Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(media): upgrade plex kustomization and helmrelease #1952

Merged
merged 1 commit into from
Dec 16, 2023
Merged

Conversation

blackjid
Copy link
Owner

No description provided.

@bot-x-mod
Copy link
Contributor

bot-x-mod bot commented Dec 16, 2023

--- kubernetes/main/apps Kustomization: flux-system/cluster-apps HelmRelease: media/plex

+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps HelmRelease: media/plex

@@ -1,111 +0,0 @@

----
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: plex
-  namespace: media
-spec:
-  chart:
-    spec:
-      chart: app-template
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-      version: 1.5.1
-  install:
-    createNamespace: true
-    remediation:
-      retries: 3
-  interval: 30m
-  maxHistory: 2
-  uninstall:
-    keepHistory: false
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    affinity:
-      podAntiAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-        - labelSelector:
-            matchExpressions:
-            - key: app.kubernetes.io/name
-              operator: In
-              values:
-              - frigate
-          topologyKey: kubernetes.io/hostname
-    controller:
-      type: statefulset
-    env:
-      TZ: America/Santiago
-    image:
-      repository: ghcr.io/onedr0p/plex
-      tag: 1.32.8.7639-fb6452ebf@sha256:637fe10cef736f249d96cb004c12f81646c81ca17ddce22374ea8782aa6646c2
-    ingress:
-      main:
-        annotations:
-          external-dns.alpha.kubernetes.io/target: ingress.donoso.family
-          hajimari.io/icon: mdi:plex
-        enabled: true
-        hosts:
-        - host: '{{ .Release.Name }}.donoso.family'
-          paths:
-          - path: /
-            pathType: Prefix
-        ingressClassName: external
-        tls:
-        - hosts:
-          - '{{ .Release.Name }}.donoso.family'
-    nodeSelector:
-      intel.feature.node.kubernetes.io/gpu: 'true'
-    persistence:
-      local:
-        enabled: true
-        mountPath: /.local
-        type: emptyDir
-      media:
-        enabled: true
-        mountPath: /media
-        path: /volume1/media
-        server: 10.2.1.50
-        type: nfs
-      transcode:
-        enabled: true
-        type: emptyDir
-    podSecurityContext:
-      fsGroup: 568
-      fsGroupChangePolicy: OnRootMismatch
-      runAsGroup: 568
-      runAsUser: 568
-      supplementalGroups:
-      - 44
-      - 109
-      - 100
-    resources:
-      limits:
-        gpu.intel.com/i915: 1
-        memory: 10000Mi
-      requests:
-        cpu: 100m
-        gpu.intel.com/i915: 1
-        memory: 2000Mi
-    service:
-      main:
-        externalTrafficPolicy: Local
-        loadBalancerIP: 10.2.1.104
-        ports:
-          http:
-            port: 32400
-        type: LoadBalancer
-    volumeClaimTemplates:
-    - accessMode: ReadWriteOnce
-      mountPath: /config
-      name: config
-      size: 100Gi
-      storageClass: ceph-block
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps ExternalSecret: media/plex-restic

+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps ExternalSecret: media/plex-restic

@@ -1,27 +0,0 @@

----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: plex-restic
-  namespace: media
-spec:
-  dataFrom:
-  - extract:
-      key: volsync-restic-template
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    creationPolicy: Owner
-    name: plex-restic-secret
-    template:
-      data:
-        AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
-        AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
-        RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
-        RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/plex'
-      engineVersion: v2
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps ReplicationSource: media/plex

+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps ReplicationSource: media/plex

@@ -1,28 +0,0 @@

----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: plex
-  namespace: media
-spec:
-  restic:
-    cacheCapacity: 5Gi
-    copyMethod: Snapshot
-    moverSecurityContext:
-      fsGroup: 568
-      runAsGroup: 568
-      runAsUser: 568
-    pruneIntervalDays: 7
-    repository: plex-restic-secret
-    retain:
-      daily: 7
-      within: 3d
-    storageClassName: ceph-block
-    volumeSnapshotClassName: csi-ceph-blockpool
-  sourcePVC: config-plex-0
-  trigger:
-    schedule: 0 7 * * *
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/plex

