diff --git a/k8s-peterg/argo-workflows/values.yaml b/k8s-peterg/argo-workflows/values.yaml index 2459293..26b8dcf 100644 --- a/k8s-peterg/argo-workflows/values.yaml +++ b/k8s-peterg/argo-workflows/values.yaml @@ -311,34 +311,3 @@ extraObjects: kind: ClusterRole name: argo-workflows-view apiGroup: rbac.authorization.k8s.io - - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: argo-workflows-server-sso - namespace: argo-workflows - rules: - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create - - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: argo-workflows-server-sso - namespace: argo-workflows - subjects: - - kind: ServiceAccount - name: argo-workflows-server - namespace: argo-workflows - roleRef: - kind: Role - name: argo-workflows-server-sso - apiGroup: rbac.authorization.k8s.io diff --git a/k8s-peterg/argocd/applications-wheatley.yaml b/k8s-peterg/argocd/applications-wheatley.yaml index f0d4229..eae54ce 100644 --- a/k8s-peterg/argocd/applications-wheatley.yaml +++ b/k8s-peterg/argocd/applications-wheatley.yaml @@ -216,22 +216,3 @@ spec: automated: prune: true selfHeal: true ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: romm - namespace: argocd -spec: - project: default - source: - repoURL: https://code.peterg.nl/wheatley/kubernetes.git - path: k8s-wheatley/romm - targetRevision: HEAD - destination: - server: https://10.13.37.10:6443 - namespace: romm - syncPolicy: - automated: - prune: true - selfHeal: true diff --git a/k8s-peterg/external-secrets-operator/kustomization.yaml b/k8s-peterg/external-secrets-operator/kustomization.yaml index bed871c..52fe547 100644 --- a/k8s-peterg/external-secrets-operator/kustomization.yaml +++ b/k8s-peterg/external-secrets-operator/kustomization.yaml @@ -12,4 +12,4 @@ helmCharts: repo: https://charts.external-secrets.io namespace: external-secrets releaseName: external-secrets - version: 2.5.0 + version: 2.4.1 diff --git a/k8s-wheatley/external-secrets-operator/kustomization.yaml b/k8s-wheatley/external-secrets-operator/kustomization.yaml index bed871c..52fe547 100644 --- a/k8s-wheatley/external-secrets-operator/kustomization.yaml +++ b/k8s-wheatley/external-secrets-operator/kustomization.yaml @@ -12,4 +12,4 @@ helmCharts: repo: https://charts.external-secrets.io namespace: external-secrets releaseName: external-secrets - version: 2.5.0 + version: 2.4.1 diff --git a/k8s-wheatley/lidarr/deployments.yaml b/k8s-wheatley/lidarr/deployments.yaml index f81dda7..de9c4c5 100644 --- a/k8s-wheatley/lidarr/deployments.yaml +++ b/k8s-wheatley/lidarr/deployments.yaml @@ -28,10 +28,8 @@ spec: volumeMounts: - mountPath: /config name: lidarr-config - - mountPath: /shared/media/music - name: nfs-media-music - - mountPath: /shared/media/downloads - name: nfs-media-downloads + - mountPath: /shared/media + name: nfs-media securityContext: seccompProfile: type: RuntimeDefault @@ -47,9 +45,6 @@ spec: - name: lidarr-config persistentVolumeClaim: claimName: lidarr-storage - - name: nfs-media-music + - name: nfs-media persistentVolumeClaim: - claimName: nfs-media-music - - name: nfs-media-downloads - persistentVolumeClaim: - claimName: nfs-media-downloads + claimName: nfs-media diff --git a/k8s-wheatley/lidarr/kustomization.yaml b/k8s-wheatley/lidarr/kustomization.yaml index adcf14d..018f13b 100644 --- a/k8s-wheatley/lidarr/kustomization.yaml +++ b/k8s-wheatley/lidarr/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization namespace: lidarr resources: + - ../../kustomize-bases/nfs-media - configmap.yaml - deployments.yaml - ingress.yaml @@ -11,40 +12,22 @@ resources: - services.yaml - namespace.yaml -components: - - ../../kustomize-bases/nfs-media/components/music - - ../../kustomize-bases/nfs-media/components/downloads - patches: - target: kind: PersistentVolume - name: nfs-media-music + name: nfs-media patch: | - op: replace path: /metadata/name - value: nfs-media-lidarr-music + value: nfs-media-lidarr - target: kind: PersistentVolumeClaim - name: nfs-media-music + name: nfs-media