feat: update to new 4.7.1 chart

kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml

@@ -90,6 +90,10 @@ spec:
       databases: ["kyoo"]
       password:
         type: AlphaNumeric
+    - name: "kyoo-all"
+      databases: ["kyoo_back", "kyoo_transcoder"]
+      password:
+        type: AlphaNumeric
     - name: "paperless"
       databases: ["paperless"]
       password:

kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml

@@ -40,7 +40,7 @@ spec:
               MEILI_MASTER_KEY:
                 valueFrom:
                   secretKeyRef:
-                    name: kyoo-secret
+                    name: &secret kyoo-secret
                     key: MEILI_MASTER_KEY
             probes:
               liveness: &searchprobes
@@ -76,7 +76,7 @@ spec:
               tag: 4-alpine
             envFrom: &envFrom
               - secretRef:
-                  name: kyoo-secret
+                  name: *secret
               - configMapRef:
                   name: kyoo-config
             resources:
@@ -95,7 +95,7 @@ spec:
           01-migrations:
             envFrom:
               - secretRef:
-                  name: kyoo-secret
+                  name: *secret
             image:
               repository: ghcr.io/zoriya/kyoo_migrations
               tag: 4.7.0@sha256:564c05b0c166c8f20ad52382dc1adf64170274183a154dcefc9ff613c4424a18
@@ -108,7 +108,7 @@ spec:
               TRANSCODER_URL: http://kyoo-transcoder:7666
             envFrom:
               - secretRef:
-                  name: kyoo-secret
+                  name: *secret
             resources:
               requests:
                 cpu: 10m
@@ -200,7 +200,7 @@ spec:
           app:
             image:
               repository: ghcr.io/zoriya/kyoo_transcoder
-              tag: 4.6.0@sha256:30c5ae13dc7b9934e5eb45c345eaf16db750861c6ef7d8b92afed83e6298c524
+              tag: 4.7.0@sha256:30c5ae13dc7b9934e5eb45c345eaf16db750861c6ef7d8b92afed83e6298c524
             envFrom: *envFrom
             resources:
               requests:

kubernetes/main/apps/media/kyoo/app/externalsecret.yaml

@@ -3,18 +3,15 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: &name kyoo-chart-secret
+  name: &name kyoo-secret
 spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
   target:
     name: *name
     template:
       engineVersion: v2
       data:
         # App
-        kyoo_apikeys: '{{ .KYOO_API_KEY }}'
+        KYOO_API_KEY: '{{ .KYOO_API_KEY }}'
         TMDB_API_KEY: '{{ .TMDB_API_KEY }}'
         TVDB_APIKEY: ""
         TVDB_PIN: ""
@@ -31,13 +28,27 @@ spec:
         OIDC_AUTHENTIK_TOKEN: https://sso.${SECRET_DOMAIN}/application/o/token/
         OIDC_AUTHENTIK_PROFILE: https://sso.${SECRET_DOMAIN}/application/o/userinfo/
         OIDC_AUTHENTIK_SCOPE: openid email profile
-        clientId: '{{ .KYOO_CLIENT_ID }}'
-        clientSecret: '{{ .KYOO_CLIENT_SECRET }}'
-        # Postgres
-        POSTGRES_USER: kyoo_all #temp
-        POSTGRES_PASSWORD: watchSomething4me #temp
+        OIDC_AUTHENTIK_CLIENTID: '{{ .KYOO_CLIENT_ID }}'
+        OIDC_AUTHENTIK_SECRET: '{{ .KYOO_CLIENT_SECRET }}'
+        # Database
+        POSTGRES_DB: '{{ .dbname }}'
+        POSTGRES_SERVER: '{{ .host }}'
+        POSTGRES_PORT: '{{ .port }}'
+        POSTGRES_USER: '{{ .user }}'
+        POSTGRES_PASSWORD: '{{ .password }}'
   dataFrom:
   - extract:
       key: kyoo
+    sourceRef: &onepass
+       storeRef:
+         kind: ClusterSecretStore
+         name: onepassword-connect
   - extract:
       key: kometa
+    sourceRef: *onepass
+  - extract:
+      key: postgres-pguser-kyoo
+    sourceRef:
+       storeRef:
+         kind: ClusterSecretStore
+         name: crunchy-pgo-secrets

