From 180c8435b91b8577a0a92239066bf9b31c5e59bb Mon Sep 17 00:00:00 2001 From: Juan Ignacio Donoso Date: Sun, 23 Jun 2024 10:41:55 -0400 Subject: [PATCH] feat(media/prowlarr): migrate prowlarr --- .../apps/media/prowlarr/app/helmrelease.yaml | 102 ------------------ .../media/prowlarr/app/kustomization.yaml | 6 -- .../main/apps/media/prowlarr/app/volsync.yaml | 49 --------- kubernetes/apps/media/kustomization.yaml | 1 + .../media/prowlarr/app/externalsecret.yaml | 19 ++++ .../apps/media/prowlarr/app/helmrelease.yaml | 100 +++++++++++++++++ .../media/prowlarr/app/kustomization.yaml | 8 ++ .../apps/media/prowlarr/ks.yaml | 6 +- kubernetes/apps/media/radarr/ks.yaml | 1 - 9 files changed, 133 insertions(+), 159 deletions(-) delete mode 100644 archive/main/apps/media/prowlarr/app/helmrelease.yaml delete mode 100644 archive/main/apps/media/prowlarr/app/kustomization.yaml delete mode 100644 archive/main/apps/media/prowlarr/app/volsync.yaml create mode 100644 kubernetes/apps/media/prowlarr/app/externalsecret.yaml create mode 100644 kubernetes/apps/media/prowlarr/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/prowlarr/app/kustomization.yaml rename {archive/main => kubernetes}/apps/media/prowlarr/ks.yaml (81%) diff --git a/archive/main/apps/media/prowlarr/app/helmrelease.yaml b/archive/main/apps/media/prowlarr/app/helmrelease.yaml deleted file mode 100644 index bda6261c5..000000000 --- a/archive/main/apps/media/prowlarr/app/helmrelease.yaml +++ /dev/null @@ -1,102 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: prowlarr - namespace: media -spec: - interval: 30m - chart: - spec: - chart: app-template - version: 1.5.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 2 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - - values: - controller: - type: statefulset - - image: - repository: ghcr.io/onedr0p/prowlarr-nightly - tag: 1.13.1.4242@sha256:1cb120e3366e8b51bc5cfba2e219bd37fa4a48acf57576cf5edabbdd5d4475e5 - - env: - TZ: America/Santiago - PROWLARR__INSTANCE_NAME: Prowlarr - PROWLARR__PORT: &port 9696 - PROWLARR__LOG_LEVEL: info - PROWLARR__ANALYTICS_ENABLED: "False" - PROWLARR__AUTHENTICATION_METHOD: External - - service: - main: - ports: - http: - port: *port - - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false - - ingress: - main: - enabled: true - ingressClassName: external - annotations: - external-dns.alpha.kubernetes.io/target: ingress.donoso.family - nginx.ingress.kubernetes.io/auth-url: https://auth.donoso.family/oauth2/auth - nginx.ingress.kubernetes.io/auth-signin: https://auth.donoso.family/oauth2/start - hosts: - - host: &host "prowlarr.donoso.family" - paths: - - path: / - tls: - - hosts: - - *host - - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: "OnRootMismatch" - - volumeClaimTemplates: - - name: config - mountPath: /config - accessMode: ReadWriteOnce - size: 1Gi - storageClass: ceph-block - - resources: - requests: - cpu: 20m - memory: 273M - limits: - memory: 1841M diff --git a/archive/main/apps/media/prowlarr/app/kustomization.yaml b/archive/main/apps/media/prowlarr/app/kustomization.yaml deleted file mode 100644 index 0fe74f759..000000000 --- a/archive/main/apps/media/prowlarr/app/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml - - ./volsync.yaml diff --git a/archive/main/apps/media/prowlarr/app/volsync.yaml b/archive/main/apps/media/prowlarr/app/volsync.yaml deleted file mode 100644 index 1a59cc552..000000000 --- a/archive/main/apps/media/prowlarr/app/volsync.