diff --git a/kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml b/kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml index 662800c557..da36741b99 100644 --- a/kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml +++ b/kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml @@ -90,6 +90,10 @@ spec: databases: ["kyoo"] password: type: AlphaNumeric + - name: "kyoo-all" + databases: ["kyoo_back", "kyoo_transcoder"] + password: + type: AlphaNumeric - name: "paperless" databases: ["paperless"] password: diff --git a/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml b/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml index b6a109ebc3..79acdfce52 100644 --- a/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml +++ b/kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml @@ -40,7 +40,7 @@ spec: MEILI_MASTER_KEY: valueFrom: secretKeyRef: - name: kyoo-secret + name: &secret kyoo-secret key: MEILI_MASTER_KEY probes: liveness: &searchprobes @@ -76,7 +76,7 @@ spec: tag: 4-alpine envFrom: &envFrom - secretRef: - name: kyoo-secret + name: *secret - configMapRef: name: kyoo-config resources: @@ -95,7 +95,7 @@ spec: 01-migrations: envFrom: - secretRef: - name: kyoo-secret + name: *secret image: repository: ghcr.io/zoriya/kyoo_migrations tag: 4.7.0@sha256:564c05b0c166c8f20ad52382dc1adf64170274183a154dcefc9ff613c4424a18 @@ -108,7 +108,7 @@ spec: TRANSCODER_URL: http://kyoo-transcoder:7666 envFrom: - secretRef: - name: kyoo-secret + name: *secret resources: requests: cpu: 10m @@ -200,7 +200,7 @@ spec: app: image: repository: ghcr.io/zoriya/kyoo_transcoder - tag: 4.6.0@sha256:30c5ae13dc7b9934e5eb45c345eaf16db750861c6ef7d8b92afed83e6298c524 + tag: 4.7.0@sha256:30c5ae13dc7b9934e5eb45c345eaf16db750861c6ef7d8b92afed83e6298c524 envFrom: *envFrom resources: requests: diff --git a/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml b/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml index 88a2ccbb45..ef1d23822c 100644 --- a/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml +++ b/kubernetes/main/apps/media/kyoo/app/externalsecret.yaml @@ -3,18 +3,15 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: &name kyoo-chart-secret + name: &name kyoo-secret spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect target: name: *name template: engineVersion: v2 data: # App - kyoo_apikeys: '{{ .KYOO_API_KEY }}' + KYOO_API_KEY: '{{ .KYOO_API_KEY }}' TMDB_API_KEY: '{{ .TMDB_API_KEY }}' TVDB_APIKEY: "" TVDB_PIN: "" @@ -31,13 +28,27 @@ spec: OIDC_AUTHENTIK_TOKEN: https://sso.${SECRET_DOMAIN}/application/o/token/ OIDC_AUTHENTIK_PROFILE: https://sso.${SECRET_DOMAIN}/application/o/userinfo/ OIDC_AUTHENTIK_SCOPE: openid email profile - clientId: '{{ .KYOO_CLIENT_ID }}' - clientSecret: '{{ .KYOO_CLIENT_SECRET }}' - # Postgres - POSTGRES_USER: kyoo_all #temp - POSTGRES_PASSWORD: watchSomething4me #temp + OIDC_AUTHENTIK_CLIENTID: '{{ .KYOO_CLIENT_ID }}' + OIDC_AUTHENTIK_SECRET: '{{ .KYOO_CLIENT_SECRET }}' + # Database + POSTGRES_DB: '{{ .dbname }}' + POSTGRES_SERVER: '{{ .host }}' + POSTGRES_PORT: '{{ .port }}' + POSTGRES_USER: '{{ .user }}' + POSTGRES_PASSWORD: '{{ .password }}' dataFrom: - extract: key: kyoo + sourceRef: &onepass + storeRef: + kind: ClusterSecretStore + name: onepassword-connect - extract: key: kometa + sourceRef: *onepass + - extract: + key: postgres-pguser-kyoo + sourceRef: + storeRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets diff --git a/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml b/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml index 0654ace372..3a40570385 100644 --- a/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/kyoo/app/helmrelease.yaml @@ -8,10 +8,11 @@ spec: interval: 15m chart: spec: - chart: ./chart + chart: kyoo + version: 4.7.1 sourceRef: - kind: GitRepository - name: kyoo + kind: HelmRepository + name: zoriya namespace: flux-system install: createNamespace: true @@ -22,114 +23,91 @@ spec: strategy: rollback retries: 3 values: - meilisearch: - enabled: true - postgresql: - enabled: true - auth: - secretKeys: - adminPasswordKey: POSTGRES_PASSWORD - userPasswordKey: POSTGRES_PASSWORD - rabbitmq: - enabled: true global: meilisearch: infra: - # DOES NOT SUPPORT SPECIFYING KEY. MUST BE NAMED `MEILI_MASTER_KEY` - existingSecret: &secret kyoo-chart-secret + existingSecret: &secret kyoo-secret kyoo_back: masterkeyKey: MEILI_MASTER_KEY existingSecret: *secret postgres: - #infra is only used by subchart deployment infra: - # subchart does not accept this global value in one place - # if updating be sure to also update postgresql.auth.username - user: kyoo_all - passwordKey: POSTGRES_PASSWORD - existingSecret: *secret + user: kyoo-all kyoo_back: - host: kyoo-chart-postgresql - port: 5432 - database: kyoo_back - kyoo_migrations: - userKey: POSTGRES_USER - passwordKey: POSTGRES_PASSWORD - existingSecret: *secret - kyoo_back: + host: &host postgres-pgbouncer.database.svc + kyoo_migrations: &psql userKey: POSTGRES_USER passwordKey: POSTGRES_PASSWORD existingSecret: *secret + kyoo_back: *psql kyoo_transcoder: - host: kyoo-chart-postgresql - port: 5432 + host: *host database: kyoo_transcoder - # POSTGRES_SCHEMA disabled means application will not create the schema - # and will instead use the user's search path - schema: disabled - kyoo_transcoder: - userKey: POSTGRES_USER - passwordKey: POSTGRES_PASSWORD - existingSecret: *secret + sslmode: require + kyoo_transcoder: *psql rabbitmq: - enabled: true - host: kyoo-rabbitmq - port: 5672 - #infra is only used by subchart deployment infra: passwordKey: RABBITMQ_PASS keyErlangCookie: RABBITMQ_COOKIE existingSecret: *secret - kyoo_autosync: - userKey: RABBITMQ_USER - passwordKey: RABBITMQ_PASS - existingSecret: *secret - kyoo_back: - userKey: RABBITMQ_USER - passwordKey: RABBITMQ_PASS - existingSecret: *secret - kyoo_matcher: - userKey: RABBITMQ_USER - passwordKey: RABBITMQ_PASS - existingSecret: *secret - kyoo_scanner: + kyoo_autosync: &rabbit userKey: RABBITMQ_USER passwordKey: RABBITMQ_PASS existingSecret: *secret + kyoo_back: *rabbit + kyoo_matcher: *rabbit + kyoo_scanner: *rabbit kyoo: address: https://kyoo-chart.${SECRET_DOMAIN} - requireAccountVerification: true - defaultPermissions: "overall.read,overall.play" - unloggedPermissions: "" - libraryIgnorePattern: "" - languages: "en" - # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia) - transcoderAcceleration: vaapi - # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels - # warning: using vaapi hwaccel disable presets (they are not supported). - transcoderPreset: fast + transcoderAcceleration: vaapi # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia) apikey: existingSecret: *secret - apikeyKey: kyoo_apikeys - oidc: - enabled: false - existingSecret: *secret - authMethod: ClientSecretBasic + apikeyKey: KYOO_API_KEY + oidc_providers: + - name: Authentik + existingSecret: *secret + clientIdKey: OIDC_AUTHENTIK_CLIENTID + clientSecretKey: OIDC_AUTHENTIK_SECRET + logo: https://sso.${SECRET_DOMAIN}/static/dist/assets/icons/icon.png + authorizationAddress: https://sso.${SECRET_DOMAIN}/application/o/authorize/ + tokenAddress: https://sso.${SECRET_DOMAIN}/application/o/token/ + profileAddress: https://sso.${SECRET_DOMAIN}/application/o/userinfo/ + scope: "openid email profile" + authMethod: ClientSecretBasic + + media: + volumes: + - name: media + nfs: + server: voyager.internal + path: ${SECRET_NFS_DATA:=temp} + volumeMounts: + - mountPath: &path /media + name: media + readOnly: true + baseMountPath: *path contentdatabase: - # TheMovieDB tmdb: apikeyKey: TMDB_API_KEY existingSecret: *secret - # TVDatabase tvdb: apikeyKey: TVDB_APIKEY pinKey: TVDB_PIN existingSecret: *secret + back: + persistence: + existingClaim: *app + ingress: enabled: true ingressClassName: external - host: kyoo-chart.