diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5 index d15d92dd0e..6a0bd39bc8 100644 --- a/.github/renovate/groups.json5 +++ b/.github/renovate/groups.json5 @@ -20,6 +20,16 @@ "commitMessageTopic": "{{{groupName}}} group" }, "separateMinorPatch": true + }, + { + "description": "Istio Group", + "groupName": "istio", + "matchDatasources": ["helm"], + "matchPackagePatterns": ["gateway", "istio-base", "istio-cni", "istiod"], + "group": { + "commitMessageTopic": "{{{groupName}}} group" + }, + "separateMinorPatch": true } ] } diff --git a/.github/workflows/publish-kubernetes-schemas.yaml b/.github/workflows/publish-kubernetes-schemas.yaml deleted file mode 100644 index dbe103ef8a..0000000000 --- a/.github/workflows/publish-kubernetes-schemas.yaml +++ /dev/null @@ -1,125 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -# This Github Action is responsible for publishing Kubernetes schemas to an OCI registry. -# It is triggered by a push to the main branch, a weekly schedule, or a manual dispatch. -name: "Publish Kubernetes Schemas" - -on: - # Allows manually triggering the workflow from the Github Actions UI - workflow_dispatch: {} - # Runs the workflow weekly at midnight (UTC) - schedule: - - cron: "0 0 * * 0" - push: - branches: - - "main" - paths: - - ".github/workflows/schemas.yaml" - -env: - OCI_REPO: "oci://ghcr.io/xunholy/kubernetes-schemas/${{ github.event.repository.name }}" - -jobs: - publish-kubernetes-schemas: - name: Publish Kubernetes Schemas - runs-on: ["self-hosted"] - steps: - - name: Setup Flux CLI - uses: fluxcd/flux2/action@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4 - with: - version: 'v1.26.3' - - - name: Setup Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 - with: - python-version: 3.x - - - name: Setup crd-extractor - uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # v1.11 - with: - repository: datreeio/CRDs-catalog - latest: true - fileName: crd-extractor.zip - - - name: Write kubeconfig - id: kubeconfig - uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2 - with: - encodedString: ${{ secrets.KUBECONFIG }} - fileName: kubeconfig - - - name: Run crd-extractor - env: - KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}" - run: | - unzip -j $GITHUB_WORKSPACE/crd-extractor.zip -d $GITHUB_WORKSPACE - bash "$GITHUB_WORKSPACE"/crd-extractor.sh - - - name: Login to GHCR - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Publish schemas as OCI - run: | - flux push artifact $OCI_REPO:$(git rev-parse --short HEAD) \ - --path="/home/runner/.datree/crdSchemas" \ - --source="${{ github.repositoryUrl }}" \ - --revision="main" - - publish-kubernetes-schemas-web: - runs-on: ubuntu-latest - needs: ["publish-kubernetes-schemas"] - steps: - - name: Setup Flux CLI - uses: fluxcd/flux2/action@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - - - name: Login to GHCR - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Pull schemas as OCI - run: | - mkdir -p /home/runner/crdSchemas - flux pull artifact $OCI_REPO:$(git rev-parse --short HEAD) --output /home/runner/crdSchemas - - - name: Write nginx-unprivileged Dockerfile - run: | - cat < /home/runner/crdSchemas/Dockerfile - FROM docker.io/nginxinc/nginx-unprivileged:latest - COPY --chown=nginx:nginx --chmod=755 . /usr/share/nginx/html - USER nginx - EOF - - - name: Publish schemas as web container - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 - with: - context: /home/runner/crdSchemas - platforms: linux/amd64,linux/arm64 - file: /home/runner/crdSchemas/Dockerfile - push: true - tags: | - ghcr.io/xunholy/kubernetes-schemas-web:latest - cache-from: type=gha - cache-to: type=gha,mode=max - labels: | - org.opencontainers.image.source="https://github.com/${{ github.repository }}" - org.opencontainers.image.authors="Michael Fornaro <20387402+xUnholy@users.noreply.github.com>" diff --git a/.github/workflows/schemas.yaml b/.github/workflows/schemas.yaml new file mode 100644 index 0000000000..2f30b69b97 --- /dev/null +++ b/.github/workflows/schemas.yaml @@ -0,0 +1,70 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Publish Kubernetes Schemas" + +on: + workflow_dispatch: {} + schedule: + - cron: "0 0 * * 0" + push: + branches: + - "main" + paths: + - ".github/workflows/schemas.yaml" + +env: + OCI_REPO: "oci://ghcr.io/xunholy/kubernetes-schemas/${{ github.event.repository.name }}" + +jobs: + publish: + name: Schemas + runs-on: ["gha-runner-scale-set"] + permissions: + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + + - name: Generate Token + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Setup Homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Setup Workflow Tools + run: brew install kubectl uv + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: 3.13.x + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 22.x + + - name: Install Python Dependencies + run: uv pip install pyyaml + + - name: Download and run crd-extractor + run: | + curl -fsSL -o $GITHUB_WORKSPACE/crd-extractor.sh \ + https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/Utilities/crd-extractor.sh + chmod +x $GITHUB_WORKSPACE/crd-extractor.sh + bash $GITHUB_WORKSPACE/crd-extractor.sh + + - name: Deploy to Cloudflare Pages + uses: cloudflare/wrangler-action@v3 + with: + apiToken: "${{ secrets.CLOUDFLARE_API_TOKEN }}" + accountId: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}" + workingDirectory: /home/runner/.datree/crdSchemas + command: pages deploy --project-name=kubernetes-schemas --branch main . diff --git a/README.md b/README.md index 9399433f87..d007073956 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,8 @@
-Raspbernetes +Raspbernetes -## Raspbernetes - -My _Personal_ Kubernetes GitOps Repository +My _Personal_ Homelab Repository _... managed with Flux, Renovate and GitHub Actions_ @@ -103,7 +101,7 @@ task cluster CLUSTER_NAME=cluster-0 | [Protectli VP2410 ](https://protectli.com/product/vp2410/) | Kubernetes Control Plane | 3 | 4 Cores | 8GB RAM | AMD64 | [Talos Linux](https://www.talos.dev/) | | | [Protectli FW2B](https://protectli.com/product/fw2b/) | Kubernetes Node(s) | 3 | 2 Cores | 8GB RAM | AMD64 | [Talos Linux](https://www.talos.dev/) | | | [Raspberry Pi 4 Model B](https://www.raspberrypi.org/products/raspberry-pi-4-model-b/) | Kubernetes Node(s) | 4 | 4 Cores | 8GB RAM | ARM64 | [Talos Linux](https://www.talos.dev/) | | -| [Rock Pi 4 Model C](https://rockpi.org/rockpi4#) | Kubernetes Node(s) | 6 | 4 Cores | 4GB RAM | ARM64 | [Talos Linux](https://www.talos.dev/) | | +| [Rock Pi 4 Model C](https://rockpi.org/rockpi4#) | Kubernetes Node(s) | 6 | 4 Cores | 4GB RAM | ARM64 | [Talos Linux](https://www.talos.dev/) | Decommisioned | ## ☁️ Cloud Services @@ -159,11 +157,11 @@ This repository is automatically managed by [Renovate](https://renovatebot.com/) ## 🤝 Acknowledgments -A special thank you to everyone in the Kubernetes @Home Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic. +A special thank you to everyone in the [Home Operation Discord](https://discord.com/invite/home-operations) community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic. Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem. -For more ideas on deploying applications or discovering new possibilities, be sure to explore the [Kubernetes @Home search](https://nanne.dev/k8s-at-home-search/) search. +For more ideas on deploying applications or discovering new possibilities, be sure to explore the [kubesearch.dev](https://kubesearch.dev/) search. ## 👥 Contributing diff --git a/docs/assets/banner.png b/docs/assets/banner.png new file mode 100644 index 0000000000..a4a04c837d Binary files /dev/null and b/docs/assets/banner.png differ diff --git a/kubernetes/namespaces/base/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml b/kubernetes/namespaces/base/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml index 5c276f5d06..6a0fc66e95 100644 --- a/kubernetes/namespaces/base/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml +++ b/kubernetes/namespaces/base/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml @@ -45,6 +45,7 @@ spec: namespace: actions-runner-system values: nameOverride: gha-runner-scale-set + runnerScaleSetName: gha-runner-scale-set githubConfigSecret: github-app-secret githubConfigUrl: https://github.com/xunholy/k8s-gitops maxRunners: 3 diff --git a/kubernetes/namespaces/base/flux-system/addons/notifications/github/alerts.yaml b/kubernetes/namespaces/base/flux-system/addons/notifications/github/alerts.yaml index 3b5b4e3771..f237a32f1f 100644 --- a/kubernetes/namespaces/base/flux-system/addons/notifications/github/alerts.yaml +++ b/kubernetes/namespaces/base/flux-system/addons/notifications/github/alerts.yaml @@ -11,4 +11,4 @@ spec: eventSeverity: info eventSources: - kind: Kustomization - name: 'flux-system' + name: '*' diff --git a/kubernetes/namespaces/base/home-system/jellyseerr/app/helmrelease.yaml b/kubernetes/namespaces/base/home-system/jellyseerr/app/helmrelease.yaml new file mode 100644 index 0000000000..417925da82 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/jellyseerr/app/helmrelease.yaml @@ -0,0 +1,109 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: jellyseerr + namespace: home-system +spec: + interval: 5m + chart: + spec: + version: 3.6.0 + chart: app-template + sourceRef: + kind: HelmRepository + name: bjw-charts + namespace: flux-system + interval: 5m + install: + timeout: 10m + replace: true + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + remediateLastFailure: true + retries: 3 + strategy: rollback + cleanupOnFail: true + crds: CreateReplace + test: + enable: true + rollback: + recreate: true + force: true + cleanupOnFail: true + uninstall: + keepHistory: false + driftDetection: + mode: enabled + maxHistory: 3 + values: + controllers: + jellyseerr: + containers: + app: + image: + repository: docker.io/fallenbagel/jellyseerr + tag: 2.2.3@sha256:a324fa4d81cce73116801bee3c50b632f3457c0ca0ad31aa692c640e22f50dea + env: + TZ: Australia/Melbourne + LOG_LEVEL: "info" + PORT: &port 80 + envFrom: + - secretRef: + name: jellyseerr-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /api/v1/status + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 2Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: jellyseerr + ports: + http: + port: *port + persistence: + config: + existingClaim: jellyseerr + globalMounts: + - path: /app/config + cache: + existingClaim: jellyseerr-cache + globalMounts: + - path: /app/config/cache + logs: + type: emptyDir + globalMounts: + - path: /app/config/logs + tmp: + type: emptyDir diff --git a/kubernetes/namespaces/base/home-system/overseerr/app/kustomization.yaml b/kubernetes/namespaces/base/home-system/jellyseerr/app/kustomization.yaml similarity index 100% rename from kubernetes/namespaces/base/home-system/overseerr/app/kustomization.yaml rename to kubernetes/namespaces/base/home-system/jellyseerr/app/kustomization.yaml diff --git a/kubernetes/namespaces/base/home-system/jellyseerr/app/pvc.yaml b/kubernetes/namespaces/base/home-system/jellyseerr/app/pvc.yaml new file mode 100644 index 0000000000..e59a463593 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/jellyseerr/app/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyseerr-cache +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 