j37hr0/k8s
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

initial commit, *arr stack working, forgejo online but ssh pushing not working yet

Browse source
This commit is contained in:
JethroC Admin 2026-03-08 17:19:04 +13:00
commit 6457a68f17
49 changed files with 1418 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
ceph-rbd-sc.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
***REMOVED***
name: ceph-rbd
provisioner: rbd.csi.ceph.com
parameters:
clusterID: 003e55bd-532b-4240-a8d6-75b784735404
pool: pool0
imageFormat: "2"
imageFeatures: layering
csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
csi.storage.k8s.io/provisioner-secret-namespace: kube-system
csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
csi.storage.k8s.io/node-stage-secret-namespace: kube-system
reclaimPolicy: Delete
allowVolumeExpansion: true

8
ceph-secret.yaml Normal file
View file

@ -0,0 +1,8 @@
***REMOVED***
***REMOVED***
***REMOVED***
name: csi-rbd-secret
namespace: kube-system
***REMOVED***
userID: k8s
userKey: AQAVVqJprYZeFBAALRdX3gJGaN/5kRNnVVadHw==

13
namespaces/arr/arr-configmap.yaml Normal file
View file

@ -0,0 +1,13 @@
***REMOVED***
kind: ConfigMap
***REMOVED***
name: arr-config
namespace: media
data:
APP_ENV: production
DEFAULT_LANGUAGE: en_US
DEFAULT_LOCALE: equal
TZ: Pacific/Auckland
TRUSTED_PROXIES: "**"
USERNAME: jpcitadmin
PASSWORD: pm1njqt6

16
namespaces/arr/default-headers-media.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
***REMOVED***
name: default-headers-media
namespace: media
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https

70
namespaces/arr/jellyfin/jellyfin-deployment.yaml Normal file
View file

@ -0,0 +1,70 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: jellyfin
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: jellyfin
template:
***REMOVED***
labels:
app: jellyfin
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: media-transcode
operator: In
values:
- "true"
containers:
- name: jellyfin
image: jellyfin/jellyfin:latest
ports:
- containerPort: 8096
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Pacific/Auckland"
volumeMounts:
- name: config
mountPath: /config
- name: jellyfin-media
mountPath: /media
- name: dri
mountPath: /dev/dri
- name: jellyfin-media-seagate
mountPath: /seagate
securityContext:
privileged: true
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyfin-config
- name: jellyfin-media
persistentVolumeClaim:
claimName: jellyfin-media
- name: jellyfin-media-seagate
persistentVolumeClaim:
claimName: jellyfin-media-seagate
- name: dri
hostPath:
path: /dev/dri

58
namespaces/arr/jellyfin/jellyfin-deployment.yaml.old Normal file
View file

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: jellyfin
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: jellyfin
template:
***REMOVED***
labels:
app: jellyfin
strategy:
type: Recreate
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: media-transcode
operator: In
values:
- "true"
spec:
containers:
- name: jellyfin
image: jellyfin/jellyfin
volumeMounts:
- name: config
mountPath: /config
- name: videos
mountPath: /data/videos
- name: dri
mountPath: /dev/dri
securityContext:
privileged: true
ports:
- containerPort: 8096
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Pacific/Auckland"
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyfin-config
- name: videos
persistentVolumeClaim:
claimName: jellyfin-media
- name: dri
hostPath:
path: /dev/dri

27
namespaces/arr/jellyfin/jellyfin-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: jellyfin
namespace: media
spec:
ingressClassName: traefik
rules:
- host: jellyfin.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jellyfin
port:
number: 80
# - match: Host(`movies.merox.cloud`) # change to your domain
# kind: Rule
# services:
# - name: app # radarr for example
# port: 80
# middlewares:
# - name: default-headers-media
# tls:
# secretName: mycert-tls # change to your cert name

12
namespaces/arr/jellyfin/jellyfin-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: jellyfin-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 10Gi

12
namespaces/arr/jellyfin/jellyfin-service.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: Service
***REMOVED***
name: jellyfin
namespace: media
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8096
selector:
app: jellyfin

4
namespaces/arr/media-namespace.yaml Normal file
View file

@ -0,0 +1,4 @@
***REMOVED***
kind: Namespace
***REMOVED***
name: media

32
namespaces/arr/mediapvs/mediadownloadspv-and-pvc-seagate.yaml Normal file
View file

@ -0,0 +1,32 @@
#text
***REMOVED***
kind: PersistentVolume
***REMOVED***
name: qbittorrent-downloads-seagate
spec:
capacity:
storage: 2800Gi
accessModes:
- ReadWriteMany
nfs:
path: /media/seagate/downloads
server: 192.168.88.242
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=3
storageClassName: ""
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: qbittorrent-downloads-seagate
namespace: media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2800Gi
volumeName: qbittorrent-downloads-seagate
storageClassName: ""

32
namespaces/arr/mediapvs/mediadownloadspv-and-pvc.yaml Normal file
View file

@ -0,0 +1,32 @@
#text
***REMOVED***
kind: PersistentVolume
***REMOVED***
name: qbittorrent-downloads
spec:
capacity:
storage: 1900Gi
accessModes:
- ReadWriteMany
nfs:
path: /media/storage/downloads
server: 192.168.88.242
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=3
storageClassName: ""
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: qbittorrent-downloads
namespace: media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1900Gi
volumeName: qbittorrent-downloads
storageClassName: ""

31
namespaces/arr/mediapvs/mediapv-and-pvc-seagate.yaml Normal file
View file

@ -0,0 +1,31 @@
***REMOVED***
kind: PersistentVolume
***REMOVED***
name: jellyfin-media-seagate
spec:
capacity:
storage: 2800Gi
accessModes:
- ReadWriteMany
nfs:
path: /media/seagate
server: 192.168.88.242
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=3
storageClassName: ""
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: jellyfin-media-seagate
namespace: media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2800Gi
volumeName: jellyfin-media-seagate
storageClassName: ""

31
namespaces/arr/mediapvs/mediapv-and-pvc.yaml Normal file
View file

@ -0,0 +1,31 @@
***REMOVED***
kind: PersistentVolume
***REMOVED***
name: jellyfin-media
spec:
capacity:
storage: 1900Gi
accessModes:
- ReadWriteMany
nfs:
path: /media/storage
server: 192.168.88.242
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=3
storageClassName: ""
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: jellyfin-media
namespace: media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1900Gi
volumeName: jellyfin-media
storageClassName: ""

32
namespaces/arr/plex/plex-deployment.yaml Normal file
View file

@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: plex
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: plex
template:
***REMOVED***
labels:
app: plex
spec:
containers:
- name: plex
image: lscr.io/linuxserver/plex
volumeMounts:
- name: config
mountPath: /config
- name: videos
mountPath: /data/videos
ports:
- containerPort: 8096
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyfin-config
- name: videos
persistentVolumeClaim:
claimName: jellyfin-videos

27
namespaces/arr/plex/plex-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: plex
namespace: media
spec:
ingressClassName: traefik
rules:
- host: plex.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: plex
port:
number: 80
# - match: Host(`movies.merox.cloud`) # change to your domain
# kind: Rule
# services:
# - name: app # radarr for example
# port: 80
# middlewares:
# - name: default-headers-media
# tls:
# secretName: mycert-tls # change to your cert name

12
namespaces/arr/plex/plex-service.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: Service
***REMOVED***
name: plex
namespace: media
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 32400
selector:
app: plex

44
namespaces/arr/prowlarr/prowlarr-config.yaml Normal file
View file

@ -0,0 +1,44 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: prowlarr
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: prowlarr
template:
***REMOVED***
labels:
app: prowlarr
spec:
# InitContainer to fix permissions on the storage directory
initContainers:
- name: init-storage
image: busybox
command:
- sh
- -c
- |
mkdir -p /config && chown -R 33:33 /config
volumeMounts:
- name: config
mountPath: /config
containers:
- name: prowlarr
image: linuxserver/prowlarr
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
volumeMounts:
- name: config
mountPath: /config
ports:
- containerPort: 9696
volumes:
- name: config
persistentVolumeClaim:
claimName: prowlarr-config

27
namespaces/arr/prowlarr/prowlarr-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: prowlarr
namespace: media
spec:
ingressClassName: traefik
rules:
- host: prowlarr.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prowlarr
port:
number: 80
# - match: Host(`movies.merox.cloud`) # change to your domain
# kind: Rule
# services:
# - name: app # radarr for example
# port: 80
# middlewares:
# - name: default-headers-media
# tls:
# secretName: mycert-tls # change to your cert name

12
namespaces/arr/prowlarr/prowlarr-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: prowlarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 500Mi

12
namespaces/arr/prowlarr/prowlarr-service.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: Service
***REMOVED***
name: prowlarr
namespace: media
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9696
selector:
app: prowlarr

42
namespaces/arr/qbittorrent/qbittorrent-deployment.yaml Normal file
View file

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: qbittorrent
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: qbittorrent
template:
***REMOVED***
labels:
app: qbittorrent
spec:
containers:
- name: qbittorrent
image: linuxserver/qbittorrent
resources:
limits:
memory: "2Gi"
requests:
memory: "512Mi"
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
volumeMounts:
- name: config
mountPath: /config
- name: downloads
mountPath: /downloads
ports:
- containerPort: 8080
volumes:
- name: config
persistentVolumeClaim:
claimName: qbittorrent-config
- name: downloads
persistentVolumeClaim:
claimName: qbittorrent-downloads

27
namespaces/arr/qbittorrent/qbittorrent-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: qbittorrent
namespace: media
spec:
ingressClassName: traefik
rules:
- host: qbittorrent.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: qbittorrent
port:
number: 80
# - match: Host(`movies.merox.cloud`) # change to your domain
# kind: Rule
# services:
# - name: app # radarr for example
# port: 80
# middlewares:
# - name: default-headers-media
# tls:
# secretName: mycert-tls # change to your cert name

12
namespaces/arr/qbittorrent/qbittorrent-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: qbittorrent-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 500Mi

12
namespaces/arr/qbittorrent/qbittorrent-service.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: Service
***REMOVED***
name: qbittorrent
namespace: media
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
selector:
app: qbittorrent

42
namespaces/arr/radarr/radarr-deployment.yaml Normal file
View file

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: radarr
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: radarr
template:
***REMOVED***
labels:
app: radarr
spec:
containers:
- name: radarr
image: linuxserver/radarr
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
volumeMounts:
- name: config
mountPath: /config
- name: videos
mountPath: /movies
- name: downloads
mountPath: /downloads
ports:
- containerPort: 7878
volumes:
- name: config
persistentVolumeClaim:
claimName: radarr-config
- name: videos
persistentVolumeClaim:
claimName: jellyfin-media
- name: downloads
persistentVolumeClaim:
claimName: qbittorrent-downloads

27
namespaces/arr/radarr/radarr-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: radarr
namespace: media
spec:
ingressClassName: traefik
rules:
- host: radarr.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: radarr
port:
number: 80
# - match: Host(`movies.merox.cloud`) # change to your domain
# kind: Rule
# services:
# - name: app # radarr for example
# port: 80
# middlewares:
# - name: default-headers-media
# tls:
# secretName: mycert-tls # change to your cert name

12
namespaces/arr/radarr/radarr-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: radarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 500Mi

12
namespaces/arr/radarr/radarr-service.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: Service
***REMOVED***
name: radarr
namespace: media
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 7878
selector:
app: radarr

53
namespaces/arr/sonarr/sonarr-deployment.yaml Normal file
View file

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: sonarr
namespace: media
spec:
replicas: 1
selector:
matchLabels:
app: sonarr
template:
***REMOVED***
labels:
app: sonarr
spec:
initContainers:
- name: init-storage
image: busybox
command:
- sh
- -c
- |
mkdir -p /config && chown -R 33:33 /config
volumeMounts:
- name: config
mountPath: /config
containers:
- name: sonarr
image: linuxserver/sonarr
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
volumeMounts:
- name: config
mountPath: /config
- name: videos
mountPath: /tv
- name: downloads
mountPath: /downloads
ports:
- containerPort: 8989
volumes:
- name: config
persistentVolumeClaim:
claimName: sonarr-config
- name: videos
persistentVolumeClaim:
claimName: jellyfin-media
- name: downloads
persistentVolumeClaim:
claimName: qbittorrent-downloads

27
namespaces/arr/sonarr/sonarr-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: sonarr
namespace: media
spec:
ingressClassName: traefik
rules:
- host: sonarr.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sonarr
port:
number: 80
# - match: Host(`movies.merox.cloud`) # change to your domain
# kind: Rule
# services:
# - name: app # radarr for example
# port: 80
# middlewares:
# - name: default-headers-media
# tls:
# secretName: mycert-tls # change to your cert name

12
namespaces/arr/sonarr/sonarr-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: sonarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 500Mi

12
namespaces/arr/sonarr/sonarr-service.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: Service
***REMOVED***
name: sonarr
namespace: media
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8989
selector:
app: sonarr

78
namespaces/fireflyiii/firefly-app.yaml Normal file
View file

@ -0,0 +1,78 @@
***REMOVED***
***REMOVED***
***REMOVED***
name: firefly-secret
namespace: firefly
***REMOVED***
***REMOVED***
APP_KEY: mGZYm25jttwFptoskC+qcprTY23iHArM
---
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: firefly
namespace: firefly
spec:
replicas: 1
selector:
matchLabels:
app: firefly
template:
***REMOVED***
labels:
app: firefly
spec:
# InitContainer to fix permissions on the storage directory
initContainers:
- name: init-storage
image: busybox
command:
- sh
- -c
- |
mkdir -p /var/www/html/storage && chown -R 33:33 /var/www/html/storage
volumeMounts:
- name: firefly-data
mountPath: /var/www/html/storage
containers:
- name: firefly
image: fireflyiii/core:latest
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: firefly-config
- secretRef:
name: firefly-secret
volumeMounts:
- name: firefly-data
mountPath: /var/www/html/storage
volumes:
- name: firefly-data
persistentVolumeClaim:
claimName: firefly-data
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: firefly-data
namespace: firefly
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
***REMOVED***
kind: Service
***REMOVED***
name: firefly
namespace: firefly
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: firefly

83
namespaces/fireflyiii/firefly-app.yaml.old Normal file
View file

@ -0,0 +1,83 @@
***REMOVED***
***REMOVED***
***REMOVED***
name: firefly-secret
namespace: firefly
***REMOVED***
***REMOVED***
APP_KEY: RIJCNjIgmM+46tFaOznt00MadL0O0SrJnp1MzPPz/lo=
---
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: firefly
namespace: firefly
spec:
replicas: 1
selector:
matchLabels:
app: firefly
template:
***REMOVED***
labels:
app: firefly
spec:
containers:
- name: firefly
image: fireflyiii/core:latest
ports:
- containerPort: 8080
env:
- name: DB_CONNECTION
value: pgsql
- name: DB_HOST
value: postgres
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_DB
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_USER
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_PASSWORD
volumeMounts:
- name: firefly-data
mountPath: /var/www/html/storage
volumes:
- name: firefly-data
persistentVolumeClaim:
claimName: firefly-data
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: firefly-data
namespace: firefly
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
***REMOVED***
kind: Service
***REMOVED***
name: firefly
namespace: firefly
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: firefly

100
namespaces/fireflyiii/firefly-app.yaml.old.new Normal file
View file

@ -0,0 +1,100 @@
***REMOVED***
***REMOVED***
***REMOVED***
name: firefly-secret
namespace: firefly
***REMOVED***
***REMOVED***
APP_KEY: mGZYm25jttwFptoskC+qcprTY23iHArM
---
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: firefly
namespace: firefly
spec:
replicas: 1
selector:
matchLabels:
app: firefly
template:
***REMOVED***
labels:
app: firefly
spec:
# InitContainer to fix permissions on the storage directory
initContainers:
- name: init-storage
image: busybox
command:
- sh
- -c
- |
mkdir -p /var/www/html/storage && chown -R 33:33 /var/www/html/storage
volumeMounts:
- name: firefly-data
mountPath: /var/www/html/storage
containers:
- name: firefly
image: fireflyiii/core:latest
ports:
- containerPort: 8080
env:
- name: DB_CONNECTION
value: pgsql
- name: DB_HOST
value: postgres
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_DB
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_USER
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_PASSWORD
- name: APP_KEY
valueFrom:
secretKeyRef:
name: firefly-secret
key: APP_KEY
volumeMounts:
- name: firefly-data
mountPath: /var/www/html/storage
volumes:
- name: firefly-data
persistentVolumeClaim:
claimName: firefly-data
---
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: firefly-data
namespace: firefly
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi
---
***REMOVED***
kind: Service
***REMOVED***
name: firefly
namespace: firefly
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: firefly

58
namespaces/fireflyiii/firefly-cm.yaml Normal file
View file

@ -0,0 +1,58 @@
***REMOVED***
kind: ConfigMap
***REMOVED***
name: firefly-config
namespace: firefly
data:
APP_ENV: production
APP_DEBUG: "false"
SITE_OWNER: jethro.cotton3@gmail.com
DEFAULT_LANGUAGE: en_US
DEFAULT_LOCALE: equal
TZ: Pacific/Auckland
TRUSTED_PROXIES: "**"
LOG_CHANNEL: stack
APP_LOG_LEVEL: notice
AUDIT_LOG_LEVEL: emergency
DB_CONNECTION: pgsql
DB_HOST: postgres
DB_PORT: "5432"
DB_DATABASE: firefly
DB_USERNAME: firefly
PGSQL_SSL_MODE: prefer
PGSQL_SCHEMA: public
CACHE_DRIVER: file
SESSION_DRIVER: file
REDIS_SCHEME: tcp
REDIS_HOST: 127.0.0.1
REDIS_PORT: "6379"
REDIS_DB: "0"
REDIS_CACHE_DB: "1"
COOKIE_PATH: "/"
COOKIE_SECURE: "false"
COOKIE_SAMESITE: lax
MAIL_MAILER: log
MAIL_HOST: smtp.gmail.com
MAIL_PORT: "587"
MAIL_FROM: jethro.cotton3@gmail.com
MAIL_ENCRYPTION: null
SEND_ERROR_MESSAGE: "true"
SEND_REPORT_JOURNALS: "true"
ENABLE_EXTERNAL_MAP: "false"
ENABLE_EXTERNAL_RATES: "false"
MAP_DEFAULT_LAT: "51.983333"
MAP_DEFAULT_LONG: "5.916667"
MAP_DEFAULT_ZOOM: "6"
AUTHENTICATION_GUARD: web
AUTHENTICATION_GUARD_HEADER: REMOTE_USER
DISABLE_FRAME_HEADER: "false"
DISABLE_CSP_HEADER: "false"
ALLOW_WEBHOOKS: "false"
DKR_BUILD_LOCALE: "false"
DKR_CHECK_SQLITE: "true"
APP_NAME: FireflyIII
BROADCAST_DRIVER: log
QUEUE_DRIVER: sync
CACHE_PREFIX: firefly
FIREFLY_III_LAYOUT: v1
APP_URL: http://firefly_iii_core

18
namespaces/fireflyiii/firefly-ingress.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: firefly
namespace: firefly
spec:
ingressClassName: traefik
rules:
- host: firefly.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: firefly
port:
number: 80

4
namespaces/fireflyiii/firefly-namespace.yaml Normal file
View file

@ -0,0 +1,4 @@
***REMOVED***
kind: Namespace
***REMOVED***
name: firefly

72
namespaces/fireflyiii/firefly-postgres.yaml Normal file
View file

@ -0,0 +1,72 @@
***REMOVED***
***REMOVED***
***REMOVED***
name: postgres-secret
namespace: firefly
***REMOVED***
***REMOVED***
POSTGRES_DB: firefly
POSTGRES_USER: firefly
POSTGRES_PASSWORD: pm1njqt6ulc92231
---
apiVersion: apps/v1
kind: StatefulSet
***REMOVED***
name: postgres
namespace: firefly
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
app: postgres
template:
***REMOVED***
labels:
app: postgres
spec:
initContainers:
- name: init-postgres-dir
image: busybox
command:
- sh
- -c
- |
mkdir -p /var/lib/postgresql/data/pgdata && chown -R 999:999 /var/lib/postgresql/data
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
containers:
- name: postgres
image: postgres:15
envFrom:
- secretRef:
name: postgres-secret
env:
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
ports:
- containerPort: 5432
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- ***REMOVED***
name: postgres-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: ceph-rbd
resources:
requests:
storage: 10Gi
---
***REMOVED***
kind: Service
***REMOVED***
name: postgres
namespace: firefly
spec:
ports:
- port: 5432
selector:
app: postgres

12
namespaces/fireflyiii/firefly-secret.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
***REMOVED***
***REMOVED***
name: firefly-secret
namespace: firefly
***REMOVED***
***REMOVED***
APP_KEY: mGZYm25jttwFptoskC+qcprTY23iHArM
DB_PASSWORD: pm1njqt6ulc92231
MAIL_USERNAME: jethro.cotton3@gmail.com
MAIL_PASSWORD: wpreineebdyvzkoz
STATIC_CRON_TOKEN: jq1VaxCOKM1H3vW535qlQlpdSbz3exwu

64
namespaces/forgejo/forgejo-deployment.yaml Normal file
View file

@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: Deployment
***REMOVED***
name: forgejo
namespace: forgejo
labels:
app: forgejo
spec:
replicas: 1
selector:
matchLabels:
app: forgejo
template:
***REMOVED***
labels:
app: forgejo
spec:
containers:
- name: forgejo
image: codeberg.org/forgejo/forgejo:7
ports:
- name: http
containerPort: 3000
protocol: TCP
- name: ssh
containerPort: 22
protocol: TCP
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "sqlite3"
volumeMounts:
- name: forgejo-data
mountPath: /data
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /api/healthz
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/healthz
port: 3000
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
volumes:
- name: forgejo-data
persistentVolumeClaim:
claimName: forgejo-pvc

18
namespaces/forgejo/forgejo-ingress.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: forgejo
namespace: forgejo
spec:
ingressClassName: traefik
rules:
- host: forgejo.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: forgejo
port:
number: 80

4
namespaces/forgejo/forgejo-namespace.yaml Normal file
View file

@ -0,0 +1,4 @@
***REMOVED***
kind: Namespace
***REMOVED***
name: forgejo

12
namespaces/forgejo/forgejo-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: forgejo-pvc
namespace: forgejo
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 10Gi

18
namespaces/forgejo/forgejo-service.yaml Normal file
View file

@ -0,0 +1,18 @@
***REMOVED***
kind: Service
***REMOVED***
name: forgejo
namespace: forgejo
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 3000
protocol: TCP
- name: ssh
port: 22
targetPort: 22
protocol: TCP
selector:
app: forgejo

17
namespaces/monitoring/ingress.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
***REMOVED***
name: grafana
namespace: monitoring
spec:
rules:
- host: grafana.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: monitoring-grafana
port:
number: 80

31
namespaces/monitoring/values.yaml Normal file
View file

@ -0,0 +1,31 @@
prometheus:
prometheusSpec:
retention: 15d
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: local-path # change if needed
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 30Gi
grafana:
adminPassword: "pm1njqt6"
persistence:
enabled: true
storageClassName: local-path
accessModes:
- ReadWriteOnce
size: 10Gi
alertmanager:
alertmanagerSpec:
storage:
volumeClaimTemplate:
spec:
storageClassName: local-path
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

11
pvc.yaml Normal file
View file

@ -0,0 +1,11 @@
***REMOVED***
kind: PersistentVolumeClaim
***REMOVED***
name: ceph-test-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 5Gi