diff --git a/kubernetes/main/apps/media/kyoo/app/configs/config.yaml b/kubernetes/main/apps/media/kyoo/app-template/configs/config.yaml similarity index 100% rename from kubernetes/main/apps/media/kyoo/app/configs/config.yaml rename to kubernetes/main/apps/media/kyoo/app-template/configs/config.yaml diff --git a/kubernetes/main/apps/media/kyoo/app-template/externalsecret.yaml b/kubernetes/main/apps/media/kyoo/app-template/externalsecret.yaml new file mode 100644 index 0000000000..ab3c886042 --- /dev/null +++ b/kubernetes/main/apps/media/kyoo/app-template/externalsecret.yaml @@ -0,0 +1,67 @@ +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name kyoo-secret +spec: + secretStoreRef: + name: bitwarden-secrets-manager + kind: ClusterSecretStore + refreshInterval: 15m + target: + name: *name + template: + engineVersion: v2 + data: + # App + KYOO_APIKEYS: '{{ .KYOO_API_KEY }}' + THEMOVIEDB_APIKEY: '{{ .TMDB_API_KEY }}' + #Meili + MEILI_HOST: http://kyoo-meilisearch:7700 + MEILI_MASTER_KEY: '{{ .MEILI_MASTER_KEY }}' + #RabbitMQ + RABBITMQ_DEFAULT_USER: kyoo + RABBITMQ_PORT: "5672" + RABBITMQ_HOST: kyoo-rabbitmq + RABBITMQ_DEFAULT_PASS: '{{ .RABBITMQ_PASS }}' + # OIDC + OIDC_AUTHENTIK_NAME: Authentik + OIDC_AUTHENTIK_LOGO: https://sso.${SECRET_DOMAIN}/static/dist/assets/icons/icon.png + OIDC_AUTHENTIK_AUTHORIZATION: https://sso.${SECRET_DOMAIN}/application/o/authorize/ + OIDC_AUTHENTIK_TOKEN: https://sso.${SECRET_DOMAIN}/application/o/token/ + OIDC_AUTHENTIK_PROFILE: https://sso.${SECRET_DOMAIN}/application/o/userinfo/ + OIDC_AUTHENTIK_SCOPE: openid email profile + OIDC_AUTHENTIK_CLIENTID: '{{ .KYOO_CLIENT_ID }}' + OIDC_AUTHENTIK_SECRET: '{{ .KYOO_CLIENT_SECRET }}' + dataFrom: + - extract: + key: kyoo + - extract: + key: kometa +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name kyoo-db-secret +spec: + refreshInterval: 1m + secretStoreRef: + name: crunchy-pgo-secrets + kind: ClusterSecretStore + target: + name: kyoo-secret + creationPolicy: Merge + deletionPolicy: Retain + template: + type: Opaque + data: + POSTGRES_DB: '{{ .dbname }}' + POSTGRES_SERVER: '{{ index . "pgbouncer-host" }}' + POSTGRES_PORT: '{{ .port }}' + POSTGRES_USER: '{{ .user }}' + POSTGRES_PASSWORD: '{{ .password }}' + dataFrom: + - extract: + key: postgres-pguser-kyoo diff --git a/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml b/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml new file mode 100644 index 0000000000..c5e7b296ea --- /dev/null +++ b/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml @@ -0,0 +1,312 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app kyoo +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 3.5.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + strategy: rollback + retries: 3 + values: + controllers: + meilisearch: + labels: + nfsMount: "true" + postgres: "true" + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: docker.io/getmeili/meilisearch + tag: v1.10 + env: + MEILI_ENV: production + MEILI_MASTER_KEY: + valueFrom: + secretKeyRef: + name: kyoo-secret + key: MEILI_MASTER_KEY + probes: + liveness: &searchprobes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: &searchport 7700 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *searchprobes + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 10 + resources: + requests: + cpu: 5m + limits: + memory: 1Gi + + rabbitmq: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: docker.io/rabbitmq + tag: 4-alpine + envFrom: &envFrom + - secretRef: + name: kyoo-secret + - configMapRef: + name: kyoo-config + resources: + requests: + cpu: 5m + limits: + memory: 300Mi + + back: + labels: + nfsMount: "true" + strategy: Recreate + annotations: + reloader.stakater.com/auto: "true" + initContainers: + 01-migrations: + envFrom: + - secretRef: + name: kyoo-secret + image: + repository: ghcr.io/zoriya/kyoo_migrations + tag: edge@sha256:97efa508eaf657544345803569a1243b36f3603bee3d64d9bc7f9ebbaf0fdc13 + containers: + app: + image: + repository: ghcr.io/zoriya/kyoo_back + tag: edge@sha256:96572254d19bd9509df9ae6df97dd782638710244c3ec8f1dc43e508c30882db + env: + TRANSCODER_URL: http://kyoo-transcoder:7666 + envFrom: *envFrom + resources: + requests: + cpu: 10m + memory: 1Gi + limits: + cpu: 4000m + memory: 8Gi + + front: + labels: + nfsMount: "true" + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/zoriya/kyoo_front + tag: edge@sha256:ffb5119371b4ba505687ff814f8aac963a411b285297c364def0d6af59255b09 + envFrom: *envFrom + resources: + requests: + cpu: 5m + memory: 100Mi + limits: + memory: 1Gi + + scanner: + labels: + nfsMount: "true" + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: &scannerimage ghcr.io/zoriya/kyoo_scanner + tag: &scannertag edge@sha256:92279694b8a00f90295f3acd5124a130c83d8560e60803ac6fc96572ec153b05 + envFrom: *envFrom + resources: + requests: + cpu: 5m + limits: + memory: 1Gi + + matcher: + labels: + nfsMount: "true" + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: *scannerimage + tag: *scannertag + args: ["matcher"] + envFrom: *envFrom + resources: + requests: + cpu: 5m + limits: + memory: 400Mi + + autosync: + labels: + nfsMount: "true" + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/zoriya/kyoo_autosync + tag: 4.7.0@sha256:eca5415548a41181a59251b42c5ad8daa2b7a4f847d8c0f780b25a8da75a102f + envFrom: *envFrom + resources: + requests: + cpu: 5m + limits: + memory: 100Mi + + transcoder: + labels: + nfsMount: "true" + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/zoriya/kyoo_transcoder + tag: edge@sha256:d81bcebc132f68b728e771dd70575bde5e2edc9b2bec1927e79a0419fc139e6c + envFrom: *envFrom + resources: + requests: + cpu: 10m + memory: 500Mi + limits: + gpu.intel.com/i915: 1 + memory: 8Gi + pod: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: ["plex"] + topologyKey: kubernetes.io/hostname + nodeSelector: + intel.feature.node.kubernetes.io/gpu: "true" + + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [44, 10000] + seccompProfile: { type: RuntimeDefault } + service: + back: + controller: back + ports: + http: + port: 5000 + front: + controller: front + ports: + http: + port: 8901 + rabbitmq: + controller: rabbitmq + ports: + http: + port: 5672 + meilisearch: + controller: meilisearch + ports: + http: + port: *searchport + transcoder: + controller: transcoder + ports: + http: + port: 7666 + ingress: + main: + className: external + annotations: + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite /api/(.*) /$1 break; + nignx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + external-dns.alpha.kubernetes.io/target: external.${SECRET_DOMAIN} + hosts: + - host: kyoo.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + service: + identifier: front + port: http + - path: /api + pathType: Prefix + service: + identifier: back + port: http + persistence: + kyoo: + existingClaim: *app + advancedMounts: + back: + app: + - path: /metadata + search: + existingClaim: kyoo-meilisearch + advancedMounts: + meilisearch: + app: + - path: /meili_data + transcoder-metadata: + existingClaim: kyoo-transcoder-metadata + advancedMounts: + transcoder: + app: + - path: /metadata + cache: + type: emptyDir + advancedMounts: + transcoder: + app: + - path: /cache + media: + type: nfs + server: voyager.internal + path: ${SECRET_NFS_DATA:=temp} + globalMounts: + - path: /data + subPath: media + readOnly: true diff --git a/kubernetes/main/apps/media/kyoo/app-template/kustomization.yaml b/kubernetes/main/apps/media/kyoo/app-template/kustomization.yaml new file mode 100644 index 0000000000..ccc1dfdb9e --- /dev/null +++ b/kubernetes/main/apps/media/kyoo/app-template/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ./pvc.yaml + - ./configs/config.yaml + - ../../../../templates/gatus/external + - ../../../../templates/volsync diff --git a/kubernetes/main/apps/media/kyoo/app-template/pvc.yaml b/kubernetes/main/apps/media/kyoo/app-template/pvc.yaml new file mode 100644 index 0000000000..ec5166e1c1 --- /dev/null +++ b/kubernetes/main/apps/media/kyoo/app-template/pvc.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-meilisearch +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: ceph-block +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-transcoder-metadata +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: ceph-block diff --git a/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml b/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml index ab3c886042..75e2f9c5a8 100644 --- a/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml +++ b/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml @@ -3,7 +3,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: &name kyoo-secret + name: &name kyoo-chart-secret spec: secretStoreRef: name: bitwarden-secrets-manager @@ -15,16 +15,16 @@ spec: engineVersion: v2 data: # App - KYOO_APIKEYS: '{{ .KYOO_API_KEY }}' - THEMOVIEDB_APIKEY: '{{ .TMDB_API_KEY }}' + kyoo_apikeys: '{{ .KYOO_API_KEY }}' + TMDB_API_KEY: '{{ .TMDB_API_KEY }}' + TVDB_APIKEY: "" + TVDB_PIN: "" #Meili - MEILI_HOST: http://kyoo-meilisearch:7700 MEILI_MASTER_KEY: '{{ .MEILI_MASTER_KEY }}' #RabbitMQ - RABBITMQ_DEFAULT_USER: kyoo - RABBITMQ_PORT: "5672" - RABBITMQ_HOST: kyoo-rabbitmq - RABBITMQ_DEFAULT_PASS: '{{ .RABBITMQ_PASS }}' + RABBITMQ_USER: kyoo + RABBITMQ_COOKIE: '{{ .RABBITMQ_COOKIE }}' + RABBITMQ_PASS: '{{ .RABBITMQ_PASS }}' # OIDC OIDC_AUTHENTIK_NAME: Authentik OIDC_AUTHENTIK_LOGO: https://sso.${SECRET_DOMAIN}/static/dist/assets/icons/icon.png @@ -32,36 +32,13 @@ spec: OIDC_AUTHENTIK_TOKEN: https://sso.${SECRET_DOMAIN}/application/o/token/ OIDC_AUTHENTIK_PROFILE: https://sso.${SECRET_DOMAIN}/application/o/userinfo/ OIDC_AUTHENTIK_SCOPE: openid email profile - OIDC_AUTHENTIK_CLIENTID: '{{ .KYOO_CLIENT_ID }}' - OIDC_AUTHENTIK_SECRET: '{{ .KYOO_CLIENT_SECRET }}' + clientId: '{{ .KYOO_CLIENT_ID }}' + clientSecret: '{{ .KYOO_CLIENT_SECRET }}' + # Postgres + POSTGRES_USER: kyoo_all #temp + POSTGRES_PASSWORD: watchSomething4me #temp dataFrom: - extract: key: kyoo - extract: key: kometa ---- -# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: &name kyoo-db-secret -spec: - refreshInterval: 1m - secretStoreRef: - name: crunchy-pgo-secrets - kind: ClusterSecretStore - target: - name: kyoo-secret - creationPolicy: Merge - deletionPolicy: Retain - template: - type: Opaque - data: - POSTGRES_DB: '{{ .dbname }}' - POSTGRES_SERVER: '{{ index . "pgbouncer-host" }}' - POSTGRES_PORT: '{{ .port }}' - POSTGRES_USER: '{{ .user }}' - POSTGRES_PASSWORD: '{{ .password }}' - dataFrom: - - extract: - key: postgres-pguser-kyoo diff --git a/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml b/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml index c5e7b296ea..fcc0309738 100644 --- a/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml @@ -1,18 +1,17 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +# yaml-language-server: $schema=https://kube-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: &app kyoo + name: &app kyoo-chart spec: interval: 15m chart: spec: - chart: app-template - version: 3.5.0 + chart: ./chart sourceRef: - kind: HelmRepository - name: bjw-s + kind: GitRepository + name: kyoo namespace: flux-system install: createNamespace: true @@ -23,290 +22,116 @@ spec: strategy: rollback retries: 3 values: - controllers: + meilisearch: + enabled: true + postgresql: + enabled: true + auth: + secretKeys: + adminPasswordKey: POSTGRES_PASSWORD + userPasswordKey: POSTGRES_PASSWORD + rabbitmq: + enabled: true + global: meilisearch: - labels: - nfsMount: "true" - postgres: "true" - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: docker.io/getmeili/meilisearch - tag: v1.10 - env: - MEILI_ENV: production - MEILI_MASTER_KEY: - valueFrom: - secretKeyRef: - name: kyoo-secret - key: MEILI_MASTER_KEY - probes: - liveness: &searchprobes - enabled: true - custom: true - spec: - httpGet: - path: /health - port: &searchport 7700 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *searchprobes - startup: - enabled: true - spec: - failureThreshold: 30 - periodSeconds: 10 - resources: - requests: - cpu: 5m - limits: - memory: 1Gi - + infra: + # DOES NOT SUPPORT SPECIFYING KEY. MUST BE NAMED `MEILI_MASTER_KEY` + existingSecret: &secret kyoo-chart-secret + kyoo_back: + masterkeyKey: MEILI_MASTER_KEY + existingSecret: *secret + postgres: + #infra is only used by subchart deployment + infra: + # subchart does not accept this global value in one place + # if updating be sure to also update postgresql.auth.username + user: kyoo_all + passwordKey: POSTGRES_PASSWORD + existingSecret: *secret + kyoo_back: + host: kyoo-chart-postgresql + port: 5432 + database: kyoo_back + kyoo_migrations: + userKey: POSTGRES_USER + passwordKey: POSTGRES_PASSWORD + existingSecret: *secret + kyoo_back: + userKey: POSTGRES_USER + passwordKey: POSTGRES_PASSWORD + existingSecret: *secret + kyoo_transcoder: + host: kyoo-chart-postgresql + port: 5432 + database: kyoo_transcoder + # POSTGRES_SCHEMA disabled means application will not create the schema + # and will instead use the user's search path + schema: disabled + kyoo_transcoder: + userKey: POSTGRES_USER + passwordKey: POSTGRES_PASSWORD + existingSecret: *secret rabbitmq: - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: docker.io/rabbitmq - tag: 4-alpine - envFrom: &envFrom - - secretRef: - name: kyoo-secret - - configMapRef: - name: kyoo-config - resources: - requests: - cpu: 5m - limits: - memory: 300Mi - - back: - labels: - nfsMount: "true" - strategy: Recreate - annotations: - reloader.stakater.com/auto: "true" - initContainers: - 01-migrations: - envFrom: - - secretRef: - name: kyoo-secret - image: - repository: ghcr.io/zoriya/kyoo_migrations - tag: edge@sha256:97efa508eaf657544345803569a1243b36f3603bee3d64d9bc7f9ebbaf0fdc13 - containers: - app: - image: - repository: ghcr.io/zoriya/kyoo_back - tag: edge@sha256:96572254d19bd9509df9ae6df97dd782638710244c3ec8f1dc43e508c30882db - env: - TRANSCODER_URL: http://kyoo-transcoder:7666 - envFrom: *envFrom - resources: - requests: - cpu: 10m - memory: 1Gi - limits: - cpu: 4000m - memory: 8Gi - - front: - labels: - nfsMount: "true" - replicas: 1 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: ghcr.io/zoriya/kyoo_front - tag: edge@sha256:ffb5119371b4ba505687ff814f8aac963a411b285297c364def0d6af59255b09 - envFrom: *envFrom - resources: - requests: - cpu: 5m - memory: 100Mi - limits: - memory: 1Gi - - scanner: - labels: - nfsMount: "true" - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: &scannerimage ghcr.io/zoriya/kyoo_scanner - tag: &scannertag edge@sha256:92279694b8a00f90295f3acd5124a130c83d8560e60803ac6fc96572ec153b05 - envFrom: *envFrom - resources: - requests: - cpu: 5m - limits: - memory: 1Gi + enabled: true + host: kyoo-rabbitmq + port: 5672 + #infra is only used by subchart deployment + infra: + passwordKey: RABBITMQ_PASS + keyErlangCookie: RABBITMQ_COOKIE + existingSecret: *secret + kyoo_autosync: + userKey: RABBITMQ_USER + passwordKey: RABBITMQ_PASS + existingSecret: *secret + kyoo_back: + userKey: RABBITMQ_USER + passwordKey: RABBITMQ_PASS + existingSecret: *secret + kyoo_matcher: + userKey: RABBITMQ_USER + passwordKey: RABBITMQ_PASS + existingSecret: *secret + kyoo_scanner: + userKey: RABBITMQ_USER + passwordKey: RABBITMQ_PASS + existingSecret: *secret - matcher: - labels: - nfsMount: "true" - replicas: 1 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: *scannerimage - tag: *scannertag - args: ["matcher"] - envFrom: *envFrom - resources: - requests: - cpu: 5m - limits: - memory: 400Mi + kyoo: + address: https://kyoo-chart.${SECRET_DOMAIN} + requireAccountVerification: true + defaultPermissions: "overall.read,overall.play" + unloggedPermissions: "" + libraryIgnorePattern: "" + languages: "en" + # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia) + transcoderAcceleration: vaapi + # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels + # warning: using vaapi hwaccel disable presets (they are not supported). + transcoderPreset: fast + apikey: + existingSecret: *secret + apikeyKey: kyoo_apikeys + oidc: + enabled: false + existingSecret: *secret + authMethod: ClientSecretBasic - autosync: - labels: - nfsMount: "true" - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: ghcr.io/zoriya/kyoo_autosync - tag: 4.7.0@sha256:eca5415548a41181a59251b42c5ad8daa2b7a4f847d8c0f780b25a8da75a102f - envFrom: *envFrom - resources: - requests: - cpu: 5m - limits: - memory: 100Mi + contentdatabase: + # TheMovieDB + tmdb: + apikeyKey: TMDB_API_KEY + existingSecret: *secret + # TVDatabase + tvdb: + apikeyKey: TVDB_APIKEY + pinKey: TVDB_PIN + existingSecret: *secret - transcoder: - labels: - nfsMount: "true" - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: ghcr.io/zoriya/kyoo_transcoder - tag: edge@sha256:d81bcebc132f68b728e771dd70575bde5e2edc9b2bec1927e79a0419fc139e6c - envFrom: *envFrom - resources: - requests: - cpu: 10m - memory: 500Mi - limits: - gpu.intel.com/i915: 1 - memory: 8Gi - pod: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["plex"] - topologyKey: kubernetes.io/hostname - nodeSelector: - intel.feature.node.kubernetes.io/gpu: "true" - - defaultPodOptions: - securityContext: - runAsNonRoot: true - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [44, 10000] - seccompProfile: { type: RuntimeDefault } - service: - back: - controller: back - ports: - http: - port: 5000 - front: - controller: front - ports: - http: - port: 8901 - rabbitmq: - controller: rabbitmq - ports: - http: - port: 5672 - meilisearch: - controller: meilisearch - ports: - http: - port: *searchport - transcoder: - controller: transcoder - ports: - http: - port: 7666 ingress: - main: - className: external - annotations: - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite /api/(.*) /$1 break; - nignx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - external-dns.alpha.kubernetes.io/target: external.${SECRET_DOMAIN} - hosts: - - host: kyoo.${SECRET_DOMAIN} - paths: - - path: / - pathType: Prefix - service: - identifier: front - port: http - - path: /api - pathType: Prefix - service: - identifier: back - port: http - persistence: - kyoo: - existingClaim: *app - advancedMounts: - back: - app: - - path: /metadata - search: - existingClaim: kyoo-meilisearch - advancedMounts: - meilisearch: - app: - - path: /meili_data - transcoder-metadata: - existingClaim: kyoo-transcoder-metadata - advancedMounts: - transcoder: - app: - - path: /metadata - cache: - type: emptyDir - advancedMounts: - transcoder: - app: - - path: /cache - media: - type: nfs - server: voyager.internal - path: ${SECRET_NFS_DATA:=temp} - globalMounts: - - path: /data - subPath: media - readOnly: true + enabled: true + ingressClassName: external + annotations: + external-dns.alpha.kubernetes.io/target: external.${SECRET_DOMAIN} + host: kyoo-chart.${SECRET_DOMAIN} + tls: true diff --git a/kubernetes/main/apps/media/kyoo/app/kustomization.yaml b/kubernetes/main/apps/media/kyoo/app/kustomization.yaml index ccc1dfdb9e..29d22e7d59 100644 --- a/kubernetes/main/apps/media/kyoo/app/kustomization.yaml +++ b/kubernetes/main/apps/media/kyoo/app/kustomization.yaml @@ -6,6 +6,5 @@ resources: - ./externalsecret.yaml - ./helmrelease.yaml - ./pvc.yaml - - ./configs/config.yaml - ../../../../templates/gatus/external - ../../../../templates/volsync diff --git a/kubernetes/main/apps/media/kyoo/app/pvc.yaml b/kubernetes/main/apps/media/kyoo/app/pvc.yaml index ec5166e1c1..7f16c0025f 100644 --- a/kubernetes/main/apps/media/kyoo/app/pvc.yaml +++ b/kubernetes/main/apps/media/kyoo/app/pvc.yaml @@ -2,19 +2,19 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: kyoo-meilisearch + name: media spec: accessModes: - - ReadWriteOnce + - ReadWriteMany resources: requests: storage: 5Gi - storageClassName: ceph-block + storageClassName: ceph-filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: kyoo-transcoder-metadata + name: transcoder-storage spec: accessModes: - ReadWriteOnce diff --git a/kubernetes/main/apps/media/kyoo/ks.yaml b/kubernetes/main/apps/media/kyoo/ks.yaml index 2b0c23dd20..3f4b0ce093 100644 --- a/kubernetes/main/apps/media/kyoo/ks.yaml +++ b/kubernetes/main/apps/media/kyoo/ks.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app kyoo + name: &app kyoo-chart namespace: flux-system spec: targetNamespace: media @@ -21,6 +21,34 @@ spec: interval: 30m retryInterval: 1m timeout: 5m + postBuild: + substitute: + APP: *app + CLAIM: back-storage + VOLSYNC_CAPACITY: 30Gi +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kyoo + namespace: flux-system +spec: + targetNamespace: media + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/main/apps/media/kyoo/app-template + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m postBuild: substitute: APP: *app diff --git a/kubernetes/main/flux/repositories/git/kustomization.yaml b/kubernetes/main/flux/repositories/git/kustomization.yaml index 8fb7c1427d..f27ddf9600 100644 --- a/kubernetes/main/flux/repositories/git/kustomization.yaml +++ b/kubernetes/main/flux/repositories/git/kustomization.yaml @@ -2,4 +2,5 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] +resources: + - ./kyoo.yaml diff --git a/kubernetes/main/flux/repositories/git/kyoo.yaml b/kubernetes/main/flux/repositories/git/kyoo.yaml new file mode 100644 index 0000000000..b24cbcc54c --- /dev/null +++ b/kubernetes/main/flux/repositories/git/kyoo.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: kyoo + namespace: flux-system +spec: + interval: 5m + url: https://github.com/zoriya/Kyoo + ref: + branch: master diff --git a/kubernetes/main/flux/repositories/kustomization.yaml b/kubernetes/main/flux/repositories/kustomization.yaml index d6b26ce53d..3267ebf08c 100644 --- a/kubernetes/main/flux/repositories/kustomization.yaml +++ b/kubernetes/main/flux/repositories/kustomization.yaml @@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - # - ./git + - ./git - ./helm # - ./oci