wheatley/kubernetes
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: wheatley:9c6c74e86b43056b777f60b6c55a5e13060a9d80
Branches Tags
wheatley:main
wheatley:pgi-add-workflow
wheatley:renovate/cilium-1.x
..
compare: wheatley:01d906da39645f75dd20e2a415cbe125932ff436
Branches Tags
wheatley:pgi-add-workflow
wheatley:main
wheatley:renovate/cilium-1.x

17 commits
9c6c74e86b ... 01d906da39

Author SHA1 Message Date
Renovate
01d906da39 chore(deps): update helm release renovate-operator to v4.8.0 2026-05-14 19:04:18 +00:00
pgijsbertsen
50a206c943
chore: Bump Cilium to 1.18.10 2026-05-14 16:38:55 +02:00
pgijsbertsen
bae217dc34
refactor(nfs-media): Refactor into subdirectory PVCs 2026-05-14 15:53:43 +02:00
pgijsbertsen
3ac9c8071c
feat: share downloads dir 2026-05-10 12:59:42 +02:00
pgijsbertsen
5b910059ea
feat: Set correct download dir 2026-05-09 22:05:37 +02:00
pgijsbertsen
a14da8e3b1
feat: Authenticate to soulseek 2026-05-09 21:32:38 +02:00
pgijsbertsen
b1d4b32fdb
feat: include secrets 2026-05-09 21:12:40 +02:00
pgijsbertsen
7682efd256
feat: Enable inputport 2026-05-09 21:09:18 +02:00
pgijsbertsen
cadd4fe9a5
feat: Enable webui 2026-05-09 21:05:33 +02:00
pgijsbertsen
b3565458c9
fix: Use unique name 2026-05-09 21:01:18 +02:00
pgijsbertsen
ea84f908d2
feat: Enable Gluetun API 2026-05-09 21:00:11 +02:00
pgijsbertsen
1271ce3e91
fix: Use unique httproute name 2026-05-09 20:27:44 +02:00
pgijsbertsen
d37318dbd5
feat: Add ingress 2026-05-09 20:26:40 +02:00
pgijsbertsen
e3e9e3b6e7
fix: Set correct app port 2026-05-09 20:21:01 +02:00
pgijsbertsen
85af131c88
fix: Set less strict securityContext for slskd 2026-05-09 20:16:36 +02:00
pgijsbertsen
96f08c8dfd
fix: Shorten portname 2026-05-09 20:14:02 +02:00
pgijsbertsen
a3d532de93
feat: Add slskd 2026-05-09 20:10:51 +02:00
31 changed files with 568 additions and 112 deletions
Download patch file Download diff file Expand all files Collapse all files

2
k8s-peterg/renovate-operator/kustomization.yaml
View file

@ -15,5 +15,5 @@ helmCharts:
repo: https://helm.mogenius.com/public repo: https://helm.mogenius.com/public
namespace: renovate-operator namespace: renovate-operator
releaseName: renovate-operator releaseName: renovate-operator
version: "4.7.1" version: "4.8.0"
valuesFile: values.yaml valuesFile: values.yaml

13
k8s-wheatley/lidarr/deployments.yaml
View file

@ -28,8 +28,10 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: lidarr-config name: lidarr-config
- mountPath: /shared/media - mountPath: /shared/media/music
name: nfs-media name: nfs-media-music
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +47,9 @@ spec:
- name: lidarr-config - name: lidarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: lidarr-storage claimName: lidarr-storage
- name: nfs-media - name: nfs-media-music
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-music
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

27
k8s-wheatley/lidarr/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: lidarr namespace: lidarr
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -12,21 +11,39 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/music
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-music
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-lidarr value: nfs-media-lidarr-music
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-music
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-lidarr value: nfs-media-lidarr-music
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-lidarr-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-lidarr-downloads
images: images:
- name: linuxserver/lidarr - name: linuxserver/lidarr

