From cb600f83688caf92168700f4ff4da071ccac0443 Mon Sep 17 00:00:00 2001 From: Aner Zakobar Date: Wed, 6 Oct 2021 00:51:11 +0300 Subject: [PATCH] Everything changes lots works! --- Chart.yaml | 3 - README.org | 3 +- templates/dns.yaml | 15 ++-- templates/gitea.yaml | 31 +++++--- templates/jackett.yaml | 3 +- templates/jellyfin.yaml | 86 ++++++++++++++++++++++ templates/nefarious.yaml | 14 ++-- templates/nextcloud.yaml | 142 ++++++++++++++++++++++++++++++++++++ templates/photoprism.yaml | 12 ++- templates/phpldapadmin.yaml | 19 +++-- templates/transmission.yaml | 22 ++---- values.yaml | 6 +- 12 files changed, 297 insertions(+), 59 deletions(-) create mode 100644 templates/jellyfin.yaml create mode 100644 templates/nextcloud.yaml diff --git a/Chart.yaml b/Chart.yaml index ea414be..ce456d7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -9,6 +9,3 @@ dependencies: - name: kubernetes-secret-generator repository: "https://helm.mittwald.de" version: ">= 1.0.0" -- name: ingress-nginx - repository: "https://kubernetes.github.io/ingress-nginx" - version: ">= 1.12.0" diff --git a/README.org b/README.org index 09ec8b8..59cec03 100644 --- a/README.org +++ b/README.org @@ -72,7 +72,6 @@ First Name Attribute: cn Surname Attribute: sn Email Attribute: mail - * Jackett -Go into "indexers" and add indexer (pirate bay) +Go into "indexers" and add indexer diff --git a/templates/dns.yaml b/templates/dns.yaml index 6e9fb30..f14e58a 100644 --- a/templates/dns.yaml +++ b/templates/dns.yaml @@ -15,6 +15,7 @@ spec: labels: app: bind spec: + priorityClassName: system-node-critical containers: - name: bind image: cytopia/bind @@ -22,22 +23,22 @@ spec: env: - name: WILDCARD_DNS value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}" + - name: DNS_FORWARDER + value: "8.8.8.8,8.8.4.4" + - name: ALLOW_RECURSION + value: "any" --- apiVersion: v1 kind: Service metadata: - name: bind-dns + name: bind-dns-udp spec: + type: NodePort selector: app: bind ports: - - port: 53 - targetPort: 53 - protocol: TCP - name: dns-tcp - port: 53 targetPort: 53 protocol: UDP name: dns-udp - externalIPs: - - {{ .Values.homey.ip }} + nodePort: 32053 diff --git a/templates/gitea.yaml b/templates/gitea.yaml index c200b51..f4a1acd 100644 --- a/templates/gitea.yaml +++ b/templates/gitea.yaml @@ -24,7 +24,7 @@ spec: - name: gitea image: gitea/gitea ports: - - containerPort: 2222 + - containerPort: 22 name: ssh - containerPort: 3000 name: http @@ -41,6 +41,21 @@ apiVersion: v1 kind: Service metadata: name: gitea-svc +spec: + selector: + app: gitea + ports: + - name: ssh + protocol: TCP + port: 3000 + targetPort: http + selector: + app: gitea +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea-svc-ssh spec: type: NodePort selector: @@ -48,12 +63,9 @@ spec: ports: - name: ssh protocol: TCP - port: 2222 + port: 22 targetPort: ssh - - name: http - protocol: TCP - port: 3000 - targetPort: 3000 + nodePort: 32222 selector: app: gitea --- @@ -63,11 +75,8 @@ metadata: name: gitea-ingress annotations: kubernetes.io/ingress.allow-http: "false" - nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 - nginx.ingress.kubernetes.io/auth-response-headers: 'X-Auth-Request-Access-Token, Authorization' - nginx.ingress.kubernetes.io/configuration-snippet: | - auth_request_set $token $upstream_http_x_auth_request_access_token; - add_header 'Authorization' $token; + ingress.kubernetes.io/auth-type: forward + ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 spec: rules: - host: git.{{ .Values.homey.url }} diff --git a/templates/jackett.yaml b/templates/jackett.yaml index cb0f0ae..1cffa68 100644 --- a/templates/jackett.yaml +++ b/templates/jackett.yaml @@ -47,7 +47,8 @@ metadata: name: jackett-ingress annotations: kubernetes.io/ingress.allow-http: "false" - nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + ingress.kubernetes.io/auth-type: forward + ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 spec: tls: - hosts: diff --git a/templates/jellyfin.yaml b/templates/jellyfin.yaml new file mode 100644 index 0000000..66f300a --- /dev/null +++ b/templates/jellyfin.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + labels: + app: jellyfin +spec: + replicas: 1 + selector: + matchLabels: + app: jellyfin + template: + metadata: + labels: + app: jellyfin + name: jellyfin + spec: + containers: + - name: jellyfin + image: docker.io/jellyfin/jellyfin + imagePullPolicy: Always + volumeMounts: + - name: jellyfin-volume + mountPath: "/config" + subPath: backup/jellyfin/config + - name: jellyfin-volume + mountPath: "/data/movies" + subPath: nobackup/downloads/complete/movies + - name: jellyfin-volume + mountPath: "/data/tvshows" + subPath: nobackup/downloads/complete/tvshows + volumes: + - name: jellyfin-volume + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin-web +spec: + selector: + app: jellyfin + ports: + - port: 80 + targetPort: 8096 + name: jellyfin-web +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin-external-ports +spec: + type: NodePort + selector: + app: jellyfin + ports: + - port: 7359 + targetPort: 7359 + protocol: UDP + name: jellyfin-discovery-local + nodePort: 30059 + - port: 1900 + targetPort: 1900 + protocol: UDP + name: jellyfin-discovery-dnla + nodePort: 31900 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin-ingress + annotations: +spec: + rules: + - host: jellyfin.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin-web + port: + number: 80 diff --git a/templates/nefarious.yaml b/templates/nefarious.yaml index 6865fe9..293300e 100644 --- a/templates/nefarious.yaml +++ b/templates/nefarious.yaml @@ -49,7 +49,7 @@ spec: value: "/downloads" volumeMounts: - name: nefarious-persistent-storage - mountPath: /nefarius-db + mountPath: /nefarious-db subPath: backup/nefarious/nefarious-db - name: nefarious-persistent-storage mountPath: /downloads @@ -86,13 +86,19 @@ spec: value: "sqlite:////nefarious-db/db.sqlite3" - name: REDIS_HOST value: "redis" + - name: REDIS_URL + value: "redis://redis:6379/" + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "0" - name: HOST_DOWNLOAD_PATH value: "/downloads" - name: INTERNAL_DOWNLOAD_PATH value: "/downloads" volumeMounts: - name: celery-persistent-storage - mountPath: /nefarius-db + mountPath: /nefarious-db subPath: backup/nefarious/nefarious-db - name: celery-persistent-storage mountPath: /downloads @@ -118,10 +124,8 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nefarious-ingress + annotations: spec: - tls: - - hosts: - - nefarious.{{ .Values.homey.url }} rules: - host: nefarious.{{ .Values.homey.url }} http: diff --git a/templates/nextcloud.yaml b/templates/nextcloud.yaml new file mode 100644 index 0000000..286c84b --- /dev/null +++ b/templates/nextcloud.yaml @@ -0,0 +1,142 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: nextcloud-postgres-pass + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +# apiVersion: extensions/v1beta1 +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloud-postgres-config + labels: + app: nextcloud-postgres +data: + POSTGRES_DB: nextcloud_db + POSTGRES_USER: postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud-postgres + labels: + app: nextcloud-postgres +spec: + replicas: 1 + selector: + matchLabels: + app: nextcloud-postgres + template: + metadata: + labels: + app: nextcloud-postgres + name: nextcloud-postgres + spec: + containers: + - name: nextcloud-postgres + image: postgres:10.4 + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 5432 + envFrom: + - configMapRef: + name: nextcloud-postgres-config + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-postgres-pass + key: password + volumeMounts: + - mountPath: /var/lib/postgresql/data + subPath: backup/nextcloud/db + name: nextcloud-postgredb + volumes: + - name: nextcloud-postgredb + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud-postgres + labels: + app: nextcloud-postgres +spec: + ports: + - port: 5432 + selector: + app: nextcloud-postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + labels: + app: nextcloud +spec: + replicas: 1 + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + name: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud + imagePullPolicy: Always + volumeMounts: + - name: nextcloud-volume + mountPath: "/var/www/html" + subPath: backup/nextcloud/html + envFrom: + - configMapRef: + name: nextcloud-postgres-config + env: + - name: POSTGRES_HOST + value: "nextcloud-postgres" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-postgres-pass + key: password + volumes: + - name: nextcloud-volume + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud +spec: + selector: + app: nextcloud + ports: + - port: 80 + targetPort: 80 + name: nextcloud +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud-ingress + annotations: +spec: + rules: + - host: nextcloud.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 diff --git a/templates/photoprism.yaml b/templates/photoprism.yaml index 6d845bb..5523fba 100644 --- a/templates/photoprism.yaml +++ b/templates/photoprism.yaml @@ -99,12 +99,16 @@ metadata: name: photoprism-ingress annotations: kubernetes.io/ingress.allow-http: "false" - nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 - nginx.ingress.kubernetes.io/proxy-body-size: "600m" - nginx.org/client-max-body-size: "600m" + kubernete.io/ingress.classs: traefik + ingress.kubernetes.io/auth-type: forward + ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + traefik.ingress.kubernetes.io/frontend-entry-points: http + traefik.ingress.kubernetes.io/buffering: | + maxrequestbodybytes: 31457280 + memrequestbodybytes: 62914560 spec: rules: - - host: gallery.{{ .Values.homey.url }} + - host: album.{{ .Values.homey.url }} http: paths: - path: / diff --git a/templates/phpldapadmin.yaml b/templates/phpldapadmin.yaml index ce6073d..50adad5 100644 --- a/templates/phpldapadmin.yaml +++ b/templates/phpldapadmin.yaml @@ -39,18 +39,21 @@ spec: selector: app: phpldapadmin --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: phpldapadmin + annotations: + kubernetes.io/ingress.allow-http: "false" spec: - tls: - - hosts: - - phpldapadmin.{{ .Values.homey.url }} rules: - - host: phpldapadmin.{{ .Values.homey.url }} + - host: ldapadmin.{{ .Values.homey.url }} http: paths: - - backend: - serviceName: phpldapadmin - servicePort: 80 + - path: / + pathType: Prefix + backend: + service: + name: phpldapadmin + port: + number: 80 diff --git a/templates/transmission.yaml b/templates/transmission.yaml index 1e990a3..2d2d5f8 100644 --- a/templates/transmission.yaml +++ b/templates/transmission.yaml @@ -20,22 +20,16 @@ spec: - name: transmission image: linuxserver/transmission imagePullPolicy: Always + env: + - name: TRANSMISSION_DOWNLOAD_DIR + value: "/downloads" volumeMounts: - name: transmission-persistent mountPath: /config subPath: backup/transmission/config - name: transmission-persistent - mountPath: /downloads/movies - subPath: nobackup/downloads/movies - - name: transmission-persistent - mountPath: /downloads/tvshows - subPath: nobackup/downloads/tvshows - - name: transmission-persistent - mountPath: /downloads/general - subPath: nobackup/downloads/general - - name: transmission-persistent - mountPath: /downloads/complete - subPath: nobackup/downloads/complete + mountPath: /downloads + subPath: nobackup/downloads volumes: - name: transmission-persistent persistentVolumeClaim: @@ -59,11 +53,9 @@ metadata: name: transmission-ingress annotations: kubernetes.io/ingress.allow-http: "false" - nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + ingress.kubernetes.io/auth-type: forward + ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 spec: - tls: - - hosts: - - torrent.{{ .Values.homey.url }} rules: - host: torrent.{{ .Values.homey.url }} http: diff --git a/values.yaml b/values.yaml index 1e3d072..91dac16 100644 --- a/values.yaml +++ b/values.yaml @@ -82,8 +82,8 @@ affinity: {} homey: organization: "Zakobar Home Server" storage: - ip: "192.168.0.101" - storageCapacity: 500Gi + ip: "192.168.0.10" + storageCapacity: 450Gi url: home.zakobar.io - ip: 192.168.0.101 + ip: 192.168.0.10