15Gi + # TODO: Update once storage class is created + # storageClassName: ceph-block diff --git a/kubernetes/namespaces/base/home-system/overseerr/app/virtualservice.yaml b/kubernetes/namespaces/base/home-system/jellyseerr/app/virtualservice.yaml similarity index 91% rename from kubernetes/namespaces/base/home-system/overseerr/app/virtualservice.yaml rename to kubernetes/namespaces/base/home-system/jellyseerr/app/virtualservice.yaml index 7e9204e921..98638c010f 100644 --- a/kubernetes/namespaces/base/home-system/overseerr/app/virtualservice.yaml +++ b/kubernetes/namespaces/base/home-system/jellyseerr/app/virtualservice.yaml @@ -18,5 +18,5 @@ spec: - destination: port: number: 80 - host: overseerr.home-system.svc.cluster.local + host: jellyseerr.home-system.svc.cluster.local weight: 100 diff --git a/kubernetes/namespaces/base/home-system/jellyseerr/ks.yaml b/kubernetes/namespaces/base/home-system/jellyseerr/ks.yaml new file mode 100644 index 0000000000..0dcc2988a2 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/jellyseerr/ks.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: jellyseerr + namespace: flux-system + labels: + substitution.flux/enabled: true +spec: + interval: 30m + retryInterval: 1m + timeout: 3m + path: "./namespaces/base/home-system/jellyseerr/app" + prune: true + wait: false + sourceRef: + kind: OCIRepository + name: cluster diff --git a/kubernetes/namespaces/base/home-system/overseerr/app/helmrelease.yaml b/kubernetes/namespaces/base/home-system/overseerr/app/helmrelease.yaml deleted file mode 100644 index 271a0ba296..0000000000 --- a/kubernetes/namespaces/base/home-system/overseerr/app/helmrelease.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: overseerr - namespace: home-system -spec: - interval: 5m - chart: - spec: - version: 1.5.1 - chart: app-template - sourceRef: - kind: HelmRepository - name: bjw-charts - namespace: flux-system - interval: 5m - install: - timeout: 10m - replace: true - crds: CreateReplace - createNamespace: true - remediation: - retries: 3 - upgrade: - remediation: - remediateLastFailure: true - retries: 3 - strategy: rollback - cleanupOnFail: true - crds: CreateReplace - test: - enable: true - rollback: - recreate: true - force: true - cleanupOnFail: true - uninstall: - keepHistory: false - driftDetection: - mode: enabled - maxHistory: 3 - values: - env: - TZ: Australia/Melbourne - LOG_LEVEL: "info" - PORT: &port 80 - image: - repository: ghcr.io/sct/overseerr - tag: 1.32.5 - service: - main: - type: LoadBalancer - externalTrafficPolicy: Local - annotations: - io.cilium/lb-ipam-ips: ${CLUSTER_LB_OVERSEERR} - ports: - http: - port: *port diff --git a/kubernetes/namespaces/base/home-system/radarr/app/helmrelease.yaml b/kubernetes/namespaces/base/home-system/radarr/app/helmrelease.yaml new file mode 100644 index 0000000000..5274d912ae --- /dev/null +++ b/kubernetes/namespaces/base/home-system/radarr/app/helmrelease.yaml @@ -0,0 +1,118 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: radarr + namespace: home-system +spec: + interval: 5m + chart: + spec: + version: 3.6.0 + chart: app-template + sourceRef: + kind: HelmRepository + name: bjw-charts + namespace: flux-system + interval: 5m + install: + timeout: 10m + replace: true + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + remediateLastFailure: true + retries: 3 + strategy: rollback + cleanupOnFail: true + crds: CreateReplace + test: + enable: true + rollback: + recreate: true + force: true + cleanupOnFail: true + uninstall: + keepHistory: false + driftDetection: + mode: enabled + maxHistory: 3 + values: + values: + controllers: + radarr: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/onedr0p/radarr-develop + tag: 5.17.2.9580@sha256:67f345c91d1e0eab27f73044702892b01228b2425562de6110777a7ea4712e34 + env: + RADARR__APP__INSTANCENAME: Radarr + RADARR__APP__THEME: dark + RADARR__AUTH__METHOD: External + RADARR__AUTH__REQUIRED: DisabledForLocalAddresses + RADARR__LOG__DBENABLED: "False" + RADARR__LOG__LEVEL: info + RADARR__SERVER__PORT: &port 80 + RADARR__UPDATE__BRANCH: develop + TZ: Australia/Melbourne + envFrom: + - secretRef: + name: radarr-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 100m + limits: + memory: 4Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: radarr + ports: + http: + port: *port + persistence: + config: + existingClaim: radarr + cache: + existingClaim: radarr-cache + globalMounts: + - path: /config/MediaCover + tmp: + type: emptyDir + media: + type: nfs + server: expanse.internal + path: /mnt/eros/Media + globalMounts: + - path: /media diff --git a/kubernetes/namespaces/base/home-system/radarr/app/kustomization.yaml b/kubernetes/namespaces/base/home-system/radarr/app/kustomization.yaml new file mode 100644 index 0000000000..5b56a95e06 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/radarr/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - helmrelease.yaml + - virtualservice.yaml diff --git a/kubernetes/namespaces/base/home-system/radarr/app/pvc.yaml b/kubernetes/namespaces/base/home-system/radarr/app/pvc.yaml new file mode 100644 index 0000000000..708dcd0f14 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/radarr/app/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: radarr-cache +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 15Gi + # TODO: Update once storage class is created + # storageClassName: ceph-block diff --git a/kubernetes/namespaces/base/home-system/radarr/app/virtualservice.yaml b/kubernetes/namespaces/base/home-system/radarr/app/virtualservice.yaml new file mode 100644 index 0000000000..27d0301231 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/radarr/app/virtualservice.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: overseerr + namespace: home-system + annotations: + external-dns.alpha.kubernetes.io/target: '${CLOUDFLARED_INGRESS_DOMAIN}' + external-dns.alpha.kubernetes.io/external: 'false' +spec: + hosts: + - 'radarr.${CLUSTER_DOMAIN}' + gateways: + - istio-ingress/istio-ingressgateway + http: + - route: + - destination: + port: + number: 80 + host: radarr.home-system.svc.cluster.local + weight: 100 diff --git a/kubernetes/namespaces/base/home-system/overseerr/ks.yaml b/kubernetes/namespaces/base/home-system/radarr/ks.yaml similarity index 84% rename from kubernetes/namespaces/base/home-system/overseerr/ks.yaml rename to kubernetes/namespaces/base/home-system/radarr/ks.yaml index e0ef1eeb5d..cb6ca02240 100644 --- a/kubernetes/namespaces/base/home-system/overseerr/ks.yaml +++ b/kubernetes/namespaces/base/home-system/radarr/ks.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: overseerr + name: radarr namespace: flux-system labels: substitution.flux/enabled: true @@ -11,7 +11,7 @@ spec: interval: 30m retryInterval: 1m timeout: 3m - path: "./namespaces/base/home-system/overseerr/app" + path: "./namespaces/base/home-system/radarr/app" prune: true wait: false sourceRef: diff --git a/kubernetes/namespaces/base/home-system/sonarr/app/helmrelease.yaml b/kubernetes/namespaces/base/home-system/sonarr/app/helmrelease.yaml new file mode 100644 index 0000000000..1a3e3505c9 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/sonarr/app/helmrelease.yaml @@ -0,0 +1,129 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: sonarr + namespace: home-system +spec: + interval: 5m + chart: + spec: + version: 3.6.0 + chart: app-template + sourceRef: + kind: HelmRepository + name: bjw-charts + namespace: flux-system + interval: 5m + install: + timeout: 10m + replace: true + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + remediateLastFailure: true + retries: 3 + strategy: rollback + cleanupOnFail: true + crds: CreateReplace + test: + enable: true + rollback: + recreate: true + force: true + cleanupOnFail: true + uninstall: + keepHistory: false + driftDetection: + mode: enabled + maxHistory: 3 + values: + controllers: + sonarr: + containers: + app: + image: + repository: ghcr.io/onedr0p/sonarr-develop + tag: 4.0.12.2825@sha256:ae7efba78efc1d4923578f97933e206dcdf43fb1fd2533cfa3be77ab6d0e74b1 + env: + SONARR__APP__INSTANCENAME: Sonarr + SONARR__APP__THEME: dark + SONARR__AUTH__METHOD: External + SONARR__AUTH__REQUIRED: DisabledForLocalAddresses + SONARR__LOG__DBENABLED: "False" + SONARR__LOG__LEVEL: info + SONARR__SERVER__PORT: &port 80 + SONARR__UPDATE__BRANCH: develop + TZ: Australia/Melbourne + envFrom: + - secretRef: + name: sonarr-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ping + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 100m + limits: + memory: 4Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: sonarr + ports: + http: + port: *port + persistence: + config: + existingClaim: sonarr + cache: + existingClaim: sonarr-cache + globalMounts: + - path: /config/MediaCover + scripts: + type: configMap + name: sonarr-configmap + defaultMode: 0775 + globalMounts: + - path: /scripts/codec-tagger.sh + subPath: codec-tagger.sh + readOnly: true + - path: /scripts/pushover-notifier.sh + subPath: pushover-notifier.sh + readOnly: true + - path: /scripts/tba-refresher.sh + subPath: tba-refresher.sh + readOnly: true + tmp: + type: emptyDir + media: + type: nfs + server: expanse.internal + path: /mnt/eros/Media + globalMounts: + - path: /media diff --git a/kubernetes/namespaces/base/home-system/sonarr/app/kustomization.yaml b/kubernetes/namespaces/base/home-system/sonarr/app/kustomization.yaml new file mode 100644 index 0000000000..5b56a95e06 --- /dev/null +++ b/kubernetes/namespaces/base/home-system/sonarr/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - helmrelease.yaml + - virtualservice.yaml diff --git a/kubernetes/namespaces/base/home-system/sonarr/app/pvc.yaml b/kubernetes/namespaces/base/home-system/sonarr/app/pvc.yaml new file mode 100644 index 0000000000..5c38485aba --- /dev/null +++ b/kubernetes/namespaces/base/home-system/sonarr/app/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sonarr-cache +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 15Gi + # TODO: Update once storage class is created + # storageClassName: ceph-block diff --git a/kubernetes/namespaces/base/home-system/sonarr/app/virtualservice.yaml b/kubernetes/namespaces/base/home-system/sonarr/app/virtualservice.yaml new file mode 100644 index 0000000000..acaa9b889c --- /dev/null +++ b/kubernetes/namespaces/base/home-system/sonarr/app/virtualservice.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: overseerr + namespace: home-system + annotations: + external-dns.alpha.kubernetes.io/target: '${CLOUDFLARED_INGRESS_DOMAIN}' + external-dns.alpha.kubernetes.io/external: 'false' +spec: + hosts: + - 'sonarr.${CLUSTER_DOMAIN}' + gateways: + - istio-ingress/istio-ingressgateway + http: + - route: + - destination: + port: + number: 80 + host: radarr.home-system.svc.cluster.local + weight: 100 diff --git a/kubernetes/namespaces/base/home-system/sonarr/ks.yaml b/kubernetes/namespaces/base/home-system/sonarr/ks.yaml new file mode 100644 index 0000000000..cc8f268bcb --- /dev/null +++ b/kubernetes/namespaces/base/home-system/sonarr/ks.