${SECRET_DOMAIN} + host: kyoo.${SECRET_DOMAIN} tls: true + + meilisearch: + enabled: true + rabbitmq: + enabled: true diff --git a/kubernetes/main/apps/media/kyoo/app/kustomization.yaml b/kubernetes/main/apps/media/kyoo/app/kustomization.yaml index b361ab74ab..392515153a 100644 --- a/kubernetes/main/apps/media/kyoo/app/kustomization.yaml +++ b/kubernetes/main/apps/media/kyoo/app/kustomization.yaml @@ -5,6 +5,6 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./pvc.yaml + # - ./pvc.yaml - ../../../../../shared/templates/gatus/external - ../../../../../shared/templates/volsync diff --git a/kubernetes/main/apps/media/kyoo/app/pvc.yaml b/kubernetes/main/apps/media/kyoo/app/pvc.yaml index 7f16c0025f..b8d9ce2c7f 100644 --- a/kubernetes/main/apps/media/kyoo/app/pvc.yaml +++ b/kubernetes/main/apps/media/kyoo/app/pvc.yaml @@ -2,19 +2,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: media -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - storageClassName: ceph-filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: transcoder-storage + name: kyoo-transcoder spec: accessModes: - ReadWriteOnce diff --git a/kubernetes/main/apps/media/kyoo/ks.yaml b/kubernetes/main/apps/media/kyoo/ks.yaml index 0f7ba583e5..bee44fe778 100644 --- a/kubernetes/main/apps/media/kyoo/ks.yaml +++ b/kubernetes/main/apps/media/kyoo/ks.yaml @@ -1,31 +1,3 @@ -# --- -# # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -# apiVersion: kustomize.toolkit.fluxcd.io/v1 -# kind: Kustomization -# metadata: -# name: &app kyoo-chart -# namespace: flux-system -# spec: -# targetNamespace: media -# commonMetadata: -# labels: -# app.kubernetes.io/name: *app -# dependsOn: -# - name: external-secrets-stores -# - name: volsync -# path: ./kubernetes/main/apps/media/kyoo/app -# prune: true -# sourceRef: -# kind: GitRepository -# name: home-kubernetes -# wait: false # no flux ks dependents -# interval: 30m -# timeout: 5m -# postBuild: -# substitute: -# APP: *app -# VOLSYNC_CLAIM: back-storage -# VOLSYNC_CAPACITY: 30Gi --- # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -41,7 +13,7 @@ spec: dependsOn: - name: external-secrets-stores - name: volsync - path: ./kubernetes/main/apps/media/kyoo/app-template + path: ./kubernetes/main/apps/media/kyoo/app prune: true sourceRef: kind: GitRepository @@ -53,3 +25,30 @@ spec: substitute: APP: *app VOLSYNC_CAPACITY: 30Gi +# --- +# # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +# apiVersion: kustomize.toolkit.fluxcd.io/v1 +# kind: Kustomization +# metadata: +# name: &app kyoo +# namespace: flux-system +# spec: +# targetNamespace: media +# commonMetadata: +# labels: +# app.kubernetes.io/name: *app +# dependsOn: +# - name: external-secrets-stores +# - name: volsync +# path: ./kubernetes/main/apps/media/kyoo/app-template +# prune: true +# sourceRef: +# kind: GitRepository +# name: home-kubernetes +# wait: false # no flux ks dependents +# interval: 30m +# timeout: 5m +# postBuild: +# substitute: +# APP: *app +# VOLSYNC_CAPACITY: 30Gi diff --git a/kubernetes/main/flux/repos/kustomization.yaml b/kubernetes/main/flux/repos/kustomization.yaml index f8ffbdd5d0..8a8be471cf 100644 --- a/kubernetes/main/flux/repos/kustomization.yaml +++ b/kubernetes/main/flux/repos/kustomization.yaml @@ -12,3 +12,4 @@ resources: - ./itzg.yaml - ./rook-ceph.yaml - ./userinit-controller.yaml + - ./zoriya.yaml diff --git a/kubernetes/main/flux/repos/zoriya.yaml b/kubernetes/main/flux/repos/zoriya.yaml new file mode 100644 index 0000000000..03d7131b63 --- /dev/null +++ b/kubernetes/main/flux/repos/zoriya.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: zoriya + namespace: flux-system +spec: + type: oci + interval: 10m + url: oci://ghcr.io/zoriya/helm-charts