From a4ee2e46b2e69f8800329a29df3bc622e7b52a41 Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Sat, 1 Feb 2025 22:41:17 +0100 Subject: [PATCH 1/2] add lidarr --- kubernetes/apps/default/kustomization.yaml | 1 + .../default/lidarr/app/externalsecret.yaml | 32 +++++ .../apps/default/lidarr/app/helmrelease.yaml | 114 ++++++++++++++++++ .../default/lidarr/app/kustomization.yaml | 10 ++ kubernetes/apps/default/lidarr/app/pvc.yaml | 13 ++ kubernetes/apps/default/lidarr/ks.yaml | 17 +++ .../apps/default/radarr/app/helmrelease.yaml | 22 ++-- 7 files changed, 196 insertions(+), 13 deletions(-) create mode 100644 kubernetes/apps/default/lidarr/app/externalsecret.yaml create mode 100644 kubernetes/apps/default/lidarr/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/lidarr/app/kustomization.yaml create mode 100644 kubernetes/apps/default/lidarr/app/pvc.yaml create mode 100644 kubernetes/apps/default/lidarr/ks.yaml diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index d78d5800..097dd140 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -7,6 +7,7 @@ resources: - ./jellyfin/ks.yaml - ./sabnzbd/ks.yaml - ./jellyseerr/ks.yaml + - ./lidarr/ks.yaml - ./sonarr/ks.yaml - ./radarr/ks.yaml - ./recyclarr/ks.yaml diff --git a/kubernetes/apps/default/lidarr/app/externalsecret.yaml b/kubernetes/apps/default/lidarr/app/externalsecret.yaml new file mode 100644 index 00000000..5c2ec92b --- /dev/null +++ b/kubernetes/apps/default/lidarr/app/externalsecret.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: lidarr-secret + template: + engineVersion: v2 + data: + LIDARR__AUTH__APIKEY: "{{ .LIDARR_API_KEY }}" + LIDARR__POSTGRES__HOST: &dbHost postgres-rw.database.svc.cluster.local + LIDARR__POSTGRES__PORT: "5432" + LIDARR__POSTGRES__USER: &dbUser "{{ .LIDARR_POSTGRES_USER }}" + LIDARR__POSTGRES__PASSWORD: &dbPass "{{ .LIDARR_POSTGRES_PASSWORD }}" + LIDARR__POSTGRES__MAINDB: lidarr_main + LIDARR__POSTGRES__LOGDB: lidarr_log + INIT_POSTGRES_DBNAME: lidarr_main lidarr_log + INIT_POSTGRES_HOST: *dbHost + INIT_POSTGRES_USER: *dbUser + INIT_POSTGRES_PASS: *dbPass + INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" + dataFrom: + - extract: + key: cloudnative-pg + - extract: + key: ;odarr diff --git a/kubernetes/apps/default/lidarr/app/helmrelease.yaml b/kubernetes/apps/default/lidarr/app/helmrelease.yaml new file mode 100644 index 00000000..b0b91a27 --- /dev/null +++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml @@ -0,0 +1,114 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: lidarr + namespace: default +spec: + interval: 15m + chart: + spec: + # renovate: registryUrl=https://bjw-s.github.io/helm-charts + chart: app-template + version: 3.6.1 + sourceRef: + kind: HelmRepository + name: bjw-s-charts + namespace: flux-system + interval: 15m + maxHistory: 3 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + uninstall: + keepHistory: false + values: + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 2000 + runAsGroup: 2000 + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + controllers: + lidarr: + annotations: + reloader.stakater.com/auto: "true" + initContainers: + init-db: + image: + repository: ghcr.io/onedr0p/postgres-init + tag: 16@sha256:a37bbb04a0ea3f15b505c6f97637e7ae89bc66541ae23b8d3848024087980e76 + envFrom: &envFrom + - secretRef: + name: lidarr-secret + containers: + app: + image: + repository: ghcr.io/szinn/lidarr-develop + tag: 2.9.4.4539@sha256:595aceaf0120cd8577f9e4cea0a71f721f3e14ac70005d64c10b8ee90aec2c27 + env: + TZ: America/Toronto + LIDARR__APP__INSTANCENAME: Lidarr + LIDARR__APP__THEME: dark + LIDARR__AUTH__METHOD: External + LIDARR__AUTH__REQUIRED: DisabledForLocalAddresses + LIDARR__LOG__DBENABLED: "False" + LIDARR__LOG_LEVEL: info + LIDARR__SERVER__PORT: &port 80 + envFrom: *envFrom + + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + service: + app: + controller: lidarr + ports: + http: + port: *port + ingress: + app: + className: internal + annotations: + external-dns.alpha.kubernetes.io/target: "internal.