Skip to content

Commit

Permalink
Feat: official kyoo helm chart (#3031)
Browse files Browse the repository at this point in the history
  • Loading branch information
@joryirving
joryirving committed Oct 5, 2024
1 parent 840eadb commit 40e96d8
Show file tree
Hide file tree
Showing 13 changed files with 587 additions and 331 deletions.
0 ...n/apps/media/kyoo/app/configs/config.yaml → ...dia/kyoo/app-template/configs/config.yaml
View file
File renamed without changes.
67 changes: 67 additions & 0 deletions kubernetes/main/apps/media/kyoo/app-template/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
---
# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: &name kyoo-secret
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
refreshInterval: 15m
target:
name: *name
template:
engineVersion: v2
data:
# App
KYOO_APIKEYS: '{{ .KYOO_API_KEY }}'
THEMOVIEDB_APIKEY: '{{ .TMDB_API_KEY }}'
#Meili
MEILI_HOST: http://kyoo-meilisearch:7700
MEILI_MASTER_KEY: '{{ .MEILI_MASTER_KEY }}'
#RabbitMQ
RABBITMQ_DEFAULT_USER: kyoo
RABBITMQ_PORT: "5672"
RABBITMQ_HOST: kyoo-rabbitmq
RABBITMQ_DEFAULT_PASS: '{{ .RABBITMQ_PASS }}'
# OIDC
OIDC_AUTHENTIK_NAME: Authentik
OIDC_AUTHENTIK_LOGO: https://sso.${SECRET_DOMAIN}/static/dist/assets/icons/icon.png
OIDC_AUTHENTIK_AUTHORIZATION: https://sso.${SECRET_DOMAIN}/application/o/authorize/
OIDC_AUTHENTIK_TOKEN: https://sso.${SECRET_DOMAIN}/application/o/token/
OIDC_AUTHENTIK_PROFILE: https://sso.${SECRET_DOMAIN}/application/o/userinfo/
OIDC_AUTHENTIK_SCOPE: openid email profile
OIDC_AUTHENTIK_CLIENTID: '{{ .KYOO_CLIENT_ID }}'
OIDC_AUTHENTIK_SECRET: '{{ .KYOO_CLIENT_SECRET }}'
dataFrom:
- extract:
key: kyoo
- extract:
key: kometa
---
# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: &name kyoo-db-secret
spec:
refreshInterval: 1m
secretStoreRef:
name: crunchy-pgo-secrets
kind: ClusterSecretStore
target:
name: kyoo-secret
creationPolicy: Merge
deletionPolicy: Retain
template:
type: Opaque
data:
POSTGRES_DB: '{{ .dbname }}'
POSTGRES_SERVER: '{{ index . "pgbouncer-host" }}'
POSTGRES_PORT: '{{ .port }}'
POSTGRES_USER: '{{ .user }}'
POSTGRES_PASSWORD: '{{ .password }}'
dataFrom:
- extract:
key: postgres-pguser-kyoo
312 changes: 312 additions & 0 deletions kubernetes/main/apps/media/kyoo/app-template/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,312 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app kyoo
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 3.5.0
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 3
upgrade:
remediation:
strategy: rollback
retries: 3
values:
controllers:
meilisearch:
labels:
nfsMount: "true"
postgres: "true"
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: docker.io/getmeili/meilisearch
tag: v1.10
env:
MEILI_ENV: production
MEILI_MASTER_KEY:
valueFrom:
secretKeyRef:
name: kyoo-secret
key: MEILI_MASTER_KEY
probes:
liveness: &searchprobes
enabled: true
custom: true
spec:
httpGet:
path: /health
port: &searchport 7700
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *searchprobes
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
resources:
requests:
cpu: 5m
limits:
memory: 1Gi

rabbitmq:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: docker.io/rabbitmq
tag: 4-alpine
envFrom: &envFrom
- secretRef:
name: kyoo-secret
- configMapRef:
name: kyoo-config
resources:
requests:
cpu: 5m
limits:
memory: 300Mi

back:
labels:
nfsMount: "true"
strategy: Recreate
annotations:
reloader.stakater.com/auto: "true"
initContainers:
01-migrations:
envFrom:
- secretRef:
name: kyoo-secret
image:
repository: ghcr.io/zoriya/kyoo_migrations
tag: edge@sha256:97efa508eaf657544345803569a1243b36f3603bee3d64d9bc7f9ebbaf0fdc13
containers:
app:
image:
repository: ghcr.io/zoriya/kyoo_back
tag: edge@sha256:96572254d19bd9509df9ae6df97dd782638710244c3ec8f1dc43e508c30882db
env:
TRANSCODER_URL: http://kyoo-transcoder:7666
envFrom: *envFrom
resources:
requests:
cpu: 10m
memory: 1Gi
limits:
cpu: 4000m
memory: 8Gi

front:
labels:
nfsMount: "true"
replicas: 1
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/zoriya/kyoo_front
tag: edge@sha256:ffb5119371b4ba505687ff814f8aac963a411b285297c364def0d6af59255b09
envFrom: *envFrom
resources:
requests:
cpu: 5m
memory: 100Mi
limits:
memory: 1Gi

scanner:
labels:
nfsMount: "true"
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: &scannerimage ghcr.io/zoriya/kyoo_scanner
tag: &scannertag edge@sha256:92279694b8a00f90295f3acd5124a130c83d8560e60803ac6fc96572ec153b05
envFrom: *envFrom
resources:
requests:
cpu: 5m
limits:
memory: 1Gi

matcher:
labels:
nfsMount: "true"
replicas: 1
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: *scannerimage
tag: *scannertag
args: ["matcher"]
envFrom: *envFrom
resources:
requests:
cpu: 5m
limits:
memory: 400Mi

autosync:
labels:
nfsMount: "true"
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/zoriya/kyoo_autosync
tag: 4.7.0@sha256:eca5415548a41181a59251b42c5ad8daa2b7a4f847d8c0f780b25a8da75a102f
envFrom: *envFrom
resources:
requests:
cpu: 5m
limits:
memory: 100Mi

transcoder:
labels:
nfsMount: "true"
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/zoriya/kyoo_transcoder
tag: edge@sha256:d81bcebc132f68b728e771dd70575bde5e2edc9b2bec1927e79a0419fc139e6c
envFrom: *envFrom
resources:
requests:
cpu: 10m
memory: 500Mi
limits:
gpu.intel.com/i915: 1
memory: 8Gi
pod:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values: ["plex"]
topologyKey: kubernetes.io/hostname
nodeSelector:
intel.feature.node.kubernetes.io/gpu: "true"

defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [44, 10000]
seccompProfile: { type: RuntimeDefault }
service:
back:
controller: back
ports:
http:
port: 5000
front:
controller: front
ports:
http:
port: 8901
rabbitmq:
controller: rabbitmq
ports:
http:
port: 5672
meilisearch:
controller: meilisearch
ports:
http:
port: *searchport
transcoder:
controller: transcoder
ports:
http:
port: 7666
ingress:
main:
className: external
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /api/(.*) /$1 break;
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
external-dns.alpha.kubernetes.io/target: external.${SECRET_DOMAIN}
hosts:
- host: kyoo.${SECRET_DOMAIN}
paths:
- path: /
pathType: Prefix
service:
identifier: front
port: http
- path: /api
pathType: Prefix
service:
identifier: back
port: http
persistence:
kyoo:
existingClaim: *app
advancedMounts:
back:
app:
- path: /metadata
search:
existingClaim: kyoo-meilisearch
advancedMounts:
meilisearch:
app:
- path: /meili_data
transcoder-metadata:
existingClaim: kyoo-transcoder-metadata
advancedMounts:
transcoder:
app:
- path: /metadata
cache:
type: emptyDir
advancedMounts:
transcoder:
app:
- path: /cache
media:
type: nfs
server: voyager.internal
path: ${SECRET_NFS_DATA:=temp}
globalMounts:
- path: /data
subPath: media
readOnly: true
11 changes: 11 additions & 0 deletions kubernetes/main/apps/media/kyoo/app-template/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./pvc.yaml
- ./configs/config.yaml
- ../../../../templates/gatus/external
- ../../../../templates/volsync
Loading

0 comments on commit 40e96d8

Please sign in to comment.