patch: | - op: replace path: /spec/volumeName - value: nfs-media-lidarr-music - - target: - kind: PersistentVolume - name: nfs-media-downloads - patch: | - - op: replace - path: /metadata/name - value: nfs-media-lidarr-downloads - - target: - kind: PersistentVolumeClaim - name: nfs-media-downloads - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-lidarr-downloads + value: nfs-media-lidarr images: - name: linuxserver/lidarr - newTag: 3.1.2-nightly + newTag: 3.1.0@sha256:d2f944115de2ca6754ad142ee92f9db481b1574c7bc030974d624584106b78d7 diff --git a/k8s-wheatley/lidarr/pvc.yaml b/k8s-wheatley/lidarr/pvc.yaml index 0953aac..e06965e 100644 --- a/k8s-wheatley/lidarr/pvc.yaml +++ b/k8s-wheatley/lidarr/pvc.yaml @@ -9,4 +9,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 10Gi + storage: 5Gi diff --git a/k8s-wheatley/plex/deployments.yaml b/k8s-wheatley/plex/deployments.yaml index 11e0717..3e48bda 100644 --- a/k8s-wheatley/plex/deployments.yaml +++ b/k8s-wheatley/plex/deployments.yaml @@ -28,12 +28,8 @@ spec: volumeMounts: - mountPath: /config name: plex-config - - mountPath: /data/movies - name: nfs-media-movies - - mountPath: /data/series - name: nfs-media-series - - mountPath: /data/anime - name: nfs-media-anime + - mountPath: /data + name: nfs-media securityContext: seccompProfile: type: RuntimeDefault @@ -49,12 +45,6 @@ spec: - name: plex-config persistentVolumeClaim: claimName: plex-storage - - name: nfs-media-movies + - name: nfs-media persistentVolumeClaim: - claimName: nfs-media-movies - - name: nfs-media-series - persistentVolumeClaim: - claimName: nfs-media-series - - name: nfs-media-anime - persistentVolumeClaim: - claimName: nfs-media-anime + claimName: nfs-media diff --git a/k8s-wheatley/plex/kustomization.yaml b/k8s-wheatley/plex/kustomization.yaml index ccb0bdc..3bd4023 100644 --- a/k8s-wheatley/plex/kustomization.yaml +++ b/k8s-wheatley/plex/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization namespace: plex resources: + - ../../kustomize-bases/nfs-media - configmap.yaml - deployments.yaml - ingress.yaml @@ -12,69 +13,24 @@ resources: - services.yaml - namespace.yaml -components: - - ../../kustomize-bases/nfs-media/components/movies - - ../../kustomize-bases/nfs-media/components/series - - ../../kustomize-bases/nfs-media/components/anime - patches: - target: kind: PersistentVolume - name: nfs-media-movies + name: nfs-media patch: | - op: replace path: /metadata/name - value: nfs-media-plex-movies + value: nfs-media-plex - op: replace path: /spec/accessModes/0 value: ReadOnlyMany - target: kind: PersistentVolumeClaim - name: nfs-media-movies + name: nfs-media patch: | - op: replace path: /spec/volumeName - value: nfs-media-plex-movies - - op: replace - path: /spec/accessModes/0 - value: ReadOnlyMany - - target: - kind: PersistentVolume - name: nfs-media-series - patch: | - - op: replace - path: /metadata/name - value: nfs-media-plex-series - - op: replace - path: /spec/accessModes/0 - value: ReadOnlyMany - - target: - kind: PersistentVolumeClaim - name: nfs-media-series - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-plex-series - - op: replace - path: /spec/accessModes/0 - value: ReadOnlyMany - - target: - kind: PersistentVolume - name: nfs-media-anime - patch: | - - op: replace - path: /metadata/name - value: nfs-media-plex-anime - - op: replace - path: /spec/accessModes/0 - value: ReadOnlyMany - - target: - kind: PersistentVolumeClaim - name: nfs-media-anime - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-plex-anime + value: nfs-media-plex - op: replace path: /spec/accessModes/0 value: ReadOnlyMany diff --git a/k8s-wheatley/qbittorrent/configmap.yaml b/k8s-wheatley/qbittorrent/configmap.yaml index beb69f9..61c614d 100644 --- a/k8s-wheatley/qbittorrent/configmap.yaml +++ b/k8s-wheatley/qbittorrent/configmap.yaml @@ -12,7 +12,7 @@ data: VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh" VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh" FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 - FIREWALL_INPUT_PORTS: "8112,5030" + FIREWALL_INPUT_PORTS: "8112" --- apiVersion: v1 kind: ConfigMap @@ -43,22 +43,6 @@ data: --- apiVersion: v1 kind: ConfigMap -metadata: - name: slskd-envs -data: - TZ: Europe/Amsterdam - PUID: "1000" - PGID: "1000" - SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads - SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete - SLSKD_SHARED_DIR: "[Music]/shared/media/downloads/_slsk-downloads" - SLSKD_REMOTE_CONFIGURATION: "true" - SLSKD_VPN: "true" - SLSKD_VPN_PORT_FORWARDING: "true" - SLSKD_VPN_GLUETUN_URL: http://localhost:8000 ---- -apiVersion: v1 -kind: ConfigMap metadata: name: unpackerr-envs data: diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml index 4eb27c3..5dba05a 100644 --- a/k8s-wheatley/qbittorrent/deployments.yaml +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -21,21 +21,16 @@ spec: - name: gluetun image: ghcr.io/qdm12/gluetun ports: - - name: qbit-http + - name: http containerPort: 8112 protocol: TCP - - name: slskd-http - containerPort: 5030 - protocol: TCP envFrom: - configMapRef: name: gluetun-envs - - secretRef: - name: gluetun-env-secrets volumeMounts: - mountPath: /dev/net/tun name: dev-tun - - mountPath: /gluetun/wireguard + - mountPath: "/gluetun/wireguard" name: gluetun-wgconfig readOnly: true - name: gluetun-scripts @@ -94,7 +89,7 @@ spec: - mountPath: /config name: qbittorrent-config - mountPath: /shared/media/downloads - name: nfs-media-downloads + name: nfs-media securityContext: seccompProfile: type: RuntimeDefault @@ -114,7 +109,7 @@ spec: name: unpackerr-env-secrets volumeMounts: - mountPath: /shared/media/downloads - name: nfs-media-downloads + name: nfs-media securityContext: seccompProfile: type: RuntimeDefault @@ -124,30 +119,6 @@ spec: capabilities: drop: - "ALL" - - name: slskd - image: docker.io/slskd/slskd - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: slskd-envs - - secretRef: - name: slskd-env-secrets - volumeMounts: - - mountPath: /config - name: slskd-config - - mountPath: /shared/media/downloads - name: nfs-media-downloads - securityContext: - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - add: - - "CHOWN" - - "SETUID" - - "SETGID" volumes: - name: dev-tun hostPath: @@ -156,9 +127,6 @@ spec: - name: qbittorrent-config persistentVolumeClaim: claimName: qbittorrent-storage - - name: slskd-config - persistentVolumeClaim: - claimName: slskd-storage - name: gluetun-wgconfig secret: secretName: gluetun-wgconfig @@ -168,6 +136,6 @@ spec: defaultMode: 0755 - name: gluetun-tmp emptyDir: {} - - name: nfs-media-downloads + - name: nfs-media persistentVolumeClaim: - claimName: nfs-media-downloads + claimName: nfs-media diff --git a/k8s-wheatley/qbittorrent/ingress.yaml b/k8s-wheatley/qbittorrent/ingress.yaml index e599673..4b77fad 100644 --- a/k8s-wheatley/qbittorrent/ingress.yaml +++ b/k8s-wheatley/qbittorrent/ingress.yaml @@ -14,46 +14,3 @@ spec: - backendRefs: - name: qbittorrent port: 80 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: slskd-route -spec: - parentRefs: - - name: internal - namespace: kube-system - sectionName: https - hostnames: - - "slskd.wheatley.in" - rules: - - backendRefs: - - name: slskd - port: 80 - ---- -apiVersion: v1 -kind: Service -metadata: - name: qbittorrent -spec: - selector: - app: qbittorrent - ports: - - port: 80 - protocol: TCP - targetPort: 8112 - ---- -apiVersion: v1 -kind: Service -metadata: - name: slskd -spec: - selector: - app: qbittorrent - ports: - - port: 80 - protocol: TCP - targetPort: 5030 diff --git a/k8s-wheatley/qbittorrent/kustomization.yaml b/k8s-wheatley/qbittorrent/kustomization.yaml index 772ec7b..68bd0ef 100644 --- a/k8s-wheatley/qbittorrent/kustomization.yaml +++ b/k8s-wheatley/qbittorrent/kustomization.yaml @@ -4,36 +4,36 @@ kind: Kustomization namespace: qbittorrent resources: + - ../../kustomize-bases/nfs-media - configmap.yaml - deployments.yaml - ingress.yaml - pvc.yaml - secrets.yaml + - services.yaml - namespace.yaml -components: - - ../../kustomize-bases/nfs-media/components/downloads - patches: - target: kind: PersistentVolume - name: nfs-media-downloads + name: nfs-media patch: | - op: replace path: /metadata/name - value: nfs-media-qbittorrent-downloads + value: nfs-media-qbittorrent + - op: replace + path: /spec/nfs/path + value: /tank/media/downloads - target: kind: PersistentVolumeClaim - name: nfs-media-downloads + name: nfs-media patch: | - op: replace path: /spec/volumeName - value: nfs-media-qbittorrent-downloads + value: nfs-media-qbittorrent images: - name: ghcr.io/qdm12/gluetun newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - name: docker.io/qbittorrentofficial/qbittorrent-nox newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af - - name: docker.io/slskd/slskd - newTag: 0.25.1 diff --git a/k8s-wheatley/qbittorrent/pvc.yaml b/k8s-wheatley/qbittorrent/pvc.yaml index 4500768..c352b02 100644 --- a/k8s-wheatley/qbittorrent/pvc.yaml +++ b/k8s-wheatley/qbittorrent/pvc.yaml @@ -10,15 +10,3 @@ spec: resources: requests: storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: slskd-storage -spec: - storageClassName: piraeus-lvmthin - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/k8s-wheatley/qbittorrent/secrets.yaml b/k8s-wheatley/qbittorrent/secrets.yaml index 64e133e..5e7e3bc 100644 --- a/k8s-wheatley/qbittorrent/secrets.yaml +++ b/k8s-wheatley/qbittorrent/secrets.yaml @@ -17,57 +17,6 @@ spec: remoteRef: key: secrets/managed/qbittorrent/protonvpn-wgconfig property: config - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: slskd-env-secrets -spec: - secretStoreRef: - name: vault-wheatley - kind: ClusterSecretStore - target: - name: slskd-env-secrets - data: - - secretKey: SLSKD_VPN_GLUETUN_API_KEY - remoteRef: - key: secrets/managed/qbittorrent/slskd-env-secrets - property: GLUETUN_API_KEY - - secretKey: SLSKD_SLSK_USERNAME - remoteRef: - key: secrets/managed/qbittorrent/slskd-env-secrets - property: SLSK_USERNAME - - secretKey: SLSKD_SLSK_PASSWORD - remoteRef: - key: secrets/managed/qbittorrent/slskd-env-secrets - property: SLSK_PASSWORD - - secretKey: SLSKD_PASSWORD - remoteRef: - key: secrets/managed/qbittorrent/slskd-env-secrets - property: SLSKD_PASSWORD - - secretKey: SLSKD_API_KEY - remoteRef: - key: secrets/managed/qbittorrent/slskd-env-secrets - property: API_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gluetun-env-secrets -spec: - secretStoreRef: - name: vault-wheatley - kind: ClusterSecretStore - target: - name: gluetun-env-secrets - data: - - secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE - remoteRef: - key: secrets/managed/qbittorrent/gluetun-env-secrets - property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE - --- apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/k8s-wheatley/romm/services.yaml b/k8s-wheatley/qbittorrent/services.yaml similarity index 62% rename from k8s-wheatley/romm/services.yaml rename to k8s-wheatley/qbittorrent/services.yaml index 1d89402..323409e 100644 --- a/k8s-wheatley/romm/services.yaml +++ b/k8s-wheatley/qbittorrent/services.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Service metadata: - name: romm + name: qbittorrent spec: selector: - app: romm + app: qbittorrent ports: - port: 80 protocol: TCP - targetPort: 8080 + targetPort: 8112 diff --git a/k8s-wheatley/radarr/deployments.yaml b/k8s-wheatley/radarr/deployments.yaml index 41587c3..a4042c0 100644 --- a/k8s-wheatley/radarr/deployments.yaml +++ b/k8s-wheatley/radarr/deployments.yaml @@ -28,10 +28,8 @@ spec: volumeMounts: - mountPath: /config name: radarr-config - - mountPath: /shared/media/movies - name: nfs-media-movies - - mountPath: /shared/media/downloads - name: nfs-media-downloads + - mountPath: /shared/media + name: nfs-media securityContext: seccompProfile: type: RuntimeDefault @@ -47,9 +45,6 @@ spec: - name: radarr-config persistentVolumeClaim: claimName: radarr-storage - - name: nfs-media-movies + - name: nfs-media persistentVolumeClaim: - claimName: nfs-media-movies - - name: nfs-media-downloads - persistentVolumeClaim: - claimName: nfs-media-downloads + claimName: nfs-media diff --git a/k8s-wheatley/radarr/kustomization.yaml b/k8s-wheatley/radarr/kustomization.yaml index 7296e89..445d2f3 100644 --- a/k8s-wheatley/radarr/kustomization.yaml +++ b/k8s-wheatley/radarr/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization namespace: radarr resources: + - ../../kustomize-bases/nfs-media - configmap.yaml - deployments.yaml - ingress.yaml @@ -12,39 +13,21 @@ resources: - services.yaml - namespace.yaml -components: - - ../../kustomize-bases/nfs-media/components/movies - - ../../kustomize-bases/nfs-media/components/downloads - patches: - target: kind: PersistentVolume - name: nfs-media-movies + name: nfs-media patch: | - op: replace path: /metadata/name - value: nfs-media-radarr-movies + value: nfs-media-radarr - target: kind: PersistentVolumeClaim - name: nfs-media-movies + name: nfs-media patch: | - op: replace path: /spec/volumeName - value: nfs-media-radarr-movies - - target: - kind: PersistentVolume - name: nfs-media-downloads - patch: | - - op: replace - path: /metadata/name - value: nfs-media-radarr-downloads - - target: - kind: PersistentVolumeClaim - name: nfs-media-downloads - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-radarr-downloads + value: nfs-media-radarr images: - name: linuxserver/radarr diff --git a/k8s-wheatley/romm/configmap.yaml b/k8s-wheatley/romm/configmap.yaml deleted file mode 100644 index e90220b..0000000 --- a/k8s-wheatley/romm/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: romm-db-envs -data: - MARIADB_DATABASE: romm - MARIADB_USER: romm - TZ: Europe/Amsterdam ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: romm-envs -data: - DB_HOST: 127.0.0.1 - DB_NAME: romm - DB_USER: romm - ROMM_PORT: "8080" - HASHEOUS_API_ENABLED: "true" - TZ: Europe/Amsterdam diff --git a/k8s-wheatley/romm/deployments.yaml b/k8s-wheatley/romm/deployments.yaml deleted file mode 100644 index 79b7fd1..0000000 --- a/k8s-wheatley/romm/deployments.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: romm - labels: - app: romm -spec: - replicas: 1 - serviceName: romm - selector: - matchLabels: - app: romm - template: - metadata: - labels: - app: romm - spec: - initContainers: - - name: romm-db - image: mariadb - envFrom: - - configMapRef: - name: romm-db-envs - - secretRef: - name: romm-db-env-secrets - volumeMounts: - - mountPath: /var/lib/mysql - name: romm-db-data - restartPolicy: Always - readinessProbe: - exec: - command: - - sh - - -c - - "healthcheck.sh --connect --innodb_initialized" - initialDelaySeconds: 5 - periodSeconds: 3 - timeoutSeconds: 2 - failureThreshold: 3 - livenessProbe: - exec: - command: - - sh - - -c - - "healthcheck.sh --connect --innodb_initialized" - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 2 - failureThreshold: 3 - containers: - - name: romm - image: rommapp/romm - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - envFrom: - - configMapRef: - name: romm-envs - - secretRef: - name: romm-env-secrets - volumeMounts: - - mountPath: /romm - name: romm-data - - mountPath: /romm/library - name: nfs-media-roms - readOnly: true - - mountPath: /romm/downloads - name: nfs-media-downloads - readOnly: true - volumes: - - name: romm-db-data - persistentVolumeClaim: - claimName: romm-db-storage - - name: romm-data - persistentVolumeClaim: - claimName: romm-storage - - name: nfs-media-roms - persistentVolumeClaim: - claimName: nfs-media-roms - - name: nfs-media-downloads - persistentVolumeClaim: - claimName: nfs-media-downloads diff --git a/k8s-wheatley/romm/ingress.yaml b/k8s-wheatley/romm/ingress.yaml deleted file mode 100644 index 8a7eae1..0000000 --- a/k8s-wheatley/romm/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: romm-route -spec: - parentRefs: - - name: internal - namespace: kube-system - sectionName: https - hostnames: - - "roms.wheatley.in" - rules: - - backendRefs: - - name: romm - port: 80 diff --git a/k8s-wheatley/romm/kustomization.yaml b/k8s-wheatley/romm/kustomization.yaml deleted file mode 100644 index 3c4bb11..0000000 --- a/k8s-wheatley/romm/kustomization.