+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/plex

@@ -0,0 +1,36 @@

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: plex
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: plex
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  dependsOn:
+  - name: external-secrets-stores
+  interval: 30m
+  path: ./kubernetes/main/apps/media/plex/app
+  postBuild:
+    substituteFrom:
+    - kind: ConfigMap
+      name: cluster-settings
+    - kind: Secret
+      name: cluster-secrets
+  prune: true
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  targetNamespace: media
+  timeout: 5m
+  wait: false
+
--- kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex HelmRelease: media/plex

+++ kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex HelmRelease: media/plex

@@ -0,0 +1,152 @@

+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  labels:
+    app.kubernetes.io/name: plex
+    kustomize.toolkit.fluxcd.io/name: plex
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: plex
+  namespace: media
+spec:
+  chart:
+    spec:
+      chart: app-template
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+      version: 2.4.0
+  dependsOn:
+  - name: intel-device-plugin-gpu
+    namespace: kube-system
+  - name: rook-ceph-cluster
+    namespace: rook-ceph
+  - name: volsync
+    namespace: volsync
+  install:
+    remediation:
+      retries: 3
+  interval: 30m
+  maxHistory: 2
+  uninstall:
+    keepHistory: false
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  values:
+    controllers:
+      main:
+        annotations:
+          reloader.stakater.com/auto: 'true'
+        containers:
+          main:
+            env:
+              TZ: America/Santiago
+            image:
+              repository: ghcr.io/onedr0p/plex
+              tag: 1.32.8.7639-fb6452ebf@sha256:637fe10cef736f249d96cb004c12f81646c81ca17ddce22374ea8782aa6646c2
+            probes:
+              liveness:
+                custom: true
+                enabled: true
+                spec:
+                  failureThreshold: 3
+                  httpGet:
+                    path: /identity
+                    port: 32400
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+              readiness:
+                custom: true
+                enabled: true
+                spec:
+                  failureThreshold: 3
+                  httpGet:
+                    path: /identity
+                    port: 32400
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+              startup:
+                enabled: false
+            resources:
+              limits:
+                gpu.intel.com/i915: 1
+                memory: 10Gi
+              requests:
+                cpu: 200m
+                gpu.intel.com/i915: 1
+                memory: 2Gi
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: true
+        pod:
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+              - labelSelector:
+                  matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                    - frigate
+                topologyKey: kubernetes.io/hostname
+          nodeSelector:
+            intel.feature.node.kubernetes.io/gpu: 'true'
+          securityContext:
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+            runAsGroup: 568
+            runAsNonRoot: true
+            runAsUser: 568
+            supplementalGroups:
+            - 44
+            - 109
+            - 100
+    ingress:
+      main:
+        annotations:
+          external-dns.alpha.kubernetes.io/target: external.donoso.family
+          hajimari.io/icon: mdi:plex
+        className: external
+        enabled: true
+        hosts:
+        - host: '{{ .Release.Name }}.donoso.family'
+          paths:
+          - path: /
+            service:
+              name: main
+              port: http
+        tls:
+        - hosts:
+          - '{{ .Release.Name }}.donoso.family'
+    persistence:
+      config:
+        enabled: true
+        existingClaim: config-plex-0
+      media:
+        globalMounts:
+        - path: /media
+          readOnly: true
+        path: /volume1/media
+        server: 10.2.1.50
+        type: nfs
+      tmp:
+        type: emptyDir
+      transcode:
+        type: emptyDir
+    service:
+      main:
+        annotations:
+          io.cilium/lb-ipam-ips: 10.2.1.104
+        ports:
+          http:
+            port: 32400
+        type: LoadBalancer
+
--- kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex ExternalSecret: media/plex-restic

+++ kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex ExternalSecret: media/plex-restic

