chore(argocd): Allow applicationsync to be turned off

k8s-peterg/argocd/applications-peterg.yaml

@@ -17,7 +17,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -37,7 +36,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -57,7 +55,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
     syncOptions:
       - ServerSideApply=true
 ---
@@ -79,4 +76,3 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true

k8s-peterg/argocd/applications-wheatley.yaml

@@ -17,7 +17,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -37,7 +36,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
     syncOptions:
       - ServerSideApply=true
 ---
@@ -59,7 +57,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -79,6 +76,5 @@ spec:
     automated:
       prune: true
       selfHeal: true
-      enabled: true
     syncOptions:
       - ServerSideApply=true

k8s-wheatley/busybox.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox
+  namespace: default
+spec:
+  containers:
+    - name: busybox
+      image: busybox
+      imagePullPolicy: IfNotPresent
+      command:
+        - sleep
+        - "3600"
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - "ALL"
+      volumeMounts:
+        - mountPath: /shared/media
+          name: media
+  volumes:
+    - name: media
+      persistentVolumeClaim:
+        claimName: media
+  securityContext:
+    runAsGroup: 1000
+    runAsUser: 1000
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: media-nfs
+  namespace: default
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: media
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: media-nfs

k8s-wheatley/sonarr/database.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: sonarr-db
+spec:
+  instances: 1
+  storage:
+    size: 1Gi

k8s-wheatley/sonarr/deployments.yaml

@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sonarr
+  labels:
+    app: sonarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sonarr
+  template:
+    metadata:
+      labels:
+        app: sonarr
+    spec:
+      volumes:
+        - name: sonarr-config
+          persistentVolumeClaim:
+            claimName: sonarr-storage
+        - name: nfs-media
+          persistentVolumeClaim:
+            claimName: nfs-media
+      containers:
+        - name: sonarr
+          image: linuxserver/sonarr:4.0.16
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8989
+          env:
+            - name: PUID
+              value: "1000"
+            - name: PGID
+              value: "1000"
+            - name: TZ
+              value: Europe/Amsterdam
+          volumeMounts:
+            - mountPath: /config
+              name: sonarr-config
+            - mountPath: /shared/media
+              name: nfs-media
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+          #     add:
+          #       - "CHOWN"
+          #       - "SETUID"
+          #       - "SETGID"

k8s-wheatley/sonarr/ingress.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: sonarr-route
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+  hostnames:
+    - "sonarr.k8s.wheatley.in"
+  rules:
+    - backendRefs:
+        - name: sonarr
+          port: 80
+

k8s-wheatley/sonarr/kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: sonarr
+
+resources:
+  # - database.yaml
+  - deployments.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - secrets.yaml
+  - services.yaml
+  - namespace.yaml

k8s-wheatley/sonarr/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sonarr

k8s-wheatley/sonarr/pvc.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sonarr-storage
+spec:
+  storageClassName: piraeus-lvmthin
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media
+  namespace: default
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain

k8s-wheatley/sonarr/services.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sonarr
+spec:
+  selector:
+    app: sonarr
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8989