generated from onedr0p/cluster-template
-
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2d6a5f3
commit fd129e7
Showing
17 changed files
with
258 additions
and
7 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
kubernetes/main/apps/downloads/dashbrr/app/externalsecret.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
--- | ||
# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json | ||
apiVersion: external-secrets.io/v1beta1 | ||
kind: ExternalSecret | ||
metadata: | ||
name: &name dashbrr-secret | ||
spec: | ||
secretStoreRef: | ||
kind: ClusterSecretStore | ||
name: onepassword-connect | ||
target: | ||
name: *name | ||
template: | ||
engineVersion: v2 | ||
data: | ||
# App | ||
DASHBRR_RADARR_API_KEY: "{{ .RADARR_API_KEY }}" | ||
DASHBRR_SONARR_API_KEY: "{{ .SONARR_API_KEY }}" | ||
DASHBRR_PROWLARR_API_KEY: "{{ .PROWLARR_API_KEY }}" | ||
DASHBRR_PLEX_API_KEY: "{{ .PLEX_API_KEY }}" | ||
# OIDC | ||
OIDC_ISSUER: "https://sso.${SECRET_DOMAIN}/application/o/dashbrr/" | ||
OIDC_CLIENT_ID: "{{ .DASHBRR_CLIENT_ID }}" | ||
OIDC_CLIENT_SECRET: "{{ .DASHBRR_CLIENT_SECRET }}" | ||
OIDC_REDIRECT_URL: "https://dashbrr.${SECRET_DOMAIN}/api/auth/callback" | ||
dataFrom: | ||
- extract: | ||
key: radarr | ||
- extract: | ||
key: sonarr | ||
- extract: | ||
key: prowlarr | ||
- extract: | ||
key: plex | ||
- extract: | ||
key: dashbrr | ||
--- | ||
# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json | ||
apiVersion: external-secrets.io/v1beta1 | ||
kind: ExternalSecret | ||
metadata: | ||
name: &name dashbrr-db-secret | ||
spec: | ||
refreshInterval: 1m | ||
secretStoreRef: | ||
name: crunchy-pgo-secrets | ||
kind: ClusterSecretStore | ||
target: | ||
name: dashbrr-secret | ||
creationPolicy: Merge | ||
deletionPolicy: Retain | ||
template: | ||
type: Opaque | ||
data: | ||
DASHBRR__DB_TYPE: postgres | ||
DASHBRR__DB_NAME: '{{ .dbname }}' | ||
DASHBRR__DB_HOST: '{{ index . "pgbouncer-host" }}' | ||
DASHBRR__DB_PORT: '{{ index . "pgbouncer-port" }}' | ||
DASHBRR__DB_USER: '{{ .user }}' | ||
DASHBRR__DB_PASSWORD: '{{ .password }}' | ||
dataFrom: | ||
- extract: | ||
key: postgres-pguser-dashbrr |
107 changes: 107 additions & 0 deletions
107
kubernetes/main/apps/downloads/dashbrr/app/helmrelease.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json | ||
apiVersion: helm.toolkit.fluxcd.io/v2 | ||
kind: HelmRelease | ||
metadata: | ||
name: &app dashbrr | ||
spec: | ||
interval: 30m | ||
chart: | ||
spec: | ||
chart: app-template | ||
version: 3.5.1 | ||
sourceRef: | ||
kind: HelmRepository | ||
name: bjw-s | ||
namespace: flux-system | ||
install: | ||
remediation: | ||
retries: 3 | ||
upgrade: | ||
cleanupOnFail: true | ||
remediation: | ||
strategy: rollback | ||
retries: 3 | ||
dependsOn: | ||
- name: rook-ceph-cluster | ||
namespace: rook-ceph | ||
- name: volsync | ||
namespace: storage | ||
values: | ||
controllers: | ||
dashbrr: | ||
labels: | ||
postgres: "true" | ||
annotations: | ||
reloader.stakater.com/auto: "true" | ||
containers: | ||
app: | ||
image: | ||
repository: ghcr.io/autobrr/dashbrr | ||
tag: v0.2.0@sha256:b3b898d4bf9b463bf802e7af188de45e6ca08eb96e828b4e9cbfde6e418441ad | ||
env: | ||
DASHBRR__CONFIG_PATH: /config/config.toml | ||
DASHBRR__DB_PATH: /cache/._ # cache path is derived from DASHBRR__DB_PATH | ||