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: sonarr + namespace: flux-system + labels: + substitution.flux/enabled: true +spec: + interval: 30m + retryInterval: 1m + timeout: 3m + path: "./namespaces/base/home-system/sonarr/app" + prune: true + wait: false + sourceRef: + kind: OCIRepository + name: cluster diff --git a/kubernetes/namespaces/base/kube-system/metrics-server/app/helmrelease.yaml b/kubernetes/namespaces/base/kube-system/metrics-server/app/helmrelease.yaml index 5955058dd6..80f4556f6c 100644 --- a/kubernetes/namespaces/base/kube-system/metrics-server/app/helmrelease.yaml +++ b/kubernetes/namespaces/base/kube-system/metrics-server/app/helmrelease.yaml @@ -47,3 +47,7 @@ spec: - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s + metrics: + enabled: true + serviceMonitor: + enabled: true diff --git a/kubernetes/namespaces/base/observability/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/namespaces/base/observability/kube-prometheus-stack/app/helmrelease.yaml index 8bddf543dd..d94500b23a 100644 --- a/kubernetes/namespaces/base/observability/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/namespaces/base/observability/kube-prometheus-stack/app/helmrelease.yaml @@ -33,8 +33,6 @@ spec: strategy: rollback cleanupOnFail: true crds: CreateReplace - # Force recreation due to Helm not properly patching Deployment with e.g. added port, - # causing spurious drift detection force: true test: enable: true @@ -48,8 +46,6 @@ spec: mode: enabled maxHistory: 3 dependsOn: - # - name: thanos - # namespace: observability - name: grafana namespace: observability timeout: 30m @@ -58,11 +54,6 @@ spec: grafana: enabled: false forceDeployDashboards: true - sidecar: - dashboards: - multicluster: - etcd: - enabled: true prometheusOperator: prometheusConfigReloader: # Resources allocated based on Robusta KRR output @@ -88,6 +79,7 @@ spec: # https://prometheus.io/docs/prometheus/latest/feature_flags/#exemplars-storage enableFeatures: - exemplar-storage + - memory-snapshot-on-shutdown ## Interval between consecutive scrapes. ## Defaults to 30s. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 @@ -119,11 +111,33 @@ spec: serviceMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false probeSelectorNilUsesHelmValues: false + scrapeConfigSelectorNilUsesHelmValues: false enableAdminAPI: true walCompression: true + prometheus-node-exporter: + fullnameOverride: node-exporter + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: ["__meta_kubernetes_pod_node_name"] + targetLabel: kubernetes_node kube-state-metrics: + fullnameOverride: kube-state-metrics verticalPodAutoscaler: enabled: false + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: ["__meta_kubernetes_pod_node_name"] + targetLabel: kubernetes_node # REQUIRED kube-state-metrics must be configured to enable Vertical Pod Autoscalar metrics. # https://github.com/prometheus-community/helm-charts/blob/cbbc1d6965d5f90c31bb7dd08ecab09e59544a65/charts/kube-state-metrics/values.yaml#L311 collectors: @@ -160,35 +174,3 @@ spec: # Disable kubeProxy whilst using Cilium as it's not deployed kubeProxy: enabled: false - postRenderers: - - kustomize: - patches: - - target: - # Ignore these objects from Flux diff as they are mutated from chart hooks - kind: (ValidatingWebhookConfiguration|MutatingWebhookConfiguration) - name: kube-prometheus-stack-admission - patch: | - - op: add - path: /metadata/annotations/helm.toolkit.fluxcd.io~1driftDetection - value: disabled - - target: - # Ignore these objects from Flux diff as they are mutated at apply time but not - # at dry-run time - kind: PrometheusRule - patch: | - - op: add - path: /metadata/annotations/helm.toolkit.fluxcd.io~1driftDetection - value: disabled - # TODO: Datasource patching is required - # - target: - # version: v1 - # kind: ConfigMap - # labelSelector: grafana_dashboard in (1) - # patch: |- - # apiVersion: v1 - # kind: ConfigMap - # metadata: - # name: not-used - # namespace: not-used - # annotations: - # grafana_folder: Kubernetes