: &host "radarr.${SECRET_NEW_DOMAIN}" - host: "radarr.${SECRET_NEW_DOMAIN}"
paths: paths:
- path: / - path: /
pathType: Prefix service:
tls: identifier: radarr
- hosts: port: http
- *host
service:
app:
controller: main
ports:
http:
port: 7878
metrics:
port: 9000
protocol: HTTP
persistence: persistence:
config: config:
enabled: true
type: hostPath type: hostPath
hostPath: /mnt/MainPool/Kubernetes/radarr hostPath: /mnt/MainPool/Kubernetes/radarr
mountPath: /config advancedMounts:
main: # controller name
radarr: # container name
- path: /config
exportarr:
- path: /config
readOnly: true
storage: storage:
enabled: true
type: hostPath type: hostPath
hostPath: /mnt/MainPool/Media hostPath: /mnt/MainPool/Media
mountPath: /storage advancedMounts:
main: # controller name
podSecurityContext: radarr: # container name
runAsNonRoot: true - path: /storage
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 1m
memory: 350Mi
limits:
memory: 1500Mi