${SECRET_DOMAIN}" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: *port + tls: + - hosts: + - *host + persistence: + config: + existingClaim: lidarr + + data: + existingClaim: media-nfs + + PodAnnotations: + secret.reloader.stakater.com/reload: lidarr-secret diff --git a/kubernetes/apps/default/lidarr/app/kustomization.yaml b/kubernetes/apps/default/lidarr/app/kustomization.yaml new file mode 100644 index 00000000..c1b51278 --- /dev/null +++ b/kubernetes/apps/default/lidarr/app/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - ./externalsecret.yaml + - ./pvc.yaml + - ../../media-nfs.yaml diff --git a/kubernetes/apps/default/lidarr/app/pvc.yaml b/kubernetes/apps/default/lidarr/app/pvc.yaml new file mode 100644 index 00000000..d3611a63 --- /dev/null +++ b/kubernetes/apps/default/lidarr/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lidarr + namespace: default +spec: + storageClassName: nfs-provision + accessModes: + - ReadWriteMany + resources: + requests: + storage: 15Gi diff --git a/kubernetes/apps/default/lidarr/ks.yaml b/kubernetes/apps/default/lidarr/ks.yaml new file mode 100644 index 00000000..25883ee9 --- /dev/null +++ b/kubernetes/apps/default/lidarr/ks.yaml @@ -0,0 +1,17 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: lidarr + namespace: flux-system +spec: + path: ./kubernetes/apps/default/lidarr/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml index 36e1e45b..9f0e46c5 100644 --- a/kubernetes/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml @@ -19,21 +19,26 @@ spec: namespace: flux-system maxHistory: 3 - install: createNamespace: true remediation: retries: 3 - upgrade: cleanupOnFail: true remediation: retries: 3 - uninstall: keepHistory: false - values: + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [1000] + seccompProfile: { type: RuntimeDefault } controllers: radarr: strategy: Recreate @@ -69,15 +74,6 @@ spec: add: - NET_ADMIN - NET_RAW - defaultPodOptions: - securityContext: - runAsNonRoot: true - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [1000] - seccompProfile: { type: RuntimeDefault } service: app: controller: radarr From a5b8a9c8a1f386756ef7b060a663d773c681eaac Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Sat, 1 Feb 2025 22:42:58 +0100 Subject: [PATCH 2/2] minor fix --- kubernetes/apps/default/lidarr/app/helmrelease.yaml | 3 +-- kubernetes/apps/default/radarr/app/helmrelease.yaml | 4 ---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/kubernetes/apps/default/lidarr/app/helmrelease.yaml b/kubernetes/apps/default/lidarr/app/helmrelease.yaml index b0b91a27..0e3a3c6d 100644 --- a/kubernetes/apps/default/lidarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml @@ -14,9 +14,8 @@ spec: version: 3.6.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system - interval: 15m maxHistory: 3 install: remediation: diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml index 9f0e46c5..c19d736c 100644 --- a/kubernetes/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml @@ -5,7 +5,6 @@ kind: HelmRelease metadata: name: &app radarr namespace: default - spec: interval: 30m chart: @@ -17,7 +16,6 @@ spec: kind: HelmRepository name: bjw-s namespace: flux-system - maxHistory: 3 install: createNamespace: true @@ -55,7 +53,6 @@ spec: image: repository: ghcr.io/onedr0p/radarr-develop tag: 5.18.1.9612@sha256:f19b5e8f22e1b807a563d50ebef0b47aca1a2d61cea63599c2c4ca85425a2320 - env: TZ: ${TIMEZONE} RADARR__APP__INSTANCENAME: Radarr @@ -66,7 +63,6 @@ spec: RADARR__LOG__LEVEL: info RADARR__SERVER__PORT: &port 80 RADARR__UPDATE__BRANCH: develop - envFrom: *envFrom securityContext: privileged: true