diff --git a/kubernetes/main/apps/media/kustomization.yaml b/kubernetes/main/apps/media/kustomization.yaml index 378f82ac0..4acb95e0c 100644 --- a/kubernetes/main/apps/media/kustomization.yaml +++ b/kubernetes/main/apps/media/kustomization.yaml @@ -8,7 +8,7 @@ resources: # Flux-Kustomizations - ./bazarr - ./overseerr - - ./plex + - ./plex/ks.yaml - ./prowlarr - ./qbittorrent - ./radarr diff --git a/kubernetes/main/apps/media/plex/app/helmrelease.yaml b/kubernetes/main/apps/media/plex/app/helmrelease.yaml index 94d6a03c7..80997462b 100644 --- a/kubernetes/main/apps/media/plex/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/plex/app/helmrelease.yaml @@ -1,23 +1,21 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrelease_v2beta1.json +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: - name: &app plex - namespace: media + name: plex spec: interval: 30m chart: spec: chart: app-template - version: 1.5.1 + version: 2.4.0 sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system maxHistory: 2 install: - createNamespace: true remediation: retries: 3 upgrade: @@ -26,92 +24,109 @@ spec: retries: 3 uninstall: keepHistory: false + dependsOn: + - name: intel-device-plugin-gpu + namespace: kube-system + - name: rook-ceph-cluster + namespace: rook-ceph + - name: volsync + namespace: volsync values: - controller: - type: statefulset - - image: - repository: ghcr.io/onedr0p/plex - tag: 1.32.8.7639-fb6452ebf@sha256:637fe10cef736f249d96cb004c12f81646c81ca17ddce22374ea8782aa6646c2 - - env: - TZ: America/Santiago - + controllers: + main: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/onedr0p/plex + tag: 1.32.8.7639-fb6452ebf@sha256:637fe10cef736f249d96cb004c12f81646c81ca17ddce22374ea8782aa6646c2 + env: + TZ: America/Santiago + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /identity + port: 32400 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + gpu.intel.com/i915: 1 + cpu: 200m + memory: 2Gi + limits: + gpu.intel.com/i915: 1 + memory: 10Gi + pod: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: ["frigate"] + topologyKey: kubernetes.io/hostname + nodeSelector: + intel.feature.node.kubernetes.io/gpu: "true" + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [44, 109, 100] service: main: type: LoadBalancer - externalTrafficPolicy: Local - loadBalancerIP: 10.2.1.104 + annotations: + io.cilium/lb-ipam-ips: 10.2.1.104 ports: http: - port: &port 32400 + port: 32400 ingress: main: enabled: true - ingressClassName: external + className: external annotations: - external-dns.alpha.kubernetes.io/target: ingress.donoso.family + external-dns.alpha.kubernetes.io/target: external.donoso.family hajimari.io/icon: mdi:plex + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" hosts: - host: &host "{{ .Release.Name }}.donoso.family" paths: - path: / - pathType: Prefix + service: + name: main + port: http tls: - hosts: - *host - - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - frigate - topologyKey: "kubernetes.io/hostname" - - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: "OnRootMismatch" - supplementalGroups: - - 44 - - 109 - - 100 - - volumeClaimTemplates: - - name: config - mountPath: /config - accessMode: ReadWriteOnce - size: 100Gi - storageClass: ceph-block - persistence: - media: - enabled: true - type: nfs - server: &nas 10.2.1.50 - path: /volume1/media - mountPath: /media - transcode: + config: enabled: true + existingClaim: config-plex-0 + tmp: type: emptyDir - local: - enabled: true + transcode: type: emptyDir - mountPath: /.local - - nodeSelector: - intel.feature.node.kubernetes.io/gpu: "true" - - resources: - requests: - gpu.intel.com/i915: 1 - cpu: 100m - memory: 2000Mi - limits: - gpu.intel.com/i915: 1 - memory: 10000Mi + media: + type: nfs + server: 10.2.1.50 + path: /volume1/media + globalMounts: + - path: /media + readOnly: true diff --git a/kubernetes/main/apps/media/plex/ks.yaml b/kubernetes/main/apps/media/plex/ks.yaml new file mode 100644 index 000000000..12496f20b --- /dev/null +++ b/kubernetes/main/apps/media/plex/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app plex + namespace: flux-system +spec: + targetNamespace: media + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/main/apps/media/plex/app + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/main/apps/media/plex/kustomization.yaml b/kubernetes/main/apps/media/plex/kustomization.yaml deleted file mode 100644 index 1532406bd..000000000 --- a/kubernetes/main/apps/media/plex/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./app