mafyuh/iac
Archived
1
0
Fork 0
Code Issues6 Pull requests9 Projects1 Wiki Activity Actions

add reloader HelmRelease and update apps

Browse source
This commit is contained in:
Matt Reeves 2025-02-18 00:07:25 -05:00
parent 5c3cf6cd92
commit 8308cbeff2
23 changed files with 516 additions and 283 deletions

3
kubernetes/apps/production/arr/qbitty/kustomization.yaml
View file

@ -3,5 +3,4 @@ kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
- qbitty-secrets.yaml
- ingress.yaml

8
kubernetes/apps/production/arr/radarr/helmrelease.yaml
View file

@ -31,6 +31,8 @@ spec:
radarr:
enabled: true
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
@ -76,10 +78,10 @@ spec:
resources:
requests:
cpu: 50m
memory: 200Mi
cpu: 25m
memory: 100Mi
limits:
memory: 400Mi
memory: 250Mi
service:
app:

27
kubernetes/apps/production/arr/recyclarr/configmap.yaml
View file

@ -1,27 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: recyclarr-config
namespace: arr
data:
recyclarr.yaml: ENC[AES256_GCM,data:D4bpnWJa3G9zk6lWuRZJQzJPKlRCvufCSlVByamCFAcZmQuMkC+YpQ05irMXJq+q0Hg7u5sQ2j7rDNfw12ZKjnpqa16d16OVqWzCLDavoNXUaP38jT96e7BYp0Tfh1OmUbNiCiMcgHdWXQNQGmxF9Hz5PKzvw/oWLkWT7PrR/wL2X35Jfoo3j+dZR0QhkH2hm4r+kFrWRk9TlmR7xnSjtIMZfVLbEpA8llHFXOJdaeo+IiXoUlJkxV0ikxO7i4lABAuHMFTHgJfQQhMcpwZaveuYtLpTQAU89NXrs8Iqs12P1WpwfYox3w9VTj0jsI0Cx4n5OhTxndLt2VQ2exXijfWWbjlO4LcKJ40fyPn6aB1EtpnDdq3OUreOYj+T7usFPGP3LKB4/s75poHYL6uGhCnRv1hCuCnHFrSGP5luYej6Pi7p2cTIv9UT4fcB7lDhqo7lod+TC1jOyQXjYYettDDCbAl7gaEdruteY0utqVV1ieYcGdPvq/p/G2fAndXqOUx5H/WlPTllxjiTkPOH8sT+HiEbqoXTp/9Gp43twmFOJxcqPqzV+vdxsmhe2/9+OzIN/nwAAGeqIyHNSmMsKV/lFT4bgAcRIkjD1ZwOMysk0D6RNdNa966Jm2X5S+IaSIRNcwuYDGtQEt9JrT3eEoUogLkYR2w69debLsqTE0PAV0QzoDPx6RdPAu/VsN95lGpLm0dSMpqXOFY7LbHUZ59wfI/akvgu0rhWyowcBNGuwgHAP45w/+XNE32cVjHvrj5f4S+j5ZWh5+POBhsmeyCVhjYrD+TWmy2/wzIgeOgIIsuw+Me4q1J75grrCupPZcw0YDKwyCSgQ01uz1BCUF97iC4Hxv7LvYS82b7PLq622/doQr52njO1NHF5jRxN+eb7wwDReE/iRFMVz2DrXG0BTApv5SMLcidw1dAiaNpFnM5/vgNV0jiMmSTuh6gcw7d/W2azsRV1jUjj/OPjT6hUUnNtOYDm0L6mAhjbta5ABtEEAkhPVCHLQILdrYM8d/+n2Bc0QesMRY/tLxzNszQjf31Eq+jPCB3TCaXqkl7IPQzGuozpa0XXzFg850H+mrjLedKB4/ilURyke0NXwX73R+Grmq2SYogiCvT7aqxwPBIAXHxuMAj8byukyoSvrw7m67TSEcDTZDU1cD/WD/amsMRH+P++8xknZ8EqYuEPB6DrRnxiJxBQBFmHG0batIHB2lc7Za3wobjTPpqiYW5+FmdLmEGlyB1CUplyfuB3Q7Gu+ImxfgdWXFeZXwh5tkFFZIRCTOIWFKrKCMIsGMiqJ2Cwh2Jp+mvOARO3aNWbuLRhG/EOYAqeuwHaG+/W4+oy3qzjIBAq2hcX7FSmutPhyO+suRiaKUcQc9wZh90+hlbt5u2fqdaMcV+0NhDLAkya3jXc6m9d0hhuH07Ows6XyoXpk/deYGVgwu4rmIu7Avo+loHiLz7NArzi4t1+nYKPwJjO+tWRCIggwwYgUKblTLuEZOw9pcJcjA63xpfXgU2hy9Ohn1TMxd/rSfad1VM+I6cjtH2DkLuhFuPOvX2ZhoIDcWyFlgiT13tU744bZE0pAGMR8BAG2bxqzCP5JkfV2ztx3ofyWUqvDSd8b+1Vj4SExNPw8BuYDvAGjm5h2CtX7IvdIeK0al1i8PpqRLLeUy6RF5L//qPn3uDRN97U7NDPZPtySh0tsfzL8CMRZ5VaYANRsZUm31729t09qL0kTnODip2S94Cyrp+yFikjYkhvmAHi2yxH0dtou4CrOiU5Um2CpL0HKH71ABUoe473IAD2qyEhINJJpZdCqGps307z7pMXf8pU618Wp6uxk1qCuaS+eP4PUzErPLTCickZ7hdVOMLPWoJQUMEO39IoHM1tIQPQmbra68RPPcAJpxwJqikF5tspDeWgRWzF6487niIfSZ7yfiqjovr7MAScbz53KfMjZ4C+Rto8yZPWzAEuVT9e8ukRbts0lY3e8JcNo3QFksvs7n84gOsF80embgMaNjr8mBEtDHpVcXcl8pV0/Ty5fCN/VGzet65SWbEcjSnf6xumzEBcmGQemO4biBtCh5cgosUWmt67CUwIMzs5cvDK+gkstwsuLPVTTnA4Q1FPcz5hyYZmOlQkaY5EILB7+WXGLHE8bJGmDK+QqWwE8vnKNoA8hezx+3uA5KE9THWfTQIvPz3AU9qoZ8GOLYhhqwfoMirAlSZxygWHPkEROWU5sM8UTdepombDPcqV+TN7JbYgM4ZLwk4btzBzyZwWCApilNUc3MJs3eWyZ2PPKoq+dmkRAEkv9z6m80NaaMCK8zDZ4FnClf9W2TBPtya+j2L8Nb5FZpLc4w1qZro1ANCgHzActRMhn7IeGyaOmRMKxxQtAzJtB1JoeDpSyrvjFkaX4/nRQ+G+EGtp04M0wTQC1sz2Wr+rWu7NBBwvIu+w872OMfKIUC1ViUIwUYPllJn5cADWhr7kGVeWM0EuYyzn3VZoBPKZoRJ6zRz/2r0IBTiRZB9iQzizkn5qOVw0toxWLCRsxdG4nNFa2WA44sd02YNQICnDwHmibt6B/Dta25WA4lp8NIXrKSMEjH/EfENiG7aU5xOGIxe3uTFqzRUmRWDndZT29H2gjDEDcrGSFQhCXb1gXVqmo9KVIvlLl66NI1J0gYM36VR2PbGrHzz0PFs8AOzzrHz6KO2RM9VCb2v3ae1l4WC7g14kZJiU8YqztCzaRG4tLw0ruZuU+sMQ3qGYA0xicyHFC6Ypdwl0L/jqpzNsOSiY9ppxyzNfO8ecC0rWhDy/nCSKPKtkzCjfnJEXNeo01htuQ8a0yLwfy6FIJAgZB1Oki8bHJyTnIQZhKNoeLhJqn9KXv2znf9+KM4Of8A1CwdohWOFzvMRb7aF5kbDIjrJz7/5WfK38L7qHSEgqQ4/kJQmnKebrN+Br4ZqB0ulxKCBGxcD+BEr6sUXd9X1UV0FnLagGNdwHbDje3U6od0nrrDoA7ScJhEuq+rpSRIxwFTXU47XqC7zwwuVamXBHtyLWHuoogPl/zDM9MsY/HwiRD3rMmf8aDuPG2k83Dz86Dp99gz5v9d6My0bRT5xkumzB3EHdkrBs79SRiXleV2ssr7aWIoWE3FePnkFKQyo+6Mq2+DuKE1fqSPmlpDYxmWPopmE1+EY+f4+F9TmomVfWq58pgQ3gUuqpKMEm6PgDR1T0jsg4ULx0xdgY5C2Dy4zTGEYd2playQJ5KXd7UaGhs2ypSBjGMVBCdDZ+WUzOtPmOxwrw3e/R38jTb6jGIAkSzkD+atc2MQd9QHfUbir7Gr/mSwHehf5+tGxQqFPjfIGOg2Ei3pDLU8BlaGpnSNyJlPxFfb+bnsxDjUu+jFSZQ+XUCVd5V4i3M68mBL10LDMJeIKriRRHh9gaAk0rM25C2VSAq7NP6TbSLsNKDuWLjsWwPgTIDZgPIvnDKWJp7TcQWtxbDQRbjo1wvQlrCjsZEk1AcjOcbIUUtsiCUyUbQOqiMGHYkFFi0Sfa/krg6Fl8nX7g/9NuqbL27iknAflc6tL+A/i2KaBm1IRAAaDvpJCUUVGBpyDnMkJSBWgcfa6B0JXuCnSFCGop8/J0V9mphZJdHWdrFu+P6sh831PDu4zFousoFFxLiTNlmBtW8n4DjQ2eNFV/VZDcNGmhqz7GakvyOiXfMuo2xBoKyQx3hmhVl4wKggrwGxnUoLH/to9Rqehu5DJPakMe5FmtlJSH6X5TAEfMAOuwoamDL+jCQXbcNX69vKhZa8pRlDn7PwoHyn9fjf3hxVpoDb8DDsuI8iSf9Kxv6YwLg0dOSlGzVbKZMZ3T+rV2R0oQU8Zk2i0lwFUOox0+hXmcMSO/DohBhPEwqbIuyiDeO99374xl0jaHEFkcx6UmK8F0oYZ2xa32es5XVt2TGxXvTQE1oHfRdMhLdqSd7NSs1rxkraJye4R62vdgLTdarTVMV7lteIbExWGqbcJCH30f212fU9eCaFBYh+M+dztCNQ4FncBYoBraglUnTFLAVwfHfHa9OaL+GTy0jffG80YpiiKG8Q5ziHkU66I33s49EciujA66iTxPEgttbxcj9+oYVi1y/oFYIDGqJWDCPl8VsJQDt9hNxbuxxc8LGbCzxYDN/FPA/rqU4LjCX+NMHZ+uq1BsW6ICYXITaNqo4oLH1LRSjRomNqAwmSLDCQl7An3idB6cJIGsH0qJlFlybYbURLcMaIIkIKehwPQ5CZMVfd6VXFujvN0tO1w1gVgXbvjZdGPSjpqC4Dmm0w943YDstBpmTYDLX+riFx9cxLY/xbeAeD4bZcwtC69caeiWqslqcPCGgw7dyKnIK8WZCEit9bJkyTFIm8nAW24gaSLvsWYT82nHztSy6JjdK0z6LqEzHCLy1lX/16ENOniFSzAQ+kSitoChsB/bvEGCbESkzQfnavZ+Cu9a7NxEUmU8ZCIEi7j931NU,iv:MNFSIXsPuQ3CywzPoAoPl6FBzsGCZ6OsONglOgsM2GU=,tag:SpT2Zw++/GQKnUpN9QJ9eA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXdFNKV1NaYlI1d2VlUWZs
NklOMWZFM3gvWXQzMnE1TEFvTDJuNzFtMjBVCkRCVUFyRHpvSnZtTW1xa3hQR2J4
Uk8zdzFWWTVQdFp0ODFCT0hGdm0yR1EKLS0tIFhIN1VCbDFjSXdNZEREeENleHJX
a3Z1SmJzVm1Md01lUG5xWFR0aW01TkUKcr0cBmPFVut3VRit/TaNp+OjWGJXSd/c
/gRuSMYbjlABn76BEMmZ6V1spaXYvyzvMj4LOVaBX59O0TVTph7RJw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-09T21:59:12Z"
mac: ENC[AES256_GCM,data:4zdv1F5410iK5nt/5TYNMsA4P+/BCJuvcxLY+93dB1sXxfbEEMJFsRl/D9hRbLoyGd0TU26vho+fyDuphYYZfNaKQS7sR9C5yDo0wuWylnqcjtEKH1a4RP8FXBtFeIGXLRkKpHodjN+9BThzPH1NRaQTXCPXX7WyrqvkuIvqviA=,iv:/LoKrYdftll09XWmY88paOjx2bODzTvV61B2nbBGq5k=,tag:ZwkVsd3huR8/8PIawRb6cg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData|api_key)$
version: 3.9.4

44
kubernetes/apps/production/arr/recyclarr/deployment.yaml
View file

@ -1,44 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: recyclarr
namespace: arr
labels:
app: recyclarr
spec:
replicas: 1
selector:
matchLabels:
app: recyclarr
template:
metadata:
labels:
app: recyclarr
spec:
dnsPolicy: "None"
dnsConfig:
nameservers:
- 8.8.8.8
- 1.1.1.1
containers:
- name: recyclarr
image: ghcr.io/recyclarr/recyclarr:7.4.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_LEVEL
value: "info"
resources:
requests:
memory: "100Mi"
cpu: "50m"
limits:
memory: "125Mi"
cpu: "75m"
volumeMounts:
- name: recyclarr-config-volume
mountPath: /config/recyclarr.yaml
subPath: recyclarr.yaml
volumes:
- name: recyclarr-config-volume
configMap:
name: recyclarr-config

93
kubernetes/apps/production/arr/recyclarr/helmrelease.yaml Normal file
View file

@ -0,0 +1,93 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app recyclarr
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 3.7.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
fullnameOverride: *app
namespace: arr
controllers:
recyclarr:
enabled: true
type: cronjob
annotations:
reloader.stakater.com/auto: "true"
cronjob:
concurrencyPolicy: Forbid
schedule: "0 2 * * 1"
startingDeadlineSeconds: 30
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 1
pod:
securityContext:
runAsUser: &context 65534
runAsGroup: *context
fsGroup: *context
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
image:
repository: ghcr.io/recyclarr/recyclarr
tag: 7.4.1
command: ["/app/recyclarr/recyclarr"]
args: ["sync"]
env:
TZ: ${TZ}
SONARR_API_KEY:
valueFrom:
secretKeyRef:
name: recyclarr-secrets
key: SONARR_API_KEY
RADARR_API_KEY:
valueFrom:
secretKeyRef:
name: recyclarr-secrets
key: RADARR_API_KEY
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: 5m
memory: 36Mi
limits:
memory: 200Mi
persistence:
config-file:
type: configMap
name: recyclarr-config
globalMounts:
- path: /config/recyclarr.yml
subPath: recyclarr.yml
readOnly: true
config:
type: emptyDir
globalMounts:
- path: /config

9
kubernetes/apps/production/arr/recyclarr/kustomization.yaml
View file

@ -1,5 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- configmap.yaml
- helmrelease.yaml
configMapGenerator:
- name: recyclarr-cm
files:
- recyclarr.yml=./recyclarr.yml
generatorOptions:
disableNameSuffixHash: true

96
kubernetes/apps/production/arr/recyclarr/recyclarr.yml Normal file
View file

@ -0,0 +1,96 @@
sonarr:
series:
base_url: https://sonarr.local.mafyuh.dev
api_key: !secret SONARR_API_KEY
delete_old_custom_formats: true
replace_existing_custom_formats: true
include:
- template: sonarr-v4-custom-formats-web-1080p
- template: sonarr-v4-quality-profile-web-1080p
# quality_profiles:
# - name: WEB-DL (1080p)
# reset_unmatched_scores:
# enabled: true
# upgrade:
# allowed: true
# until_quality: WEBDL-1080p
# until_score: 10000
# min_format_score: 1
# qualities:
# - WEBDL-1080p
# - WEBRip-1080p
# - HDTV-1080p
custom_formats:
- trash_ids:
- 32b367365729d530ca1c124a0b180c64 # Bad Dual Groups
- ed38b889b31be83fda192888e2286d83 # BR-DISK
- e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated
- dc98083864ea246d05a42df0d05f81cc # x265 (720/1080p)
- 1b3994c551cbb92a2c781af061f4ab44 # Scene
assign_scores_to:
- name: WEB-DL (1080p)
score: -10000
radarr:
radarr_main:
base_url: https://radarr.local.mafyuh.dev
api_key: !secret RADARR_API_KEY
# Custom Format Configuration
delete_old_custom_formats: true
replace_existing_custom_formats: true
include:
- template: radarr-quality-definition-movie
- template: radarr-quality-profile-hd-bluray-web
- template: radarr-custom-formats-hd-bluray-web
- template: radarr-quality-definition-movie
- template: radarr-quality-profile-uhd-bluray-web
- template: radarr-custom-formats-uhd-bluray-web
# quality_profiles:
# - name: HD Bluray + WEB
# min_format_score: 0
# reset_unmatched_scores:
# enabled: true
# qualities:
# - WEBDL-1080p
# - Bluray-1080p
# - name: UHD Bluray + WEB
# reset_unmatched_scores:
# enabled: true
# qualities:
# - WEBDL-2160p
# - Bluray-2160p
# - WEBDL-1080p # Ensuring `until_quality` exists in the list
custom_formats:
- trash_ids:
- b6832f586342ef70d9c128d40c07b872 # Bad Dual Groups
- 90cedc1fea7ea5d11298bebd3d1d3223 # EVO (no WEBDL)
- ae9b7c9ebde1f3bd336a8cbd1ec4c5e5 # No-RlsGroup
- 7357cf5161efbf8c4d5d0c30b4815ee2 # Obfuscated
- 5c44f52a8714fdd79bb4d98e2673be1f # Retags
- f537cf427b64c38c8e36298f657e4828 # Scene
assign_scores_to:
- name: HD Bluray + WEB
- trash_ids:
- eecf3a857724171f968a66cb5719e152 # IMAX
- 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX ENHANCED
- c53085ddbd027d9624b320627748612f # DV HDR10+
- e23edd2482476e595fb990b12e7c609c # DV HDR10
- 58d6a88f13e2db7f5059c41047876f00 # DV
- 55d53828b9d81cbe20b02efd00aa0efd # DV HLG
- a3e19f8f627608af0211acd02bf89735 # DV SDR
- b974a6cd08c1066250f1f177d7aa1225 # HDR10+
- dfb86d5941bc9075d6af23b09c2aeecd # HDR10
- e61e28db95d22bedcadf030b8f156d96 # HDR
- 2a4d9069cc1fe3242ff9bdaebed239bb # HDR Undefined
- 08d6d8834ad9ec87b1dc7ec8148e7a1f # PQ
- 9364dd386c9b4a1100dde8264690add7 # HLG
assign_scores_to:
- name: UHD Bluray + WEB

68
kubernetes/apps/production/arr/sabnzbd/deployment.yaml
View file

@ -1,68 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sabnzbd
namespace: arr
labels:
app: sabnzbd
spec:
replicas: 1
selector:
matchLabels:
app: sabnzbd
template:
metadata:
labels:
app: sabnzbd
spec:
containers:
- name: sabnzbd
image: ghcr.io/linuxserver/sabnzbd@sha256:84126d58ac2b50261efe7f83a36adfd790617ef729639f626b0c1114157b86de
imagePullPolicy: IfNotPresent
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: America/New_York
resources:
requests:
memory: "1024Mi"
cpu: "500m"
limits:
memory: "4Gi"
cpu: "2000m"
volumeMounts:
- mountPath: /config
name: sabnzbd-config
- mountPath: /data
name: nas
- mountPath: /incomplete
name: sabnzbd-incomplete
volumes:
- name: nas
nfs:
path: /mnt/thePool/thePoolShare
server: 10.0.0.10
- name: sabnzbd-config
persistentVolumeClaim:
claimName: sabnzbd-config
- name: sabnzbd-incomplete
emptyDir:
sizeLimit: 100Gi
nodeSelector:
kubernetes.io/hostname: master3
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sabnzbd-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: longhorn

114
kubernetes/apps/production/arr/sabnzbd/helmrelease.yaml Normal file
View file

@ -0,0 +1,114 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app sabnzbd
namespace: arr
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 3.7.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
fullnameOverride: *app
namespace: arr
controllers:
sabnzbd:
enabled: true
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteMany
size: 500Mi
storageClass: longhorn
globalMounts:
- path: /config
pod:
securityContext:
runAsUser: 65534
runAsGroup: &group 65534
fsGroup: *group
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
image:
repository: ghcr.io/onedr0p/sabnzbd
tag: 4.4.1
pullPolicy: IfNotPresent
env:
TZ: "${TZ}"
SABNZBD__PORT: &port 8080
probes:
liveness:
enabled: false
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: 20m
memory: 200Mi
limits:
memory: 4000Mi
service:
app:
primary: true
controller: sabnzbd
ports:
http:
port: *port
ingress:
internal:
enabled: true
className: nginx
hosts:
- host: "sabnzbd.${LOCAL_DOMAIN}"
paths:
- path: /
pathType: Prefix
service:
identifier: app
port: http
tls:
- hosts:
- "sabnzbd.${LOCAL_DOMAIN}"
secretName: local-mafyuh-dev-production-tls
persistence:
data:
enabled: true
type: nfs
server: "${NAS_IP}"
path: /mnt/thePool/thePoolShare
globalMounts:
- path: /data

22
kubernetes/apps/production/arr/sabnzbd/ingress.yaml
View file

@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sabnzbd
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "sab.local.mafyuh.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-sabnzbd
port:
number: 8080
tls:
- hosts:
- "sab.local.mafyuh.dev"
secretName: local-mafyuh-dev-production-tls

4
kubernetes/apps/production/arr/sabnzbd/kustomization.yaml
View file

@ -1,6 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
- helmrelease.yaml

13
kubernetes/apps/production/arr/sabnzbd/service.yaml
View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: headless-sabnzbd
namespace: arr
spec:
selector:
app: sabnzbd
ports:
- port: 8080
targetPort: 8080
protocol: TCP
type: ClusterIP

59
kubernetes/apps/production/arr/sonarr/deployment.yaml
View file

@ -1,59 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
namespace: arr
labels:
app: sonarr
spec:
replicas: 1
selector:
matchLabels:
app: sonarr
template:
metadata:
labels:
app: sonarr
spec:
securityContext:
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
fsGroupChangePolicy: OnRootMismatch
containers:
- name: sonarr
image: ghcr.io/onedr0p/sonarr:rolling@sha256:004aa9dc8e670e28b3ee2dc65b3b850ea3bd5a45d3c5ce5068bc4d45583c1770
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 512Mi
cpu: 75m
limits:
memory: 1024Mi
cpu: 150m
volumeMounts:
- mountPath: /config
name: sonarr-config
- mountPath: /data
name: nas
volumes:
- name: nas
nfs:
path: /mnt/thePool/thePoolShare
server: 10.0.0.10
- name: sonarr-config
persistentVolumeClaim:
claimName: sonarr-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
storageClassName: longhorn

118
kubernetes/apps/production/arr/sonarr/helmrelease.yaml Normal file
View file

@ -0,0 +1,118 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app sonarr
namespace: arr
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 3.7.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
fullnameOverride: *app
namespace: arr
controllers:
sonarr:
enabled: true
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteMany
size: 3Gi
storageClass: longhorn
globalMounts:
- path: /config
pod:
securityContext:
runAsUser: 65534
runAsGroup: &group 65534
fsGroup: *group
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
image:
repository: ghcr.io/onedr0p/sonarr
tag: 5.18.4.9674
pullPolicy: IfNotPresent
env:
TZ: "${TZ}"
SONARR__INSTANCE_NAME: *app
SONARR__PORT: &port 8989
SONARR__APPLICATION_URL: "https://sonarr.${LOCAL_DOMAIN}"
SONARR__THEME: dark
SONARR__LOG_LEVEL: info
probes:
liveness:
enabled: false
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
memory: 400Mi
service:
app:
primary: true
controller: sonarr
ports:
http:
port: *port
ingress:
internal:
enabled: true
className: nginx
hosts:
- host: "sonarr.${LOCAL_DOMAIN}"
paths:
- path: /
pathType: Prefix
service:
identifier: app
port: http
tls:
- hosts:
- "sonarr.${LOCAL_DOMAIN}"
secretName: local-mafyuh-dev-production-tls
persistence:
data:
enabled: true
type: nfs
server: "${NAS_IP}"
path: /mnt/thePool/thePoolShare
globalMounts:
- path: /data

22
kubernetes/apps/production/arr/sonarr/ingress.yaml
View file

@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sonarr
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "sonarr.local.mafyuh.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-sonarr
port:
number: 8989
tls:
- hosts:
- "sonarr.local.mafyuh.dev"
secretName: local-mafyuh-dev-production-tls

4
kubernetes/apps/production/arr/sonarr/kustomization.yaml
View file

@ -1,6 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
- helmrelease.yaml

13
kubernetes/apps/production/arr/sonarr/service.yaml
View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: headless-sonarr
namespace: arr
spec:
selector:
app: sonarr
ports:
- port: 8989
targetPort: 8989
protocol: TCP
type: ClusterIP

3
kubernetes/apps/production/kustomization.yaml
View file

@ -6,4 +6,5 @@ resources:
- cert-manager/
- longhorn/
- nginx/
- reflector/
- reflector/
- reloader/

33
kubernetes/apps/production/reloader/helmrelease.yaml Normal file
View file

@ -0,0 +1,33 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app reloader
spec:
interval: 15m
chart:
spec:
chart: reloader
version: 1.2.1
interval: 30m
sourceRef:
kind: HelmRepository
name: stakater
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
fullnameOverride: *app
resources:
requests:
cpu: 15m
memory: 64M
limits:
cpu: 15m
memory: 64M

4
kubernetes/apps/production/reloader/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml

10
kubernetes/cluster/production/charts/reloader-chart.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: stakater
namespace: flux-system
spec:
interval: 30m
url: https://stakater.github.io/stakater-charts
timeout: 3m

3
kubernetes/secrets/kustomization.yaml
View file

@ -3,4 +3,5 @@ kind: Kustomization
resources:
- cluster-config.yaml
- qbitty-secrets.yaml
- cluster-secrets.yaml
- cluster-secrets.yaml
- recyclarr.yaml

29
kubernetes/secrets/recyclarr.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
metadata:
name: recyclarr-secrets
namespace: arr
type: Opaque
stringData:
RADARR_APT_KEY: ENC[AES256_GCM,data:ExNCoY5kWoUbZBxNnmCrFFfOa0bx2BD/koqX0EskCMM=,iv:BiphcBweetjC9NZgHN9RGois1r3HAiqvTotZbjs9ViE=,tag:EIXUZhcJXPJNdVsJGklAoQ==,type:str]
SONARR_API_KEY: ENC[AES256_GCM,data:0BwoubBRAUJCF65SsWmQcpMfT1KYZI5AmUjk,iv:59lCryBCqgQM44XAqDo/70hJGB4+TO5PUfsxhyXz9s4=,tag:bdMJLRR2D5IeyXdc8hmlCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVWtGNHBNcCtIUDd0ZHNS
K2lNMlFSMzlVRU1BUTNyWVdCTDh2UmY4VUJzCkk4Y1ZDcy8vTG84eTh6eXg0eWpO
SFZqRjFrdjl6dWpJbTg3UnhNZ2JTOGsKLS0tIGRoT1cyK0phNXVwZEJ0M3VDcEpj
KzdOczVjakovQlE1TkF4VUJORk5IdWsKx12AioJfcpmzCAbI+RwrJW1607YYsQbf
N8EKX70kyhdlwyCMDwr7B0+eFAWsJAjsR+2Z91peXCxlfeVXu28eFQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-18T04:52:45Z"
mac: ENC[AES256_GCM,data:kdkPp/yJTRdGE++jjDti0ZV18UvQPvHC2Zmuovdhax0PwltcNL4xNXWK+3ZNuy5k2uRcfM6tRf6JEID/0WRedJCUZ3X0VhF1QJB/1/5ZgVvvpq0CVdufCOOQtMl0Y+2zAE7RCug4DI9PpB1Ud5V7uc/RTem2D4p2ebXr4SMJz7w=,iv:lbQsBStxyd1jzdeI7dESDrpgZibymUYw69yTGL9aiqc=,tag:2giVCBtX2x8kjo0aTG6TEQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4