kubernetes/main/apps/media/kyoo/app/helmrelease.yaml

@@ -8,10 +8,11 @@ spec:
   interval: 15m
   chart:
     spec:
-      chart: ./chart
+      chart: kyoo
+      version: 4.7.1
       sourceRef:
-        kind: GitRepository
-        name: kyoo
+        kind: HelmRepository
+        name: zoriya
         namespace: flux-system
   install:
     createNamespace: true
@@ -22,114 +23,91 @@ spec:
       strategy: rollback
       retries: 3
   values:
-    meilisearch:
-      enabled: true
-    postgresql:
-      enabled: true
-      auth:
-        secretKeys:
-          adminPasswordKey: POSTGRES_PASSWORD
-          userPasswordKey: POSTGRES_PASSWORD
-    rabbitmq:
-      enabled: true
     global:
       meilisearch:
         infra:
-          # DOES NOT SUPPORT SPECIFYING KEY.  MUST BE NAMED `MEILI_MASTER_KEY`
-          existingSecret: &secret kyoo-chart-secret
+          existingSecret: &secret kyoo-secret
         kyoo_back:
           masterkeyKey: MEILI_MASTER_KEY
           existingSecret: *secret
       postgres:
-        #infra is only used by subchart deployment
         infra:
-          # subchart does not accept this global value in one place
-          # if updating be sure to also update postgresql.auth.username
-          user: kyoo_all
-          passwordKey: POSTGRES_PASSWORD
-          existingSecret: *secret
+          user: kyoo-all
         kyoo_back:
-          host: kyoo-chart-postgresql
-          port: 5432
-          database: kyoo_back
-          kyoo_migrations:
-            userKey: POSTGRES_USER
-            passwordKey: POSTGRES_PASSWORD
-            existingSecret: *secret
-          kyoo_back:
+          host: &host postgres-pgbouncer.database.svc
+          kyoo_migrations: &psql
             userKey: POSTGRES_USER
             passwordKey: POSTGRES_PASSWORD
             existingSecret: *secret
+          kyoo_back: *psql
         kyoo_transcoder:
-          host: kyoo-chart-postgresql
-          port: 5432
+          host: *host
           database: kyoo_transcoder
-          # POSTGRES_SCHEMA disabled means application will not create the schema
-          # and will instead use the user's search path
-          schema: disabled
-          kyoo_transcoder:
-            userKey: POSTGRES_USER
-            passwordKey: POSTGRES_PASSWORD
-            existingSecret: *secret
+          sslmode: prefer
+          kyoo_transcoder: *psql
       rabbitmq:
-        enabled: true
-        host: kyoo-rabbitmq
-        port: 5672
-        #infra is only used by subchart deployment
         infra:
           passwordKey: RABBITMQ_PASS
           keyErlangCookie: RABBITMQ_COOKIE
           existingSecret: *secret
-        kyoo_autosync:
-          userKey: RABBITMQ_USER
-          passwordKey: RABBITMQ_PASS
-          existingSecret: *secret
-        kyoo_back:
-          userKey: RABBITMQ_USER
-          passwordKey: RABBITMQ_PASS
-          existingSecret: *secret
-        kyoo_matcher:
-          userKey: RABBITMQ_USER
-          passwordKey: RABBITMQ_PASS
-          existingSecret: *secret
-        kyoo_scanner:
+        kyoo_autosync: &rabbit
           userKey: RABBITMQ_USER
           passwordKey: RABBITMQ_PASS
           existingSecret: *secret
+        kyoo_back: *rabbit
+        kyoo_matcher: *rabbit
+        kyoo_scanner: *rabbit
 
     kyoo:
       address: https://kyoo-chart.${SECRET_DOMAIN}
-      requireAccountVerification: true
-      defaultPermissions: "overall.read,overall.play"
-      unloggedPermissions: ""
-      libraryIgnorePattern: ""
-      languages: "en"
-      # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia)
-      transcoderAcceleration: vaapi
-      # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels
-      # warning: using vaapi hwaccel disable presets (they are not supported).
-      transcoderPreset: fast
+      transcoderAcceleration: vaapi # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia)
       apikey:
         existingSecret: *secret
-        apikeyKey: kyoo_apikeys
-      oidc:
-        enabled: false
-        existingSecret: *secret
-        authMethod: ClientSecretBasic
+        apikeyKey: KYOO_API_KEY
+      oidc_providers:
+        - name: Authentik
+          existingSecret: *secret
+          clientIdKey: OIDC_AUTHENTIK_CLIENTID
+          clientSecretKey: OIDC_AUTHENTIK_SECRET
+          logo: https://sso.${SECRET_DOMAIN}/static/dist/assets/icons/icon.png
+          authorizationAddress: https://sso.${SECRET_DOMAIN}/application/o/authorize/
+          tokenAddress: https://sso.${SECRET_DOMAIN}/application/o/token/
+          profileAddress: https://sso.${SECRET_DOMAIN}/application/o/userinfo/
+          scope: "openid email profile"
+          authMethod: ClientSecretBasic
+
+    media:
+      volumes:
+        - name: media
+          nfs:
+            server: voyager.internal
+            path: ${SECRET_NFS_DATA:=temp}
+      volumeMounts:
+        - mountPath: &path /media
+          name: media
+          readOnly: true
+      baseMountPath: *path
 
     contentdatabase:
-      # TheMovieDB
       tmdb:
         apikeyKey: TMDB_API_KEY
         existingSecret: *secret
-      # TVDatabase
       tvdb:
         apikeyKey: TVDB_APIKEY
         pinKey: TVDB_PIN
         existingSecret: *secret
 
+    back:
+      persistence:
+        existingClaim: *app
+
     ingress:
       enabled: true
       ingressClassName: external
-      host: kyoo-chart.${SECRET_DOMAIN}
+      host: kyoo.${SECRET_DOMAIN}
       tls: true
+
+    meilisearch:
+      enabled: true
+    rabbitmq:
+      enabled: true

kubernetes/main/apps/media/kyoo/app/kustomization.yaml

@@ -5,6 +5,6 @@ kind: Kustomization
 resources:
   - ./externalsecret.yaml
   - ./helmrelease.yaml
-  - ./pvc.yaml
+  # - ./pvc.yaml
   - ../../../../../shared/templates/gatus/external
   - ../../../../../shared/templates/volsync

kubernetes/main/apps/media/kyoo/app/pvc.yaml

@@ -2,19 +2,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: media
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: ceph-filesystem
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: transcoder-storage
+  name: kyoo-transcoder
 spec:
   accessModes:
     - ReadWriteOnce

kubernetes/main/apps/media/kyoo/ks.yaml

@@ -1,31 +1,3 @@
-# ---
-# # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-# apiVersion: kustomize.toolkit.fluxcd.io/v1
-# kind: Kustomization
-# metadata:
-#   name: &app kyoo-chart
-#   namespace: flux-system
-# spec:
-#   targetNamespace: media
-#   commonMetadata:
-#     labels:
-#       app.kubernetes.io/name: *app
-#   dependsOn:
-#     - name: external-secrets-stores
-#     - name: volsync
-#   path: ./kubernetes/main/apps/media/kyoo/app
-#   prune: true
-#   sourceRef:
-#     kind: GitRepository
-#     name: home-kubernetes
-#   wait: false # no flux ks dependents
-#   interval: 30m
-#   timeout: 5m
-#   postBuild:
-#     substitute:
-#       APP: *app
-#       VOLSYNC_CLAIM: back-storage
-#       VOLSYNC_CAPACITY: 30Gi
 ---
 # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
@@ -41,7 +13,7 @@ spec:
   dependsOn:
     - name: external-secrets-stores
     - name: volsync
-  path: ./kubernetes/main/apps/media/kyoo/app-template
+  path: ./kubernetes/main/apps/media/kyoo/app
   prune: true
   sourceRef:
     kind: GitRepository
@@ -53,3 +25,30 @@ spec:
     substitute:
       APP: *app
       VOLSYNC_CAPACITY: 30Gi
+# ---
+# # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+# apiVersion: kustomize.toolkit.fluxcd.io/v1
+# kind: Kustomization
+# metadata:
+#   name: &app kyoo
+#   namespace: flux-system
+# spec:
+#   targetNamespace: media
+#   commonMetadata:
+#     labels:
+#       app.kubernetes.io/name: *app
+#   dependsOn:
+#     - name: external-secrets-stores
+#     - name: volsync
+#   path: ./kubernetes/main/apps/media/kyoo/app-template
+#   prune: true
+#   sourceRef:
+#     kind: GitRepository
+#     name: home-kubernetes
+#   wait: false # no flux ks dependents
+#   interval: 30m
+#   timeout: 5m
+#   postBuild:
+#     substitute:
+#       APP: *app
+#       VOLSYNC_CAPACITY: 30Gi

kubernetes/main/flux/repos/kustomization.yaml

@@ -12,3 +12,4 @@ resources:
   - ./itzg.yaml
   - ./rook-ceph.yaml
   - ./userinit-controller.yaml
+  - ./zoriya.yaml