From e293a104c669219af0eede3e1a0d08d9fbb432d2 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Sun, 18 Aug 2024 11:59:28 +0800 Subject: [PATCH] fix: move Kavita & Komga to media ns for shared PVC --- .../biohazard/flux/kustomization.yaml | 7 ++-- kube/deploy/apps/komga/ns.yaml | 10 ----- kube/deploy/apps/media/_deps/app/pvc.yaml | 18 ++++++++ kube/deploy/apps/media/_deps/ks.yaml | 41 +++++++++++++++++++ .../_deps}/kustomization.yaml | 0 .../apps/{kavita => media/_deps}/ns.yaml | 2 +- .../apps/{ => media}/kavita/app/hr.yaml | 32 ++++++++------- kube/deploy/apps/{ => media}/kavita/ks.yaml | 6 +-- .../kavita}/kustomization.yaml | 1 - .../deploy/apps/{ => media}/komga/app/es.yaml | 2 +- .../deploy/apps/{ => media}/komga/app/hr.yaml | 24 ++++++----- kube/deploy/apps/{ => media}/komga/ks.yaml | 8 ++-- .../apps/media/komga/kustomization.yaml | 5 +++ 13 files changed, 108 insertions(+), 48 deletions(-) delete mode 100644 kube/deploy/apps/komga/ns.yaml create mode 100644 kube/deploy/apps/media/_deps/app/pvc.yaml create mode 100644 kube/deploy/apps/media/_deps/ks.yaml rename kube/deploy/apps/{kavita => media/_deps}/kustomization.yaml (100%) rename kube/deploy/apps/{kavita => media/_deps}/ns.yaml (94%) rename kube/deploy/apps/{ => media}/kavita/app/hr.yaml (87%) rename kube/deploy/apps/{ => media}/kavita/ks.yaml (90%) rename kube/deploy/apps/{komga => media/kavita}/kustomization.yaml (88%) rename kube/deploy/apps/{ => media}/komga/app/es.yaml (98%) rename kube/deploy/apps/{ => media}/komga/app/hr.yaml (88%) rename kube/deploy/apps/{ => media}/komga/ks.yaml (88%) create mode 100644 kube/deploy/apps/media/komga/kustomization.yaml diff --git a/kube/clusters/biohazard/flux/kustomization.yaml b/kube/clusters/biohazard/flux/kustomization.yaml index a4bf393a04..1e254c3600 100644 --- a/kube/clusters/biohazard/flux/kustomization.yaml +++ b/kube/clusters/biohazard/flux/kustomization.yaml @@ -68,6 +68,7 @@ resources: # - ../../../deploy/apps/renovate/ # - ../../../deploy/apps/kubevirt/ - ../../../deploy/apps/default/ + - ../../../deploy/apps/authentik/ - ../../../deploy/apps/whoogle/ - ../../../deploy/apps/searxng/ - ../../../deploy/apps/cyberchef/ @@ -76,8 +77,9 @@ resources: - ../../../deploy/apps/minecraft2/ - ../../../deploy/apps/sandstorm/ - ../../../deploy/apps/jellyfin/ - - ../../../deploy/apps/kavita/ - - ../../../deploy/apps/authentik/ + - ../../../deploy/apps/media/ + - ../../../deploy/apps/media/kavita/ + - ../../../deploy/apps/media/komga/ - ../../../deploy/apps/kanidm/ #- ../../../deploy/apps/syncthing/ # TODO: re-add once fixed up - ../../../deploy/apps/excalidraw/ @@ -129,7 +131,6 @@ resources: - ../../../deploy/apps/radicale/ - ../../../deploy/apps/immich/ - ../../../deploy/apps/kromgo/ - - ../../../deploy/apps/komga/ - ../../../deploy/apps/blocky/ - ../../../deploy/apps/cryptpad/ - ../../../deploy/vm/_kubevirt/ diff --git a/kube/deploy/apps/komga/ns.yaml b/kube/deploy/apps/komga/ns.yaml deleted file mode 100644 index 8b475c43f2..0000000000 --- a/kube/deploy/apps/komga/ns.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: komga - labels: - kustomize.toolkit.fluxcd.io/prune: disabled - pod-security.kubernetes.io/enforce: &ps baseline - pod-security.kubernetes.io/audit: *ps - pod-security.kubernetes.io/warn: *ps diff --git a/kube/deploy/apps/media/_deps/app/pvc.yaml b/kube/deploy/apps/media/_deps/app/pvc.yaml new file mode 100644 index 0000000000..4e12475ece --- /dev/null +++ b/kube/deploy/apps/media/_deps/app/pvc.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "media-bulk" + namespace: &app "media" + annotations: + description: "PVC for bulk media storage." + labels: + app.kubernetes.io/part-of: *app + snapshot.home.arpa/enabled: "true" + kustomize.toolkit.fluxcd.io/prune: "Disabled" +spec: + storageClassName: "file-ec-2-1" + accessModes: ["ReadWriteMany"] + resources: + requests: + storage: "200Gi" diff --git a/kube/deploy/apps/media/_deps/ks.yaml b/kube/deploy/apps/media/_deps/ks.yaml new file mode 100644 index 0000000000..717c58376c --- /dev/null +++ b/kube/deploy/apps/media/_deps/ks.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: media-1-deps + namespace: flux-system + labels: &l + app.kubernetes.io/part-of: "media" +spec: + commonMetadata: + labels: *l + path: ./kube/deploy/apps/media/_deps/app + targetNamespace: "media" + dependsOn: + - name: media-data-pvc +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: media-data-pvc + namespace: flux-system + labels: &l + app.kubernetes.io/part-of: "media" +spec: + commonMetadata: + labels: *l + path: ./kube/deploy/core/storage/volsync/template + targetNamespace: "media" + dependsOn: + - name: 1-core-storage-volsync-app + - name: 1-core-storage-rook-ceph-cluster + postBuild: + substitute: + PVC: "media-data" + SIZE: "200Gi" + SC: &sc "file" + SNAP: *sc + ACCESSMODE: "ReadWriteMany" + RUID: &uid "6969" + RGID: *uid + RFSG: *uid diff --git a/kube/deploy/apps/kavita/kustomization.yaml b/kube/deploy/apps/media/_deps/kustomization.yaml similarity index 100% rename from kube/deploy/apps/kavita/kustomization.yaml rename to kube/deploy/apps/media/_deps/kustomization.yaml diff --git a/kube/deploy/apps/kavita/ns.yaml b/kube/deploy/apps/media/_deps/ns.yaml similarity index 94% rename from kube/deploy/apps/kavita/ns.yaml rename to kube/deploy/apps/media/_deps/ns.yaml index 20ba89825c..d6b2104275 100644 --- a/kube/deploy/apps/kavita/ns.yaml +++ b/kube/deploy/apps/media/_deps/ns.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: kavita + name: media labels: kustomize.toolkit.fluxcd.io/prune: disabled pod-security.kubernetes.io/enforce: &ps baseline # NFS pod-level volumeMount diff --git a/kube/deploy/apps/kavita/app/hr.yaml b/kube/deploy/apps/media/kavita/app/hr.yaml similarity index 87% rename from kube/deploy/apps/kavita/app/hr.yaml rename to kube/deploy/apps/media/kavita/app/hr.yaml index ecc75d7985..45793829ed 100644 --- a/kube/deploy/apps/kavita/app/hr.yaml +++ b/kube/deploy/apps/media/kavita/app/hr.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: &app kavita - namespace: *app + namespace: media spec: interval: 5m chart: @@ -23,7 +23,6 @@ spec: labels: ingress.home.arpa/nginx-internal: "allow" egress.home.arpa/internet: "allow" # metadata fetching - tailscale.com/expose: "true" containers: main: image: &img @@ -54,7 +53,7 @@ spec: primary: true className: "nginx-internal" hosts: - - host: &host "${APP_DNS_KAVITA}" + - host: &host "${APP_DNS_KAVITA:=kavita}" paths: &paths - path: / pathType: Prefix @@ -63,29 +62,32 @@ spec: port: http tls: - hosts: [*host] - tailscale: - enabled: true - primary: true - className: "tailscale" - hosts: - - host: &host "${APP_DNS_TS_KAVITA}" - paths: *paths - tls: - - hosts: [*host] persistence: config: enabled: true existingClaim: "kavita-config" globalMounts: - path: "/kavita/config" - media: + nas: enabled: true type: nfs server: "${IP_TRUENAS}" path: "${PATH_NAS_MEDIA}" + globalMounts: + - path: "/nas" + readOnly: true + media: + enabled: true + existingClaim: "media-data" # VolSync globalMounts: - path: "/media" readOnly: true + bulk: + enabled: true + existingClaim: "media-bulk" # no backups + globalMounts: + - path: "/bulk" + readOnly: true backups: enabled: true type: nfs @@ -107,11 +109,11 @@ spec: enableServiceLinks: false securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_KAVITA} + runAsUser: &uid ${APP_UID_KAVITA:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: "Always" - supplementalGroups: [6969] + supplementalGroups: [6969] # NAS seccompProfile: { type: "RuntimeDefault" } topologySpreadConstraints: - maxSkew: 1 diff --git a/kube/deploy/apps/kavita/ks.yaml b/kube/deploy/apps/media/kavita/ks.yaml similarity index 90% rename from kube/deploy/apps/kavita/ks.yaml rename to kube/deploy/apps/media/kavita/ks.yaml index 90aecf7c91..15d1e439e9 100644 --- a/kube/deploy/apps/kavita/ks.yaml +++ b/kube/deploy/apps/media/kavita/ks.yaml @@ -9,8 +9,8 @@ metadata: spec: commonMetadata: labels: *l - path: ./kube/deploy/apps/kavita/app - targetNamespace: "kavita" + path: ./kube/deploy/apps/media/kavita/app + targetNamespace: "media" dependsOn: - name: kavita-pvc --- @@ -25,7 +25,7 @@ spec: commonMetadata: labels: *l path: ./kube/deploy/core/storage/volsync/template - targetNamespace: "kavita" + targetNamespace: "media" dependsOn: - name: 1-core-storage-volsync-app - name: 1-core-storage-rook-ceph-cluster diff --git a/kube/deploy/apps/komga/kustomization.yaml b/kube/deploy/apps/media/kavita/kustomization.yaml similarity index 88% rename from kube/deploy/apps/komga/kustomization.yaml rename to kube/deploy/apps/media/kavita/kustomization.yaml index 5eeb2657b6..70a7702900 100644 --- a/kube/deploy/apps/komga/kustomization.yaml +++ b/kube/deploy/apps/media/kavita/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ns.yaml - ks.yaml diff --git a/kube/deploy/apps/komga/app/es.yaml b/kube/deploy/apps/media/komga/app/es.yaml similarity index 98% rename from kube/deploy/apps/komga/app/es.yaml rename to kube/deploy/apps/media/komga/app/es.yaml index 12efe38b02..94677df82d 100644 --- a/kube/deploy/apps/komga/app/es.yaml +++ b/kube/deploy/apps/media/komga/app/es.yaml @@ -4,7 +4,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: &name komga-secrets - namespace: komga + namespace: media spec: refreshInterval: 1m secretStoreRef: diff --git a/kube/deploy/apps/komga/app/hr.yaml b/kube/deploy/apps/media/komga/app/hr.yaml similarity index 88% rename from kube/deploy/apps/komga/app/hr.yaml rename to kube/deploy/apps/media/komga/app/hr.yaml index c5c9e07322..5816c6dfe9 100644 --- a/kube/deploy/apps/komga/app/hr.yaml +++ b/kube/deploy/apps/media/komga/app/hr.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: &app komga - namespace: *app + namespace: media spec: interval: 5m chart: @@ -65,7 +65,7 @@ spec: main: className: nginx-internal hosts: - - host: &host "${APP_DNS_KOMGA}" + - host: &host "${APP_DNS_KOMGA:=komga}" paths: &paths - path: / pathType: Prefix @@ -74,13 +74,6 @@ spec: port: http tls: - hosts: [*host] - tailscale: - className: tailscale - hosts: - - host: &host "${APP_DNS_TS_KOMGA}" - paths: *paths - tls: - - hosts: [*host] persistence: config: type: secret @@ -103,6 +96,16 @@ spec: globalMounts: - path: /nas readOnly: true + media: + existingClaim: "media-data" # VolSync + globalMounts: + - path: "/media" + readOnly: true + bulk: + existingClaim: "media-bulk" # no backups + globalMounts: + - path: "/bulk" + readOnly: true defaultPodOptions: automountServiceAccountToken: false enableServiceLinks: false @@ -111,10 +114,11 @@ spec: hostnames: ["${APP_DNS_AUTHENTIK}"] securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_KOMGA:=1000} + runAsUser: &uid ${APP_DNS_KOMGA:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always + supplementalGroups: [6969] # NAS seccompProfile: { type: "RuntimeDefault" } topologySpreadConstraints: - maxSkew: 1 diff --git a/kube/deploy/apps/komga/ks.yaml b/kube/deploy/apps/media/komga/ks.yaml similarity index 88% rename from kube/deploy/apps/komga/ks.yaml rename to kube/deploy/apps/media/komga/ks.yaml index ef9c8d0ec9..28d2ce03b9 100644 --- a/kube/deploy/apps/komga/ks.yaml +++ b/kube/deploy/apps/media/komga/ks.yaml @@ -9,8 +9,8 @@ metadata: spec: commonMetadata: labels: *l - path: ./kube/deploy/apps/komga/app - targetNamespace: "komga" + path: ./kube/deploy/apps/media/komga/app + targetNamespace: "media" dependsOn: - name: komga-pvc --- @@ -25,14 +25,14 @@ spec: commonMetadata: labels: *l path: ./kube/deploy/core/storage/volsync/template - targetNamespace: "komga" + targetNamespace: "media" dependsOn: - name: 1-core-storage-volsync-app - name: 1-core-storage-rook-ceph-cluster postBuild: substitute: PVC: "komga-data" - SIZE: "200Gi" + SIZE: "10Gi" SC: &sc "file" SNAP: *sc ACCESSMODE: "ReadWriteMany" diff --git a/kube/deploy/apps/media/komga/kustomization.yaml b/kube/deploy/apps/media/komga/kustomization.yaml new file mode 100644 index 0000000000..70a7702900 --- /dev/null +++ b/kube/deploy/apps/media/komga/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ks.yaml