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: prowlarr-restic - namespace: media -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: prowlarr-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/prowlarr' - RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' - AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' - AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' - dataFrom: - - extract: - key: volsync-restic-template ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: prowlarr - namespace: media -spec: - sourcePVC: config-prowlarr-0 - trigger: - schedule: "0 7 * * *" - restic: - copyMethod: Snapshot - pruneIntervalDays: 7 - repository: prowlarr-restic-secret - cacheCapacity: 1Gi - volumeSnapshotClassName: csi-ceph-blockpool - storageClassName: ceph-block - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - daily: 7 - within: 3d diff --git a/kubernetes/apps/media/kustomization.yaml b/kubernetes/apps/media/kustomization.yaml index c0738d24a..25f13ab75 100644 --- a/kubernetes/apps/media/kustomization.yaml +++ b/kubernetes/apps/media/kustomization.yaml @@ -7,5 +7,6 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./plex/ks.yaml + - ./prowlarr/ks.yaml - ./qbittorrent/ks.yaml - ./radarr/ks.yaml diff --git a/kubernetes/apps/media/prowlarr/app/externalsecret.yaml b/kubernetes/apps/media/prowlarr/app/externalsecret.yaml new file mode 100644 index 000000000..9c792cabd --- /dev/null +++ b/kubernetes/apps/media/prowlarr/app/externalsecret.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: prowlarr +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: prowlarr-secret + template: + engineVersion: v2 + data: + PROWLARR__AUTH__APIKEY: "{{ .PROWLARR_API_KEY }}" + dataFrom: + - extract: + key: prowlarr diff --git a/kubernetes/apps/media/prowlarr/app/helmrelease.yaml b/kubernetes/apps/media/prowlarr/app/helmrelease.yaml new file mode 100644 index 000000000..19c472854 --- /dev/null +++ b/kubernetes/apps/media/prowlarr/app/helmrelease.yaml @@ -0,0 +1,100 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: prowlarr +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + prowlarr: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/onedr0p/prowlarr-develop + tag: 1.19.0.4568@sha256:59a1b3f3f5df0f0d112a338d8b155737736ae506aaf2f227fa8bdf54b1bd634d + env: + PROWLARR__APP__INSTANCENAME: Prowlarr + PROWLARR__APP__THEME: dark + PROWLARR__AUTH__METHOD: External + PROWLARR__AUTH__REQUIRED: DisabledForLocalAddresses + PROWLARR__LOG__DBENABLED: "False" + PROWLARR__LOG__LEVEL: info + PROWLARR__SERVER__PORT: &port 80 + PROWLARR__UPDATE__BRANCH: develop + TZ: America/Santiago + envFrom: &envFrom + - secretRef: + name: prowlarr-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 1Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: prowlarr + ports: + http: + port: *port + ingress: + app: + annotations: + external-dns.alpha.kubernetes.io/target: internal.donoso.family + className: internal + hosts: + - host: "{{ .Release.Name }}.donoso.family" + paths: + - path: / + service: + identifier: app + port: http + persistence: + config: + existingClaim: prowlarr + tmp: + type: emptyDir diff --git a/kubernetes/apps/media/prowlarr/app/kustomization.yaml b/kubernetes/apps/media/prowlarr/app/kustomization.yaml new file mode 100644 index 000000000..be13d2db0 --- /dev/null +++ b/kubernetes/apps/media/prowlarr/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ../../../../templates/volsync diff --git a/archive/main/apps/media/prowlarr/ks.yaml b/kubernetes/apps/media/prowlarr/ks.yaml similarity index 81% rename from archive/main/apps/media/prowlarr/ks.yaml rename to kubernetes/apps/media/prowlarr/ks.yaml index 6c7e70447..e3a929f54 100644 --- a/archive/main/apps/media/prowlarr/ks.yaml +++ b/kubernetes/apps/media/prowlarr/ks.yaml @@ -12,7 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores - path: ./kubernetes/main/apps/media/prowlarr/app + path: ./kubernetes/apps/media/prowlarr/app prune: true sourceRef: kind: GitRepository @@ -21,3 +21,7 @@ spec: interval: 30m retryInterval: 1m timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 1Gi diff --git a/kubernetes/apps/media/radarr/ks.yaml b/kubernetes/apps/media/radarr/ks.yaml index f7bb38956..525ccecd2 100644 --- a/kubernetes/apps/media/radarr/ks.yaml +++ b/kubernetes/apps/media/radarr/ks.yaml @@ -11,7 +11,6 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: - - name: cloudnative-pg-cluster - name: external-secrets-stores path: ./kubernetes/apps/media/radarr/app prune: true