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: romm - -resources: - - configmap.yaml - - deployments.yaml - - ingress.yaml - - pvc.yaml - - secrets.yaml - - services.yaml - - namespace.yaml - -components: - - ../../kustomize-bases/nfs-media/components/roms - - ../../kustomize-bases/nfs-media/components/downloads - -patches: - - target: - kind: PersistentVolume - name: nfs-media-roms - patch: | - - op: replace - path: /metadata/name - value: nfs-media-romm-roms - - target: - kind: PersistentVolume - name: nfs-media-downloads - patch: | - - op: replace - path: /metadata/name - value: nfs-media-romm-downloads - - target: - kind: PersistentVolumeClaim - name: nfs-media-roms - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-romm-roms - - target: - kind: PersistentVolumeClaim - name: nfs-media-downloads - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-romm-downloads - -images: - - name: mariadb - newTag: lts - - name: rommapp/romm - newTag: 4.8.1 diff --git a/k8s-wheatley/romm/namespace.yaml b/k8s-wheatley/romm/namespace.yaml deleted file mode 100644 index 131f95c..0000000 --- a/k8s-wheatley/romm/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: romm diff --git a/k8s-wheatley/romm/pvc.yaml b/k8s-wheatley/romm/pvc.yaml deleted file mode 100644 index 3d64e4c..0000000 --- a/k8s-wheatley/romm/pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: romm-db-storage -spec: - storageClassName: piraeus-lvmthin - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: romm-storage -spec: - storageClassName: piraeus-lvmthin - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi diff --git a/k8s-wheatley/romm/secrets.yaml b/k8s-wheatley/romm/secrets.yaml deleted file mode 100644 index e1a9d82..0000000 --- a/k8s-wheatley/romm/secrets.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: romm-db-env-secrets -spec: - secretStoreRef: - name: vault-wheatley - kind: ClusterSecretStore - target: - name: romm-db-env-secrets - data: - - secretKey: MARIADB_ROOT_PASSWORD - remoteRef: - key: secrets/managed/romm/romm-db - property: ROOT_PASSWORD - - secretKey: MARIADB_PASSWORD - remoteRef: - key: secrets/managed/romm/romm-db - property: PASSWORD ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: romm-env-secrets -spec: - secretStoreRef: - name: vault-wheatley - kind: ClusterSecretStore - target: - name: romm-env-secrets - data: - - secretKey: DB_PASSWD - remoteRef: - key: secrets/managed/romm/romm-db - property: PASSWORD - - secretKey: ROMM_AUTH_SECRET_KEY - remoteRef: - key: secrets/managed/romm/romm - property: SECRET_KEY - - secretKey: IGDB_CLIENT_ID - remoteRef: - key: secrets/managed/romm/romm - property: IGDB_CLIENT_ID - - secretKey: IGDB_CLIENT_SECRET - remoteRef: - key: secrets/managed/romm/romm - property: IGDB_CLIENT_SECRET - - secretKey: STEAMGRIDDB_API_KEY - remoteRef: - key: secrets/managed/romm/romm - property: STEAMGRIDDB_API_KEY diff --git a/k8s-wheatley/sonarr/deployments.yaml b/k8s-wheatley/sonarr/deployments.yaml index 79a8b50..45e7ea9 100644 --- a/k8s-wheatley/sonarr/deployments.yaml +++ b/k8s-wheatley/sonarr/deployments.yaml @@ -28,12 +28,8 @@ spec: volumeMounts: - mountPath: /config name: sonarr-config - - mountPath: /shared/media/series - name: nfs-media-series - - mountPath: /shared/media/anime - name: nfs-media-anime - - mountPath: /shared/media/downloads - name: nfs-media-downloads + - mountPath: /shared/media + name: nfs-media securityContext: seccompProfile: type: RuntimeDefault @@ -49,12 +45,6 @@ spec: - name: sonarr-config persistentVolumeClaim: claimName: sonarr-storage - - name: nfs-media-series + - name: nfs-media persistentVolumeClaim: - claimName: nfs-media-series - - name: nfs-media-anime - persistentVolumeClaim: - claimName: nfs-media-anime - - name: nfs-media-downloads - persistentVolumeClaim: - claimName: nfs-media-downloads + claimName: nfs-media diff --git a/k8s-wheatley/sonarr/kustomization.yaml b/k8s-wheatley/sonarr/kustomization.yaml index 4c9f0c9..51ba92b 100644 --- a/k8s-wheatley/sonarr/kustomization.yaml +++ b/k8s-wheatley/sonarr/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization namespace: sonarr resources: + - ../../kustomize-bases/nfs-media - configmap.yaml - deployments.yaml - ingress.yaml @@ -12,54 +13,21 @@ resources: - services.yaml - namespace.yaml -components: - - ../../kustomize-bases/nfs-media/components/series - - ../../kustomize-bases/nfs-media/components/anime - - ../../kustomize-bases/nfs-media/components/downloads - patches: - target: kind: PersistentVolume - name: nfs-media-series + name: nfs-media patch: | - op: replace path: /metadata/name - value: nfs-media-sonarr-series + value: nfs-media-sonarr - target: kind: PersistentVolumeClaim - name: nfs-media-series + name: nfs-media patch: | - op: replace path: /spec/volumeName - value: nfs-media-sonarr-series - - target: - kind: PersistentVolume - name: nfs-media-anime - patch: | - - op: replace - path: /metadata/name - value: nfs-media-sonarr-anime - - target: - kind: PersistentVolumeClaim - name: nfs-media-anime - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-sonarr-anime - - target: - kind: PersistentVolume - name: nfs-media-downloads - patch: | - - op: replace - path: /metadata/name - value: nfs-media-sonarr-downloads - - target: - kind: PersistentVolumeClaim - name: nfs-media-downloads - patch: | - - op: replace - path: /spec/volumeName - value: nfs-media-sonarr-downloads + value: nfs-media-sonarr images: - name: linuxserver/sonarr diff --git a/k8s-wheatley/sonarr/pvc.yaml b/k8s-wheatley/sonarr/pvc.yaml index 2cc9dcb..14d30b8 100644 --- a/k8s-wheatley/sonarr/pvc.yaml +++ b/k8s-wheatley/sonarr/pvc.yaml @@ -9,4 +9,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 10Gi + storage: 5Gi diff --git a/kustomize-bases/cilium/kustomization.yaml b/kustomize-bases/cilium/kustomization.yaml index db4bf50..4cccdf0 100644 --- a/kustomize-bases/cilium/kustomization.yaml +++ b/kustomize-bases/cilium/kustomization.yaml @@ -13,5 +13,5 @@ helmCharts: repo: https://helm.cilium.io namespace: kube-system releaseName: cilium - version: 1.18.10 + version: 1.18.6 valuesFile: values.yaml diff --git a/kustomize-bases/nfs-media/components/anime/kustomization.yaml b/kustomize-bases/nfs-media/components/anime/kustomization.yaml deleted file mode 100644 index 9014f38..0000000 --- a/kustomize-bases/nfs-media/components/anime/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -resources: - - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/anime/pvc.yaml b/kustomize-bases/nfs-media/components/anime/pvc.yaml deleted file mode 100644 index 9471154..0000000 --- a/kustomize-bases/nfs-media/components/anime/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-anime -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/anime - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media-anime -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-anime diff --git a/kustomize-bases/nfs-media/components/downloads/kustomization.yaml b/kustomize-bases/nfs-media/components/downloads/kustomization.yaml deleted file mode 100644 index 9014f38..0000000 --- a/kustomize-bases/nfs-media/components/downloads/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -resources: - - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/downloads/pvc.yaml b/kustomize-bases/nfs-media/components/downloads/pvc.yaml deleted file mode 100644 index 16b0b65..0000000 --- a/kustomize-bases/nfs-media/components/downloads/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-downloads -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/downloads - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media-downloads -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-downloads diff --git a/kustomize-bases/nfs-media/components/movies/kustomization.yaml b/kustomize-bases/nfs-media/components/movies/kustomization.yaml