From 34264980ea320f62815ea6bb44579c843d3c1293 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Sat, 16 Dec 2023 15:48:31 -0600 Subject: [PATCH] feat(media): deploy maintainerr --- kubernetes/apps/media/kustomization.yaml | 1 + .../media/maintainerr/app/helmrelease.yaml | 81 ++++++++++++++++++ .../media/maintainerr/app/kustomization.yaml | 6 ++ .../apps/media/maintainerr/app/volsync.yaml | 85 +++++++++++++++++++ kubernetes/apps/media/maintainerr/ks.yaml | 21 +++++ 5 files changed, 194 insertions(+) create mode 100644 kubernetes/apps/media/maintainerr/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/maintainerr/app/kustomization.yaml create mode 100644 kubernetes/apps/media/maintainerr/app/volsync.yaml create mode 100644 kubernetes/apps/media/maintainerr/ks.yaml diff --git a/kubernetes/apps/media/kustomization.yaml b/kubernetes/apps/media/kustomization.yaml index 7457f26633..bdedc032bd 100644 --- a/kubernetes/apps/media/kustomization.yaml +++ b/kubernetes/apps/media/kustomization.yaml @@ -7,6 +7,7 @@ resources: - ./autobrr/ks.yaml - ./bazarr/ks.yaml - ./flaresolverr/ks.yaml + - ./maintainerr/ks.yaml - ./overseerr/ks.yaml - ./plex/ks.yaml - ./prowlarr/ks.yaml diff --git a/kubernetes/apps/media/maintainerr/app/helmrelease.yaml b/kubernetes/apps/media/maintainerr/app/helmrelease.yaml new file mode 100644 index 0000000000..0daca8caf0 --- /dev/null +++ b/kubernetes/apps/media/maintainerr/app/helmrelease.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &app maintainerr +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 2.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s-charts + namespace: flux-system + maxHistory: 2 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + main: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: docker.io/jorenn92/maintainerr + tag: 1.6.10 + resources: + requests: + cpu: 5m + memory: 128M + limits: + memory: 512M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + ingress: + main: + enabled: true + className: internal + annotations: + hajimari.io/icon: carbon:clean + hosts: + - host: &host "{{ .Release.Name }}.${PUBLIC_DOMAIN}" + paths: + - path: / + service: + name: main + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + existingClaim: *app + globalMounts: + - path: /opt/data + service: + main: + ports: + http: + port: 80 diff --git a/kubernetes/apps/media/maintainerr/app/kustomization.yaml b/kubernetes/apps/media/maintainerr/app/kustomization.yaml new file mode 100644 index 0000000000..a82a3e6b99 --- /dev/null +++ b/kubernetes/apps/media/maintainerr/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./volsync.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/media/maintainerr/app/volsync.yaml b/kubernetes/apps/media/maintainerr/app/volsync.yaml new file mode 100644 index 0000000000..df273d0deb --- /dev/null +++ b/kubernetes/apps/media/maintainerr/app/volsync.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: maintainerr-restic +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: maintainerr-restic-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/maintainerr" + RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" + AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" + AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" + dataFrom: + - extract: + key: volsync-restic-template +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: maintainerr +spec: + accessModes: ["ReadWriteOnce"] + dataSourceRef: + kind: ReplicationDestination + apiGroup: volsync.backube + name: maintainerr-rdst + resources: + requests: + storage: 2Gi + storageClassName: ${CLUSTER_STORAGE_BLOCK} +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: maintainerr-rdst +spec: + trigger: + manual: restore-once + restic: + repository: maintainerr-restic-secret + copyMethod: Snapshot + accessModes: ["ReadWriteOnce"] + storageClassName: ${CLUSTER_STORAGE_BLOCK} + volumeSnapshotClassName: ${CLUSTER_SNAPSHOT_BLOCK} + cacheAccessModes: ["ReadWriteOnce"] + cacheCapacity: 8Gi + cacheStorageClassName: ${CLUSTER_STORAGE_HOSTPATH} + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: maintainerr-rsrc +spec: + sourcePVC: maintainerr + trigger: + schedule: "15 */8 * * *" + restic: + pruneIntervalDays: 10 + repository: maintainerr-restic-secret + copyMethod: Snapshot + accessModes: ["ReadWriteOnce"] + storageClassName: ${CLUSTER_STORAGE_BLOCK} + volumeSnapshotClassName: ${CLUSTER_SNAPSHOT_BLOCK} + cacheAccessModes: ["ReadWriteOnce"] + cacheCapacity: 8Gi + cacheStorageClassName: ${CLUSTER_STORAGE_HOSTPATH} + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + retain: + daily: 10 + within: 3d diff --git a/kubernetes/apps/media/maintainerr/ks.yaml b/kubernetes/apps/media/maintainerr/ks.yaml new file mode 100644 index 0000000000..54fe2f0041 --- /dev/null +++ b/kubernetes/apps/media/maintainerr/ks.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-maintainerr + namespace: flux-system +spec: + targetNamespace: media + dependsOn: + - name: cluster-apps-volsync + - name: cluster-apps-rook-ceph-cluster + - name: cluster-apps-external-secrets-stores + path: ./kubernetes/apps/media/maintainerr/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m