feat(helm)!: Update chart traefik to 31.1.0

chore: remove domain name
fix(ganymede): fix after update broke it
2024-09-18 13:08:13 +00:00 · 2024-09-14 23:43:09 -04:00 · 2024-09-14 23:38:54 -04:00 · 2024-09-14 23:08:48 -04:00
4 changed files with 69 additions and 62 deletions
--- a/kubernetes/main/apps/default/cdn/helm-release.yaml
+++ b/kubernetes/main/apps/default/cdn/helm-release.yaml
@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -8,58 +9,68 @@ spec:
  chart:
    spec:
      chart: app-template
-      version: 1.3.x
+      version: 3.4.0
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
-    image:
-      repository: oci.seedno.de/seednode/nginx
-      tag: latest
+    controllers:
+      main:
+        pod:
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65533
+            fsGroup: 10000
+            fsGroupChangePolicy: OnRootMismatch

-    args:
-    - -c
-    - /config/nginx.conf
+        containers:
+          main:
+            image:
+              repository: git.${SECRET_NEW_DOMAIN}/seanomik/nginx
+              tag: 1.27.1
+              pullPolicy: Always
+
+            resources:
+              requests:
+                memory: 500Mi
+
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities: { drop: ["ALL"] }

    service:
-      main:
+      app:
+        controller: main
        ports:
          http:
            port: 6544

-    probes:
-      liveness:
-        enabled: false
-
    ingress:
      main:
-        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
-          - host: &host "cdn.${SECRET_NEW_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-            
+        - host: "cdn.${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+
    persistence:
-      data:
-        enabled: true
-        type: hostPath
-        hostPath: /mnt/MainPool/Kubernetes/cdn/data
-        readOnly: true
-        mountPath: /data
      config:
-        enabled: true
        type: configMap
        name: nginx-cdn-configmap
+        globalMounts:
+        - path: /etc/nginx/nginx.conf
+          subPath: nginx.conf

-    resources:
-      requests:
-        cpu: 1m
+      storage:
+        type: hostPath
+        hostPath: /mnt/MainPool/Kubernetes/cdn/data
+        globalMounts:
+        - path: /data
--- a/kubernetes/main/apps/default/ganymede/helm-release.yaml
+++ b/kubernetes/main/apps/default/ganymede/helm-release.yaml
@ -26,21 +26,21 @@ spec:
 #            fsGroup: 10000
 #            fsGroupChangePolicy: OnRootMismatch

-        initContainers:
-          copy-config:
-            image:
-              repository: alpine
-              tag: 3.20
-
-            command: [ "sh", "-c", "cat /ganymede-config.json && cp -v /ganymede-config.json /data/config.json" ]
-
        containers:
          api:
            image:
              repository: ghcr.io/zibbp/ganymede
              tag: 3.0.1

+            securityContext:
+              #allowPrivilegeEscalation: false
+              #capabilities: { drop: ["ALL"] }
+
            env:
+            - name: PUID
+              value: 555
+            - name: PGID
+              value: 555
            - name: TZ
              value: "America/New_York" # Set to your timezone
            - name: DB_HOST
@ -124,6 +124,10 @@ spec:
              repository: nginxinc/nginx-unprivileged
              tag: 1.27.1-alpine

+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities: { drop: ["ALL"] }
+
    service:
      app:
        controller: main
@ -155,7 +159,7 @@ spec:
            service:
              identifier: app
              port: api
-          - path: /vods
+          - path: /data/videos
            service:
              identifier: app
              port: nginx
@ -168,18 +172,18 @@ spec:
        storageClass: mainpool-hostpath
        accessMode: ReadWriteOnce
        globalMounts:
-        - path: /vods
+        - path: /data/videos

      ganymede-data:
        type: persistentVolumeClaim
-        size: 5Gi
+        size: 15Gi
        retain: true
        storageClass: mainpool-hostpath
        accessMode: ReadWriteOnce
        advancedMounts:
          main: # controller name
            api: # container name
-            - path: /data
+            - path: /data/temp

      ganymede-logs:
        type: persistentVolumeClaim
@ -190,7 +194,7 @@ spec:
        advancedMounts:
          main: # controller name
            api: # container name
-            - path: /logs
+            - path: /data/logs

      nginx-conf:
        name: ganymede-nginx-conf
@ -199,17 +203,8 @@ spec:
        advancedMounts:
          main: # controller name
            nginx: # container name
-            - subPath: nginx.conf
-              path: /etc/nginx/nginx.conf
-
-      ganymede-temp-conf:
-        type: emptyDir
-        advancedMounts:
-          main: # controller name
-            api: # container name
-            - path: /data
-            copy-config: # container name
-            - path: /data
+            - path: /etc/nginx/nginx.conf
+              subPath: nginx.conf

      ganymede-conf:
        name: ganymede-conf
@ -217,6 +212,7 @@ spec:
        defaultMode: 0777
        advancedMounts:
          main: # controller name
-            copy-config: # container name
-            - subPath: config.json
-              path: /ganymede-config.json
+            api: # container name
+            - path: /data/config/config.json
+              subPath: config.json
+              
--- a/kubernetes/main/apps/default/ganymede/nginx-conf.yaml
+++ b/kubernetes/main/apps/default/ganymede/nginx-conf.yaml
@ -26,16 +26,16 @@ data:

      server {
        listen 8080;
-        root /vods;
+        root /data/videos;

        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;

-        location ^~ /vods {
+        location ^~ /data/videos {
          autoindex on;
-          alias /vods;
+          alias /data/videos;

          location ~* \.(ico|css|js|gif|jpeg|jpg|png|svg|webp)$ {
              expires 30d;
--- a/kubernetes/main/core/networking/traefik/helm-release.yaml
+++ b/kubernetes/main/core/networking/traefik/helm-release.yaml
@ -8,7 +8,7 @@ spec:
  chart:
    spec:
      chart: traefik
-      version: '30.1.0'
+      version: '31.1.0'
      sourceRef:
        kind: HelmRepository
        name: traefik-charts
Author	SHA1	Message	Date
Renovate Bot	ea6ba3b18e	feat(helm)!: Update chart traefik to 31.1.0	2024-09-18 13:08:13 +00:00
SeanOMik	d119ac6206	chore: remove domain name	2024-09-14 23:43:09 -04:00
SeanOMik	1e602ec8e7	fix(ganymede): fix after update broke it	2024-09-14 23:38:54 -04:00
SeanOMik	d4e5a254a7	fix(cdn): use custom nonroot nginx container with fancy index	2024-09-14 23:08:48 -04:00