deleted file mode 100644 index 9014f38..0000000 --- a/kustomize-bases/nfs-media/components/movies/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -resources: - - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/movies/pvc.yaml b/kustomize-bases/nfs-media/components/movies/pvc.yaml deleted file mode 100644 index 28af8e4..0000000 --- a/kustomize-bases/nfs-media/components/movies/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-movies -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/movies - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media-movies -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-movies diff --git a/kustomize-bases/nfs-media/components/music/kustomization.yaml b/kustomize-bases/nfs-media/components/music/kustomization.yaml deleted file mode 100644 index 9014f38..0000000 --- a/kustomize-bases/nfs-media/components/music/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -resources: - - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/music/pvc.yaml b/kustomize-bases/nfs-media/components/music/pvc.yaml deleted file mode 100644 index 117fb3e..0000000 --- a/kustomize-bases/nfs-media/components/music/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-music -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/music - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media-music -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-music diff --git a/kustomize-bases/nfs-media/components/roms/kustomization.yaml b/kustomize-bases/nfs-media/components/roms/kustomization.yaml deleted file mode 100644 index 9014f38..0000000 --- a/kustomize-bases/nfs-media/components/roms/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -resources: - - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/roms/pvc.yaml b/kustomize-bases/nfs-media/components/roms/pvc.yaml deleted file mode 100644 index 6f2e6e6..0000000 --- a/kustomize-bases/nfs-media/components/roms/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-roms -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/roms - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media-roms -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-roms diff --git a/kustomize-bases/nfs-media/components/series/kustomization.yaml b/kustomize-bases/nfs-media/components/series/kustomization.yaml deleted file mode 100644 index 9014f38..0000000 --- a/kustomize-bases/nfs-media/components/series/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -resources: - - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/series/pvc.yaml b/kustomize-bases/nfs-media/components/series/pvc.yaml deleted file mode 100644 index 0aec6a8..0000000 --- a/kustomize-bases/nfs-media/components/series/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-series -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/series - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media-series -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-series diff --git a/kustomize-bases/nfs-media/kustomization.yaml b/kustomize-bases/nfs-media/kustomization.yaml new file mode 100644 index 0000000..482f897 --- /dev/null +++ b/kustomize-bases/nfs-media/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/pvc.yaml b/kustomize-bases/nfs-media/pvc.yaml new file mode 100644 index 0000000..94091c9 --- /dev/null +++ b/kustomize-bases/nfs-media/pvc.yaml @@ -0,0 +1,40 @@ +# Shared NFS media storage template — used by plex, sonarr, radarr, and qbittorrent. +# All apps on k8s-wheatley mount the same NFS server: 10.0.69.10 +# +# Each app overlays this base with JSON patches in its kustomization.yaml: +# - Always: rename PV (metadata.name) and update PVC volumeName to match +# - plex only: patch accessModes to ReadOnlyMany on both PV and PVC +# - qbittorrent only: patch nfs.path to /tank/media/downloads +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media # renamed per-app via JSON patch +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media # patched per-app to match PV name