feat: Add Plex

k8s-wheatley/plex/configmap.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: plex-envs
+data:
+  PLEX_UID: "1000"
+  PLEX_GID: "1000"
+  TZ: Europe/Amsterdam

k8s-wheatley/plex/deployments.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plex
+  labels:
+    app: plex
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: plex
+  template:
+    metadata:
+      labels:
+        app: plex
+    spec:
+      volumes:
+        - name: plex-config
+          persistentVolumeClaim:
+            claimName: plex-storage
+        - name: nfs-media
+          persistentVolumeClaim:
+            claimName: nfs-media
+      containers:
+        - name: plex
+          image: plexinc/pms-docker:1.43.0.10467-2b1ba6e69
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 32400
+          envFrom:
+            - configMapRef:
+                name: plex-envs
+          volumeMounts:
+            - mountPath: /config
+              name: plex-config
+            - mountPath: /data
+              name: nfs-media
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+              add:
+                - "CHOWN"
+                - "SETUID"
+                - "SETGID"

k8s-wheatley/plex/ingress.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: plex-route
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "plex.wheatley.in"
+  rules:
+    - backendRefs:
+        - name: plex
+          port: 80
+

k8s-wheatley/plex/kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: plex
+
+resources:
+  - configmap.yaml
+  - deployments.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - secrets.yaml
+  - services.yaml
+  - namespace.yaml

k8s-wheatley/plex/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: plex

k8s-wheatley/plex/pvc.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: plex-storage
+spec:
+  storageClassName: piraeus-lvmthin
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media
+spec:
+  accessModes:
+    - ReadOnlyMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-plex
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-plex
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadOnlyMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain

k8s-wheatley/plex/secrets.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: plex-env-secrets
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: plex-env-secrets
+  data:
+    - secretKey: PLEX_CLAIM
+      remoteRef:
+        key: secrets/managed/plex/env-secrets
+        property: PLEX_CLAIM

k8s-wheatley/plex/services.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+spec:
+  selector:
+    app: plex
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 32400