DASHBRR__LISTEN_ADDR: 0.0.0.0:8080 | ||
GIN_MODE: debug | ||
TZ: ${TIMEZONE} | ||
envFrom: | ||
- secretRef: | ||
name: dashbrr-secret | ||
probes: | ||
liveness: &probes | ||
enabled: true | ||
custom: true | ||
spec: | ||
httpGet: | ||
path: /health | ||
port: &port 8080 | ||
initialDelaySeconds: 0 | ||
periodSeconds: 10 | ||
timeoutSeconds: 1 | ||
failureThreshold: 3 | ||
readiness: *probes | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
readOnlyRootFilesystem: true | ||
capabilities: { drop: ["ALL"] } | ||
resources: | ||
requests: | ||
cpu: 100m | ||
limits: | ||
memory: 2Gi | ||
service: | ||
app: | ||
controller: *app | ||
ports: | ||
http: | ||
port: *port | ||
ingress: | ||
app: | ||
className: internal | ||
annotations: | ||
# gethomepage.dev/enabled: "true" | ||
# gethomepage.dev/group: Downloads | ||
# gethomepage.dev/name: dashbrr | ||
# gethomepage.dev/icon: dashbrr.png | ||
# gethomepage.dev/description: Media stack management | ||
# gethomepage.dev/widget.type: dashbrr | ||
# gethomepage.dev/widget.url: http://dashbrr.downloads | ||
# gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_DASHBRR_TOKEN}}` }}" | ||
external-dns.alpha.kubernetes.io/target: internal.${SECRET_DOMAIN} | ||
hosts: | ||
- host: "{{ .Release.Name }}.${SECRET_DOMAIN}" | ||
paths: | ||
- path: / | ||
service: | ||
identifier: app | ||
port: http | ||
serviceAccount: | ||
create: true | ||
name: dashbrr | ||
persistence: | ||
cache: | ||
type: emptyDir | ||
sizeLimit: 1Gi | ||
config: | ||
type: configMap | ||
name: dashbrr-config |
18 changes: 18 additions & 0 deletions
18
kubernetes/main/apps/downloads/dashbrr/app/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
resources: | ||
- ./externalsecret.yaml | ||
- ./helmrelease.yaml | ||
- ./rbac.yaml | ||
- ../../../../../shared/templates/gatus/guarded | ||
configMapGenerator: | ||
- name: dashbrr-config | ||
files: | ||
- ./resources/config.toml | ||
options: | ||
annotations: | ||
kustomize.toolkit.fluxcd.io/substitute: disabled | ||
generatorOptions: | ||
disableNameSuffixHash: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: dashbrr | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["services"] | ||
verbs: ["get", "watch", "list"] | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: dashbrr | ||
roleRef: | ||
kind: ClusterRole | ||
name: dashbrr | ||
apiGroup: rbac.authorization.k8s.io | ||
subjects: | ||
- kind: ServiceAccount | ||
name: dashbrr | ||
namespace: downloads |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json | ||
apiVersion: kustomize.toolkit.fluxcd.io/v1 | ||
kind: Kustomization | ||
metadata: | ||
name: &app dashbrr | ||
namespace: flux-system | ||
spec: | ||
targetNamespace: downloads | ||
commonMetadata: | ||
labels: | ||
app.kubernetes.io/name: *app | ||
dependsOn: | ||
- name: crunchy-postgres-operator-cluster | ||
- name: crunchy-postgres-stores | ||
- name: external-secrets-stores | ||
path: ./kubernetes/main/apps/downloads/dashbrr/app | ||
prune: true | ||
sourceRef: | ||
kind: GitRepository | ||
name: home-kubernetes | ||
wait: false # no flux ks dependents | ||
interval: 30m | ||
timeout: 5m | ||
postBuild: | ||
substitute: | ||
APP: *app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters