From cf03440780e99e73d517229162890aa9ede896f4 Mon Sep 17 00:00:00 2001
From: Matt Reeves <admin@mafyuh.io>
Date: Mon, 17 Feb 2025 22:11:58 -0500
Subject: [PATCH] test migrate radarr to helm
---
.../production/arr/radarr/deployment.yaml | 59 ---------
.../production/arr/radarr/helmrelease.yaml | 116 ++++++++++++++++++
.../apps/production/arr/radarr/ingress.yaml | 22 ----
.../production/arr/radarr/kustomization.yaml | 4 +-
.../apps/production/arr/radarr/service.yaml | 13 --
.../cert-manager/issuers/secret-cf-token.yaml | 16 +--
.../production/charts/bjw-s-chart.yaml | 10 ++
.../production/charts}/kustomization.yaml | 3 +-
.../production/config/cluster-config.yaml | 7 ++
.../production/config/cluster-secrets.yaml | 29 +++++
.../production/config/kustomization.yaml | 6 +
.../production/config}/qbitty-secrets.yaml | 0
.../cluster/production/flux-system/apps.yaml | 4 +-
.../production/flux-system/secrets.yaml | 8 +-
.../cluster/production/kustomization.yaml | 6 +
kubernetes/kustomization.yaml | 2 +-
kubernetes/secrets/flux.yaml | 28 -----
17 files changed, 195 insertions(+), 138 deletions(-)
delete mode 100644 kubernetes/apps/production/arr/radarr/deployment.yaml
create mode 100644 kubernetes/apps/production/arr/radarr/helmrelease.yaml
delete mode 100644 kubernetes/apps/production/arr/radarr/ingress.yaml
delete mode 100644 kubernetes/apps/production/arr/radarr/service.yaml
create mode 100644 kubernetes/cluster/production/charts/bjw-s-chart.yaml
rename kubernetes/{secrets => cluster/production/charts}/kustomization.yaml (66%)
create mode 100644 kubernetes/cluster/production/config/cluster-config.yaml
create mode 100644 kubernetes/cluster/production/config/cluster-secrets.yaml
create mode 100644 kubernetes/cluster/production/config/kustomization.yaml
rename kubernetes/{secrets => cluster/production/config}/qbitty-secrets.yaml (100%)
create mode 100644 kubernetes/cluster/production/kustomization.yaml
delete mode 100644 kubernetes/secrets/flux.yaml
diff --git a/kubernetes/apps/production/arr/radarr/deployment.yaml b/kubernetes/apps/production/arr/radarr/deployment.yaml
deleted file mode 100644
index c351916..0000000
--- a/kubernetes/apps/production/arr/radarr/deployment.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: radarr
- namespace: arr
- labels:
- app: radarr
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: radarr
- template:
- metadata:
- labels:
- app: radarr
- spec:
- securityContext:
- runAsUser: 65534
- runAsGroup: 65534
- fsGroup: 65534
- fsGroupChangePolicy: OnRootMismatch
- containers:
- - name: radarr
- image: ghcr.io/onedr0p/radarr:rolling@sha256:f63ab1d9875d81f1b6d7cd69427749451d2fab981e39ffb8d9071c2e21041170
- imagePullPolicy: IfNotPresent
- resources:
- requests:
- memory: 512Mi
- cpu: 100m
- limits:
- memory: 2Gi
- cpu: 500m
- volumeMounts:
- - mountPath: /config
- name: radarr
- - mountPath: /data
- name: nas
- volumes:
- - name: nas
- nfs:
- path: /mnt/thePool/thePoolShare
- server: 10.0.0.10
- - name: radarr
- persistentVolumeClaim:
- claimName: radarr
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: radarr
- namespace: arr
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 3Gi
- storageClassName: longhorn
diff --git a/kubernetes/apps/production/arr/radarr/helmrelease.yaml b/kubernetes/apps/production/arr/radarr/helmrelease.yaml
new file mode 100644
index 0000000..39fd46e
--- /dev/null
+++ b/kubernetes/apps/production/arr/radarr/helmrelease.yaml
@@ -0,0 +1,116 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: &app radarr
+ namespace: arr
+spec:
+ interval: 15m
+ chart:
+ spec:
+ chart: app-template
+ version: 3.7.1
+ interval: 30m
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+
+ install:
+ remediation:
+ retries: 3
+ upgrade:
+ remediation:
+ retries: 3
+
+ values:
+ global:
+ fullnameOverride: *app
+ namespace: arr
+
+ controllers:
+ radarr:
+ enabled: true
+ type: statefulset
+
+ replicas: 1
+
+ statefulset:
+ volumeClaimTemplates:
+ - name: config
+ accessMode: ReadWriteMany
+ size: 3Gi
+ storageClass: longhorn
+ globalMounts:
+ - path: /config
+
+ pod:
+ securityContext:
+ runAsUser: 65534
+ runAsGroup: &group 65534
+ fsGroup: *group
+ fsGroupChangePolicy: "OnRootMismatch"
+
+ containers:
+ app:
+ image:
+ repository: ghcr.io/onedr0p/radarr
+ tag: 5.18.4.9674
+ pullPolicy: IfNotPresent
+ env:
+ TZ: "${TZ}"
+ RADARR__INSTANCE_NAME: *app
+ RADARR__PORT: &port 7878
+ RADARR__APPLICATION_URL: "https://radarr.${LOCAL_DOMAIN}"
+ RADARR__THEME: dark
+ RADARR__LOG_LEVEL: info
+
+ probes:
+ liveness:
+ enabled: false
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+
+ resources:
+ requests:
+ cpu: 50m
+ memory: 200Mi
+ limits:
+ memory: 400Mi
+
+ service:
+ app:
+ primary: true
+ controller: radarr
+ ports:
+ http:
+ port: *port
+
+ ingress:
+ internal:
+ enabled: true
+ className: nginx
+ hosts:
+ - host: "radarr.${LOCAL_DOMAIN}"
+ paths:
+ - path: /
+ pathType: Prefix
+ service:
+ identifier: app
+ port: http
+ tls:
+ - hosts:
+ - "radarr.${LOCAL_DOMAIN}"
+ secretName: local-mafyuh-dev-production-tls
+
+ persistence:
+ data:
+ enabled: true
+ type: nfs
+ server: "${NAS_IP}"
+ path: /mnt/thePool/thePoolShare
+ globalMounts:
+ - path: /data
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/radarr/ingress.yaml b/kubernetes/apps/production/arr/radarr/ingress.yaml
deleted file mode 100644
index 6b45025..0000000
--- a/kubernetes/apps/production/arr/radarr/ingress.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: radarr
- namespace: arr
-spec:
- ingressClassName: nginx
- rules:
- - host: "radarr.local.mafyuh.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: headless-radarr
- port:
- number: 7878
- tls:
- - hosts:
- - "radarr.local.mafyuh.dev"
- secretName: local-mafyuh-dev-production-tls
diff --git a/kubernetes/apps/production/arr/radarr/kustomization.yaml b/kubernetes/apps/production/arr/radarr/kustomization.yaml
index 5f7a4f4..4377f60 100644
--- a/kubernetes/apps/production/arr/radarr/kustomization.yaml
+++ b/kubernetes/apps/production/arr/radarr/kustomization.yaml
@@ -1,6 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - deployment.yaml
- - service.yaml
- - ingress.yaml
\ No newline at end of file
+ - helmrelease.yaml
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/radarr/service.yaml b/kubernetes/apps/production/arr/radarr/service.yaml
deleted file mode 100644
index f2618d2..0000000
--- a/kubernetes/apps/production/arr/radarr/service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: headless-radarr
- namespace: arr
-spec:
- selector:
- app: radarr
- ports:
- - port: 7878
- targetPort: 7878
- protocol: TCP
- type: ClusterIP
\ No newline at end of file
diff --git a/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml b/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml
index c84575a..1c62db4 100644
--- a/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml
+++ b/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml
@@ -5,7 +5,7 @@ metadata:
namespace: cert-manager
type: Opaque
stringData:
- cloudflare-token: ENC[AES256_GCM,data:QDWamL3h0NLZzezOq5Sxo64K+7nivtl2pmpCbWk6rUFzKXJR7ym6Mg==,iv:Uf6v8dHRvx7dFs9ES5e+YWIo12WtrrXqK1xJ8z/gOO4=,tag:6undZMM8eDXXRp12cRX+dA==,type:str]
+ cloudflare-token: ENC[AES256_GCM,data:9I2VZBJrnat4TZ50fEVGS+N2ba6OVUvJWodhZhHCMMQm3scJ9Rqgvg==,iv:u3yKtpXWObitpJ92Brd9VceIAjgCaXQ92J/VIgrN7SE=,tag:iJEGLae7Uvj+5PtkmKfYkw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -15,14 +15,14 @@ sops:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRzV5Sy80OGJGQXRiNkND
- azlFZG1CNllYbG5kQ0VHRXNhbjdRcEN6TUU0Ckc2RjMza2laWS9Zb21tNmE0eUw3
- RG9SclYrWEFxYWs2ck95VWQ3MlJDUlEKLS0tIDg0dXYxZUFlUTNiQ2VWUElIdU1J
- ajRYUzRGREhIenNjdnlwMmtvVCthTHMKI74UwAsVX1QKQSez4E+Ks9VAF2QwbRDa
- rO/PdBYJK+MwCptCEiinxaSc5BDAyE0wYiC6Tmldz6ZHYTv1ADe21Q==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSTBHMlNiaU1qMDdqdUtB
+ UkF4QmxwYURFWHVqeW1VRE4reXRGQVNzS25rCnlzOFNFUFprUzJET0Q2ZktkM3ZT
+ NHFYeFpKMW9Za2V5dGZ1NFRHeCt4azgKLS0tIFpIM3I3bmgyQ25nUUZCVWh0ZDd1
+ cWpzK3FuTC9McXdMUERvSUtVVzE0KzAKmU4J3YzOr5Xcr8eGtMoUJIT87biX/pkh
+ IHrrhcfYWr2JZY5BqC1AK6EN3+uNFqrKIs7MrV0Ogb5X02BP/9D77w==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-02-08T18:43:20Z"
- mac: ENC[AES256_GCM,data:fuTN6KncxLvzw7o3ENVYKCIcmxDDbvOeIyfn/H1M5rtw3C8WiRnuz4XviYTh2y6EHv9FGEOI5RiRmtEtqiux7xn81DBobmAdgl/RFsrMsKus0SVpGn4PmZYfO/8R9xknyX93fbYicnahYpM3aHvwQx1njK64ywN+Hp0U+PZfMoQ=,iv:4EgN+gBOwkNty9uPSb1/wDOKTEHUUEtkeDEJDkB2/EE=,tag:Meb79CBfm3tot4vKf1OOmg==,type:str]
+ lastmodified: "2025-02-18T02:56:04Z"
+ mac: ENC[AES256_GCM,data:InOhXZOhW9mkXv7pYOxihCDbdswQyuC6g5xzb/0dBhq+j4tRz6MUGMyducc3WiPybMaCsBi7X50tOrcRhe4CyH//nr6N8xKaKhxQYgxt47QOakHhGPtNvyBCw4au21KF34ZIEN0jRKVryCYj2X3WD3tNT9jFn4FfgLUx6xx9WYg=,iv:FtkgRp7Ib5DLib0y617mdeVy/EHWKKNcG18wbR/lAdM=,tag:i+TFxjplYuRT1ZhqXfXeBw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4
diff --git a/kubernetes/cluster/production/charts/bjw-s-chart.yaml b/kubernetes/cluster/production/charts/bjw-s-chart.yaml
new file mode 100644
index 0000000..98f1a60
--- /dev/null
+++ b/kubernetes/cluster/production/charts/bjw-s-chart.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ name: bjw-s
+ namespace: flux-system
+spec:
+ interval: 30m
+ url: https://bjw-s.github.io/helm-charts
+ timeout: 3m
\ No newline at end of file
diff --git a/kubernetes/secrets/kustomization.yaml b/kubernetes/cluster/production/charts/kustomization.yaml
similarity index 66%
rename from kubernetes/secrets/kustomization.yaml
rename to kubernetes/cluster/production/charts/kustomization.yaml
index caefb94..395a6e5 100644
--- a/kubernetes/secrets/kustomization.yaml
+++ b/kubernetes/cluster/production/charts/kustomization.yaml
@@ -1,5 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - flux.yaml
- - qbitty-secrets.yaml
\ No newline at end of file
+- bjw-s-chart.yaml
diff --git a/kubernetes/cluster/production/config/cluster-config.yaml b/kubernetes/cluster/production/config/cluster-config.yaml
new file mode 100644
index 0000000..80ff499
--- /dev/null
+++ b/kubernetes/cluster/production/config/cluster-config.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cluster-config
+ namespace: flux-system
+data:
+ TZ: "America/New_York"
diff --git a/kubernetes/cluster/production/config/cluster-secrets.yaml b/kubernetes/cluster/production/config/cluster-secrets.yaml
new file mode 100644
index 0000000..1de7766
--- /dev/null
+++ b/kubernetes/cluster/production/config/cluster-secrets.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: cluster-secrets
+ namespace: flux-system
+data:
+ PUBLIC_DOMAIN: ENC[AES256_GCM,data:M+nn0P7olNwEyc+3XUM37g==,iv:EHupf7+9evYWrJZNFGe/I0sgcocs0UnU2j5gcCsoMqs=,tag:9N7R8sgfA5y/ePoD/tepFw==,type:str]
+ LOCAL_DOMAIN: ENC[AES256_GCM,data:7ljyWJK8kOADFW5/uk9aNaRf7dnoTSqU,iv:ppr7vv8W2EfnF3b5rYBSXND/qNdQwZPEIMjAgae81+A=,tag:s7wybl3msr0RMyAAEej2jA==,type:str]
+ NAS_IP: ENC[AES256_GCM,data:z04M4Xe8lekw4zEqB6a2YQ==,iv:Qwgy94CR+jBvhCTOPa4dxxai0cidGt9BnSReUwedol8=,tag:Qnm/pxGTdMUUE59aOqObOg==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWmVDYWFUM2g1Z3A4L09y
+ VlJGNVNIb0o5ZkoyMXRLMFVDVjNtbllIVWhjClRaaDNPblI3amNSTjFXSmtJZ1kz
+ dVRqa05yZnJhblFaUW1IbnB5RXMyMzAKLS0tIGtyMnV4ZXlWclBRa1UrVkNPV0dh
+ UnJqT1FORU5SaGNTK0Y3V3RYMlRjeEkKQOfr3ruilfkb8lfuWrQaeB44b9nf+TSq
+ QgvmCElVNleZ369lr92ZfNQXgIehuVQku3h8xElXtL0SyZmRrbKneg==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-02-18T03:04:17Z"
+ mac: ENC[AES256_GCM,data:kwxezyC/r2vsbCXAU6yGAjpzOQHuQZQvRDAl53ZT59DP9+P3rL+eRG6mpKPuack1TvlcQddUgFEMXxoilPcpiZpG967fLQlBIN+e61bGBsHiHT7zHcnudi33ZruAG1E/Fsx3qk/aQBak+C2j9JzuaApaDWx8Oboxkm4/Ks+wHI8=,iv:hOdZy2E3JmWX82jJAl8XalI4FaCVHfxBMWg7R2liWeA=,tag:on3NuJJTxp1+SEKsSnGYgA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.9.4
diff --git a/kubernetes/cluster/production/config/kustomization.yaml b/kubernetes/cluster/production/config/kustomization.yaml
new file mode 100644
index 0000000..39ebed1
--- /dev/null
+++ b/kubernetes/cluster/production/config/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - cluster-config.yaml
+ - qbitty-secrets.yaml
+ - cluster-secrets.yaml
\ No newline at end of file
diff --git a/kubernetes/secrets/qbitty-secrets.yaml b/kubernetes/cluster/production/config/qbitty-secrets.yaml
similarity index 100%
rename from kubernetes/secrets/qbitty-secrets.yaml
rename to kubernetes/cluster/production/config/qbitty-secrets.yaml
diff --git a/kubernetes/cluster/production/flux-system/apps.yaml b/kubernetes/cluster/production/flux-system/apps.yaml
index f2ac7d9..ac3953b 100644
--- a/kubernetes/cluster/production/flux-system/apps.yaml
+++ b/kubernetes/cluster/production/flux-system/apps.yaml
@@ -17,4 +17,6 @@ spec:
postBuild:
substituteFrom:
- kind: ConfigMap
- name: cluster-config
\ No newline at end of file
+ name: cluster-config
+ - kind: Secret
+ name: cluster-secrets
\ No newline at end of file
diff --git a/kubernetes/cluster/production/flux-system/secrets.yaml b/kubernetes/cluster/production/flux-system/secrets.yaml
index aa93489..fb628f9 100644
--- a/kubernetes/cluster/production/flux-system/secrets.yaml
+++ b/kubernetes/cluster/production/flux-system/secrets.yaml
@@ -5,7 +5,7 @@ metadata:
namespace: flux-system
spec:
interval: 5m
- path: "./kubernetes/secrets"
+ path: "./kubernetes/cluster/production/config"
sourceRef:
kind: GitRepository
name: flux-system
@@ -14,3 +14,9 @@ spec:
secretRef:
name: sops-age
prune: true
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-config
+ - kind: Secret
+ name: cluster-secrets
diff --git a/kubernetes/cluster/production/kustomization.yaml b/kubernetes/cluster/production/kustomization.yaml
new file mode 100644
index 0000000..77d0cbc
--- /dev/null
+++ b/kubernetes/cluster/production/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- charts/
+- config/
+- flux-system/
\ No newline at end of file
diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml
index d08ad48..0162701 100644
--- a/kubernetes/kustomization.yaml
+++ b/kubernetes/kustomization.yaml
@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- apps/
-- cluster/production/flux-system/
+- cluster/production/
diff --git a/kubernetes/secrets/flux.yaml b/kubernetes/secrets/flux.yaml
deleted file mode 100644
index cfbe332..0000000
--- a/kubernetes/secrets/flux.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cluster-config
- namespace: flux-system
-data:
- LOCAL_DOMAIN: ENC[AES256_GCM,data:+MFh6JbregTAyBjQgfhjPQ==,iv:P6/9sySKhAjWKi8F09rEQ9RqyfMZRdSrGOHgfNI5ZNM=,tag:8ExXSkOegf97uqZAto310g==,type:str]
- PUBLIC_DOMAIN: ENC[AES256_GCM,data:13kMLOeH00D7eXgdgWoRpA==,iv:0ptiPvI9v6rpupeIAe1R+5CkVvWIQjivJGNPJfr3MjI=,tag:WqyDKGxqFX/o2wK7Z9/i3A==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SXZ6TUdZTzJFMTg2cGQr
- cktvVEhkL1krdm95cGpxcDAzc2t1VkxrbHdVCmRYQXoxNnA5YUdTS0tkNzA3MnJr
- ZVZtKzhoaTVKTjBrdk1nb2RrMXRTL1UKLS0tIEdkTzlTOXRxak4xQ0tuam1PL2hw
- M3RsQnNodHgvdU00YVA1cGZobVBLY1EKsLe8q0/W+OnSJ4sEnt4Xnw0eMUNLf9gG
- zHXUoROb6nlqh03SH2SFoJuzc7jRYqHOOxXjnRcQcSTnyBi0jIT9/A==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-02-17T05:27:24Z"
- mac: ENC[AES256_GCM,data:CdZrObeqXr+iJ2E9l5UGp0h9gZI7F3le9fj5zbHe4WjaS+HEPr9yaExG5AEpyLkW4BzjHoaLjFxbshec8PheWcWCEMIwIoJPRcI9ld7se01nz/SC7DJWT66otj7TZIwzi6/DmCVpsoXL2bYskmaExOk2l7DlijQ7lkevJupOKMI=,iv:CChtQxUUXIiSqmK99F5fQlvdmrjshWNoh7xSgrzxFto=,tag:Ph3SByrtOyNVBM4XcmH2Wg==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.9.4