18
k8s-wheatley/plex/deployments.yaml
View file

@ -28,8 +28,12 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: plex-config name: plex-config
- mountPath: /data - mountPath: /data/movies
name: nfs-media name: nfs-media-movies
- mountPath: /data/series
name: nfs-media-series
- mountPath: /data/anime
name: nfs-media-anime
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +49,12 @@ spec:
- name: plex-config - name: plex-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: plex-storage claimName: plex-storage
- name: nfs-media - name: nfs-media-movies
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-movies
- name: nfs-media-series
persistentVolumeClaim:
claimName: nfs-media-series
- name: nfs-media-anime
persistentVolumeClaim:
claimName: nfs-media-anime

54
k8s-wheatley/plex/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: plex namespace: plex
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -13,24 +12,69 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/movies
- ../../kustomize-bases/nfs-media/components/series
- ../../kustomize-bases/nfs-media/components/anime
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-plex value: nfs-media-plex-movies
- op: replace - op: replace
path: /spec/accessModes/0 path: /spec/accessModes/0
value: ReadOnlyMany value: ReadOnlyMany
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-plex value: nfs-media-plex-movies
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolume
name: nfs-media-series
patch: |
- op: replace
path: /metadata/name
value: nfs-media-plex-series
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolumeClaim
name: nfs-media-series
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-plex-series
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolume
name: nfs-media-anime
patch: |
- op: replace
path: /metadata/name
value: nfs-media-plex-anime
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolumeClaim
name: nfs-media-anime
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-plex-anime
- op: replace - op: replace
path: /spec/accessModes/0 path: /spec/accessModes/0
value: ReadOnlyMany value: ReadOnlyMany

18
k8s-wheatley/qbittorrent/configmap.yaml
View file

@ -12,7 +12,7 @@ data:
VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh" VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh"
VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh" VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh"
FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
FIREWALL_INPUT_PORTS: "8112" FIREWALL_INPUT_PORTS: "8112,5030"
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@ -43,6 +43,22 @@ data:
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata:
name: slskd-envs
data:
TZ: Europe/Amsterdam
PUID: "1000"
PGID: "1000"
SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads
SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete
SLSKD_SHARED_DIR: "[Music]/shared/media/downloads/_slsk-downloads"
SLSKD_REMOTE_CONFIGURATION: "true"
SLSKD_VPN: "true"
SLSKD_VPN_PORT_FORWARDING: "true"
SLSKD_VPN_GLUETUN_URL: http://localhost:8000
---
apiVersion: v1
kind: ConfigMap
metadata: metadata:
name: unpackerr-envs name: unpackerr-envs
data: data:

44
k8s-wheatley/qbittorrent/deployments.yaml
View file

@ -21,16 +21,21 @@ spec:
- name: gluetun - name: gluetun
image: ghcr.io/qdm12/gluetun image: ghcr.io/qdm12/gluetun
ports: ports:
- name: http - name: qbit-http
containerPort: 8112 containerPort: 8112
protocol: TCP protocol: TCP
- name: slskd-http
containerPort: 5030
protocol: TCP
envFrom: envFrom:
- configMapRef: - configMapRef:
name: gluetun-envs name: gluetun-envs
- secretRef:
name: gluetun-env-secrets
volumeMounts: volumeMounts:
- mountPath: /dev/net/tun - mountPath: /dev/net/tun
name: dev-tun name: dev-tun
- mountPath: "/gluetun/wireguard" - mountPath: /gluetun/wireguard
name: gluetun-wgconfig name: gluetun-wgconfig
readOnly: true readOnly: true
- name: gluetun-scripts - name: gluetun-scripts
@ -89,7 +94,7 @@ spec:
- mountPath: /config - mountPath: /config
name: qbittorrent-config name: qbittorrent-config
- mountPath: /shared/media/downloads - mountPath: /shared/media/downloads
name: nfs-media name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -109,7 +114,7 @@ spec:
name: unpackerr-env-secrets name: unpackerr-env-secrets
volumeMounts: volumeMounts:
- mountPath: /shared/media/downloads - mountPath: /shared/media/downloads
name: nfs-media name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -119,6 +124,30 @@ spec:
capabilities: capabilities:
drop: drop:
- "ALL" - "ALL"
- name: slskd
image: docker.io/slskd/slskd
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: slskd-envs
- secretRef:
name: slskd-env-secrets
volumeMounts:
- mountPath: /config
name: slskd-config
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext:
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
add:
- "CHOWN"
- "SETUID"
- "SETGID"
volumes: volumes:
- name: dev-tun - name: dev-tun
hostPath: hostPath:
@ -127,6 +156,9 @@ spec:
- name: qbittorrent-config - name: qbittorrent-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: qbittorrent-storage claimName: qbittorrent-storage
- name: slskd-config
persistentVolumeClaim:
claimName: slskd-storage
- name: gluetun-wgconfig - name: gluetun-wgconfig
secret: secret:
secretName: gluetun-wgconfig secretName: gluetun-wgconfig
@ -136,6 +168,6 @@ spec:
defaultMode: 0755 defaultMode: 0755
- name: gluetun-tmp - name: gluetun-tmp
emptyDir: {} emptyDir: {}
- name: nfs-media - name: nfs-media-downloads
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-downloads

43
k8s-wheatley/qbittorrent/ingress.yaml
View file

@ -14,3 +14,46 @@ spec:
- backendRefs: - backendRefs:
- name: qbittorrent - name: qbittorrent
port: 80 port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: slskd-route
spec:
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
hostnames:
- "slskd.wheatley.in"
rules:
- backendRefs:
- name: slskd
port: 80
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
spec:
selector:
app: qbittorrent
ports:
- port: 80
protocol: TCP
targetPort: 8112
---
apiVersion: v1
kind: Service
metadata:
name: slskd
spec:
selector:
app: qbittorrent
ports:
- port: 80
protocol: TCP
targetPort: 5030

18
k8s-wheatley/qbittorrent/kustomization.yaml
View file

@ -4,36 +4,36 @@ kind: Kustomization
namespace: qbittorrent namespace: qbittorrent
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
- pvc.yaml - pvc.yaml
- secrets.yaml - secrets.yaml
- services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-downloads
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-qbittorrent value: nfs-media-qbittorrent-downloads
- op: replace
path: /spec/nfs/path
value: /tank/media/downloads
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-downloads
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-qbittorrent value: nfs-media-qbittorrent-downloads
images: images:
- name: ghcr.io/qdm12/gluetun - name: ghcr.io/qdm12/gluetun
newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
- name: docker.io/qbittorrentofficial/qbittorrent-nox - name: docker.io/qbittorrentofficial/qbittorrent-nox
newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af
- name: docker.io/slskd/slskd
newTag: 0.25.1

12
k8s-wheatley/qbittorrent/pvc.yaml
View file

@ -10,3 +10,15 @@ spec:
resources: resources:
requests: requests:
storage: 5Gi storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: slskd-storage
spec:
storageClassName: piraeus-lvmthin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

43
k8s-wheatley/qbittorrent/secrets.yaml
View file

@ -17,6 +17,49 @@ spec:
remoteRef: remoteRef:
key: secrets/managed/qbittorrent/protonvpn-wgconfig key: secrets/managed/qbittorrent/protonvpn-wgconfig
property: config property: config
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: slskd-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: slskd-env-secrets
data:
- secretKey: SLSKD_VPN_GLUETUN_API_KEY
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: GLUETUN_API_KEY
- secretKey: SLSKD_SLSK_USERNAME
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSK_USERNAME
- secretKey: SLSKD_SLSK_PASSWORD
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSK_PASSWORD
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gluetun-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: gluetun-env-secrets
data:
- secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE
remoteRef:
key: secrets/managed/qbittorrent/gluetun-env-secrets
property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret

12
k8s-wheatley/qbittorrent/services.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
spec:
selector:
app: qbittorrent
ports:
- port: 80
protocol: TCP
targetPort: 8112

13
k8s-wheatley/radarr/deployments.yaml
View file

@ -28,8 +28,10 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: radarr-config name: radarr-config
- mountPath: /shared/media - mountPath: /shared/media/movies
name: nfs-media name: nfs-media-movies
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +47,9 @@ spec:
- name: radarr-config - name: radarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: radarr-storage claimName: radarr-storage
- name: nfs-media - name: nfs-media-movies
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-movies
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

27
k8s-wheatley/radarr/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: radarr namespace: radarr
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -13,21 +12,39 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/movies
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-radarr value: nfs-media-radarr-movies
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-radarr value: nfs-media-radarr-movies
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-radarr-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-radarr-downloads
images: images:
- name: linuxserver/radarr - name: linuxserver/radarr

18
k8s-wheatley/sonarr/deployments.yaml
View file

@ -28,8 +28,12 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: sonarr-config name: sonarr-config
- mountPath: /shared/media - mountPath: /shared/media/series
name: nfs-media name: nfs-media-series
- mountPath: /shared/media/anime
name: nfs-media-anime
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +49,12 @@ spec:
- name: sonarr-config - name: sonarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: sonarr-storage claimName: sonarr-storage
- name: nfs-media - name: nfs-media-series
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-series
- name: nfs-media-anime
persistentVolumeClaim:
claimName: nfs-media-anime
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

42
k8s-wheatley/sonarr/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: sonarr namespace: sonarr
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -13,21 +12,54 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/series
- ../../kustomize-bases/nfs-media/components/anime
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-series
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-sonarr value: nfs-media-sonarr-series
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-series
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-sonarr value: nfs-media-sonarr-series
- target:
kind: PersistentVolume
name: nfs-media-anime
patch: |
- op: replace
path: /metadata/name
value: nfs-media-sonarr-anime
- target:
kind: PersistentVolumeClaim
name: nfs-media-anime
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-sonarr-anime
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-sonarr-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-sonarr-downloads
images: images:
- name: linuxserver/sonarr - name: linuxserver/sonarr

2
kustomize-bases/cilium/kustomization.yaml
View file

@ -13,5 +13,5 @@ helmCharts:
repo: https://helm.cilium.io repo: https://helm.cilium.io
namespace: kube-system namespace: kube-system
releaseName: cilium releaseName: cilium
version: 1.18.6 version: 1.18.10
valuesFile: values.yaml valuesFile: values.yaml

5
kustomize-bases/nfs-media/components/anime/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/anime/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-anime
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/anime
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-anime
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-anime

5
kustomize-bases/nfs-media/components/downloads/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/downloads/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-downloads
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/downloads
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-downloads
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-downloads

5
kustomize-bases/nfs-media/components/movies/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/movies/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-movies
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/movies
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-movies
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-movies

5
kustomize-bases/nfs-media/components/music/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/music/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-music
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/music
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-music
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-music

5
kustomize-bases/nfs-media/components/roms/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/roms/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-roms
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/roms
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-roms
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-roms

5
kustomize-bases/nfs-media/components/series/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/series/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-series
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/series
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-series
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-series

6
kustomize-bases/nfs-media/kustomization.yaml
View file

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pvc.yaml

40
kustomize-bases/nfs-media/pvc.yaml
View file

@ -1,40 +0,0 @@
# Shared NFS media storage template — used by plex, sonarr, radarr, and qbittorrent.
# All apps on k8s-wheatley mount the same NFS server: 10.0.69.10
#
# Each app overlays this base with JSON patches in its kustomization.yaml:
# - Always: rename PV (metadata.name) and update PVC volumeName to match
# - plex only: patch accessModes to ReadOnlyMany on both PV and PVC
# - qbittorrent only: patch nfs.path to /tank/media/downloads
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media # renamed per-app via JSON patch
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media # patched per-app to match PV name