@@ -0,0 +1,28 @@

+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  labels:
+    app.kubernetes.io/name: plex
+    kustomize.toolkit.fluxcd.io/name: plex
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: plex-restic
+  namespace: media
+spec:
+  dataFrom:
+  - extract:
+      key: volsync-restic-template
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    creationPolicy: Owner
+    name: plex-restic-secret
+    template:
+      data:
+        AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
+        AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
+        RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
+        RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/plex'
+      engineVersion: v2
+
--- kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex ReplicationSource: media/plex

+++ kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex ReplicationSource: media/plex

@@ -0,0 +1,29 @@

+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  labels:
+    app.kubernetes.io/name: plex
+    kustomize.toolkit.fluxcd.io/name: plex
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: plex
+  namespace: media
+spec:
+  restic:
+    cacheCapacity: 5Gi
+    copyMethod: Snapshot
+    moverSecurityContext:
+      fsGroup: 568
+      runAsGroup: 568
+      runAsUser: 568
+    pruneIntervalDays: 7
+    repository: plex-restic-secret
+    retain:
+      daily: 7
+      within: 3d
+    storageClassName: ceph-block
+    volumeSnapshotClassName: csi-ceph-blockpool
+  sourcePVC: config-plex-0
+  trigger:
+    schedule: 0 7 * * *
+

@bot-x-mod
Copy link
Contributor

bot-x-mod bot commented Dec 16, 2023

--- kubernetes/main HelmRelease: media/plex Service: media/plex

+++ kubernetes/main HelmRelease: media/plex Service: media/plex

@@ -1,23 +1,24 @@

 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: plex
   labels:
-    app.kubernetes.io/service: plex
     app.kubernetes.io/instance: plex
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: plex
+    app.kubernetes.io/service: plex
+  annotations:
+    io.cilium/lb-ipam-ips: 10.2.1.104
 spec:
   type: LoadBalancer
-  loadBalancerIP: 10.2.1.104
-  externalTrafficPolicy: Local
   ports:
   - port: 32400
-    targetPort: http
+    targetPort: 32400
     protocol: TCP
     name: http
   selector:
+    app.kubernetes.io/component: main
     app.kubernetes.io/instance: plex
     app.kubernetes.io/name: plex
 
--- kubernetes/main HelmRelease: media/plex StatefulSet: media/plex

+++ kubernetes/main HelmRelease: media/plex StatefulSet: media/plex

@@ -1,120 +0,0 @@

----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: plex
-  labels:
-    app.kubernetes.io/instance: plex
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: plex
-spec:
-  revisionHistoryLimit: 3
-  replicas: 1
-  podManagementPolicy: OrderedReady
-  updateStrategy:
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: plex
-      app.kubernetes.io/instance: plex
-  serviceName: plex
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: plex
-        app.kubernetes.io/instance: plex
-    spec:
-      serviceAccountName: default
-      automountServiceAccountToken: true
-      securityContext:
-        fsGroup: 568
-        fsGroupChangePolicy: OnRootMismatch
-        runAsGroup: 568
-        runAsUser: 568
-        supplementalGroups:
-        - 44
-        - 109
-        - 100
-      dnsPolicy: ClusterFirst
-      enableServiceLinks: true
-      containers:
-      - name: plex
-        image: ghcr.io/onedr0p/plex:1.32.8.7639-fb6452ebf@sha256:637fe10cef736f249d96cb004c12f81646c81ca17ddce22374ea8782aa6646c2
-        imagePullPolicy: null
-        env:
-        - name: TZ
-          value: America/Santiago
-        ports:
-        - name: http
-          containerPort: 32400
-          protocol: TCP
-        volumeMounts:
-        - name: local
-          mountPath: /.local
-        - name: media
-          mountPath: /media
-        - name: transcode
-          mountPath: /transcode
-        - mountPath: /config
-          name: config
-        livenessProbe:
-          failureThreshold: 3
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          tcpSocket:
-            port: 32400
-          timeoutSeconds: 1
-        readinessProbe:
-          failureThreshold: 3
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          tcpSocket:
-            port: 32400
-          timeoutSeconds: 1
-        startupProbe:
-          failureThreshold: 30
-          initialDelaySeconds: 0
-          periodSeconds: 5
-          tcpSocket:
-            port: 32400
-          timeoutSeconds: 1
-        resources:
-          limits:
-            gpu.intel.com/i915: 1
-            memory: 10000Mi
-          requests:
-            cpu: 100m
-            gpu.intel.com/i915: 1
-            memory: 2000Mi
-      volumes:
-      - name: local
-        emptyDir: {}
-      - name: media
-        nfs:
-          server: 10.2.1.50
-          path: /volume1/media
-      - name: transcode
-        emptyDir: {}
-      nodeSelector:
-        intel.feature.node.kubernetes.io/gpu: 'true'
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchExpressions:
-              - key: app.kubernetes.io/name
-                operator: In
-                values:
-                - frigate
-            topologyKey: kubernetes.io/hostname
-  volumeClaimTemplates:
-  - metadata:
-      name: config
-    spec:
-      accessModes:
-      - ReadWriteOnce
-      resources:
-        requests:
-          storage: 100Gi
-      storageClassName: ceph-block
-
--- kubernetes/main HelmRelease: media/plex Ingress: media/plex

+++ kubernetes/main HelmRelease: media/plex Ingress: media/plex

@@ -5,13 +5,13 @@

   name: plex
   labels:
     app.kubernetes.io/instance: plex
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: plex
   annotations:
-    external-dns.alpha.kubernetes.io/target: ingress.donoso.family
+    external-dns.alpha.kubernetes.io/target: external.donoso.family
     hajimari.io/icon: mdi:plex
 spec:
   ingressClassName: external
   tls:
   - hosts:
     - plex.donoso.family
--- kubernetes/main HelmRelease: media/plex Deployment: media/plex

+++ kubernetes/main HelmRelease: media/plex Deployment: media/plex

@@ -0,0 +1,117 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plex
+  labels:
+    app.kubernetes.io/component: main
+    app.kubernetes.io/instance: plex
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: plex
+  annotations:
+    reloader.stakater.com/auto: 'true'
+spec:
+  revisionHistoryLimit: 3
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: main
+      app.kubernetes.io/name: plex
+      app.kubernetes.io/instance: plex
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: main
+        app.kubernetes.io/instance: plex
+        app.kubernetes.io/name: plex
+    spec:
+      enableServiceLinks: true
+      serviceAccountName: default
+      automountServiceAccountToken: true
+      securityContext:
+        fsGroup: 568
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 568
+        runAsNonRoot: true
+        runAsUser: 568
+        supplementalGroups:
+        - 44
+        - 109
+        - 100
+      hostIPC: false
+      hostNetwork: false
+      hostPID: false
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        intel.feature.node.kubernetes.io/gpu: 'true'
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app.kubernetes.io/name
+                operator: In
+                values:
+                - frigate
+            topologyKey: kubernetes.io/hostname
+      containers:
+      - env:
+        - name: TZ
+          value: America/Santiago
+        image: ghcr.io/onedr0p/plex:1.32.8.7639-fb6452ebf@sha256:637fe10cef736f249d96cb004c12f81646c81ca17ddce22374ea8782aa6646c2
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /identity
+            port: 32400
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          timeoutSeconds: 1
+        name: main
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /identity
+            port: 32400
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          timeoutSeconds: 1
+        resources:
+          limits:
+            gpu.intel.com/i915: 1
+            memory: 10Gi
+          requests:
+            cpu: 200m
+            gpu.intel.com/i915: 1
+            memory: 2Gi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /config
+          name: config
+        - mountPath: /media
+          name: media
+          readOnly: true
+        - mountPath: /tmp
+          name: tmp
+        - mountPath: /transcode
+          name: transcode
+      volumes:
+      - name: config
+        persistentVolumeClaim:
+          claimName: config-plex-0
+      - name: media
+        nfs:
+          path: /volume1/media
+          server: 10.2.1.50
+      - emptyDir: {}
+        name: tmp
+      - emptyDir: {}
+        name: transcode
+

@blackjid blackjid merged commit 8337737 into main Dec 16, 2023
4 checks passed
@blackjid blackjid deleted the upgrade_plex branch December 16, 2023 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant