diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml new file mode 100644 index 0000000..8637947 --- /dev/null +++ b/.gitea/workflows/kubeconform.yml @@ -0,0 +1,78 @@ +name: Validate Kubernetes Manifests + +on: pull_request + +jobs: + kubeconform: + runs-on: ubuntu-latest + container: + image: gitea.akshun-lab.cc/aggarwalakshun/kube-tools:1.1.0 + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v47 + with: + files: | + **.yml + !.gitea/workflows/** + !clusters/default/system-upgrade/crd.yml + + - name: Validate Manifests + if: steps.changed-files.outputs.any_changed == 'true' + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} + shell: bash + run: | + set -o pipefail + + declare -A SCHEMA_MAP=( + ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" + ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" + ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json" + ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json" + ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json" + ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" + ["Plan"]="upgrade.cattle.io/plan_v1.json" + ) + + EXIT_CODE=0 + + for file in ${ALL_CHANGED_FILES}; do + [ -z "$file" ] && continue + echo "=== Validating: $file ===" + + yq e -o=json '. as $item ireduce ([]; . + [$item])' "$file" | \ + jq -c '.[] | select(.kind != null)' | \ + while read -r manifest; do + KIND=$(echo "$manifest" | jq -r '.kind // ""') + + if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then + echo "Found $KIND - using custom schema" + SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" + + if ! echo "$manifest" | kubeconform \ + -schema-location "$SCHEMA_URL" \ + -output json \ + -; then + EXIT_CODE=1 + fi + else + echo "Validating with default schemas" + if ! echo "$manifest" | kubeconform \ + -schema-location default \ + -output json \ + -; then + EXIT_CODE=1 + fi + fi + done + + echo "" + done + + exit $EXIT_CODE diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml new file mode 100644 index 0000000..06d258a --- /dev/null +++ b/.gitea/workflows/renovate.yml @@ -0,0 +1,23 @@ +name: renovate + +on: + schedule: + - cron: "@daily" + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + container: + image: renovate/renovate:42.64.1 + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Run Renovate + env: + RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} + GITHUB_COM_TOKEN: ${{ secrets.PAT_TOKEN }} + run: | + renovate diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ddd7229 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/tmp-pod.yml +/Dockerfile diff --git a/clusters/ipv6/gpu-operator/nvidia/gpu-operator-configmap.yml b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-configmap.yml new file mode 100644 index 0000000..7d89550 --- /dev/null +++ b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-configmap.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: time-slicing-config + namespace: gpu-operator +data: + any: |- + version: v1 + flags: + migStrategy: none + sharing: + timeSlicing: + resources: + - name: nvidia.com/gpu + replicas: 4 + +# remember to patch the cluster policy to use this configmap +# kubectl patch clusterpolicy/cluster-policy -n gpu-operator --type merge -p '{"spec": {"devicePlugin": {"config": {"name": "time-slicing-config", "default": "any"}}}}' diff --git a/clusters/ipv6/gpu-operator/nvidia/gpu-operator-policy.yml b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-policy.yml new file mode 100644 index 0000000..b595d03 --- /dev/null +++ b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-policy.yml @@ -0,0 +1,289 @@ +apiVersion: nvidia.com/v1 +kind: ClusterPolicy +metadata: + annotations: + meta.helm.sh/release-name: gpu-operator + meta.helm.sh/release-namespace: gpu-operator + generation: 2 + labels: + app.kubernetes.io/component: gpu-operator + app.kubernetes.io/instance: gpu-operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gpu-operator + app.kubernetes.io/version: v25.3.2 + helm.sh/chart: gpu-operator-v25.3.2 + helm.toolkit.fluxcd.io/name: gpu-operator + helm.toolkit.fluxcd.io/namespace: gpu-operator + name: cluster-policy +spec: + ccManager: + defaultMode: "off" + enabled: false + env: [] + image: k8s-cc-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.1.1 + cdi: + default: false + enabled: false + daemonsets: + labels: + app.kubernetes.io/managed-by: gpu-operator + helm.sh/chart: gpu-operator-v25.3.2 + priorityClassName: system-node-critical + rollingUpdate: + maxUnavailable: "1" + tolerations: + - effect: NoSchedule + key: nvidia.com/gpu + operator: Exists + updateStrategy: RollingUpdate + dcgm: + enabled: false + image: dcgm + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: 4.2.3-1-ubuntu22.04 + dcgmExporter: + enabled: true + env: + - name: DCGM_EXPORTER_LISTEN + value: :9400 + - name: DCGM_EXPORTER_KUBERNETES + value: "true" + - name: DCGM_EXPORTER_COLLECTORS + value: /etc/dcgm-exporter/dcp-metrics-included.csv + image: dcgm-exporter + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/k8s + serviceMonitor: + additionalLabels: {} + enabled: false + honorLabels: false + interval: 15s + relabelings: [] + version: 4.2.3-4.1.3-ubuntu22.04 + devicePlugin: + config: + default: any + name: time-slicing-config + enabled: true + env: + - name: PASS_DEVICE_SPECS + value: "true" + - name: FAIL_ON_INIT_ERROR + value: "true" + - name: DEVICE_LIST_STRATEGY + value: envvar + - name: DEVICE_ID_STRATEGY + value: uuid + - name: NVIDIA_VISIBLE_DEVICES + value: all + - name: NVIDIA_DRIVER_CAPABILITIES + value: all + image: k8s-device-plugin + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: v0.17.3 + driver: + certConfig: + name: "" + enabled: false + image: driver + imagePullPolicy: IfNotPresent + kernelModuleConfig: + name: "" + licensingConfig: + configMapName: "" + nlsEnabled: true + manager: + env: + - name: ENABLE_GPU_POD_EVICTION + value: "true" + - name: ENABLE_AUTO_DRAIN + value: "false" + - name: DRAIN_USE_FORCE + value: "false" + - name: DRAIN_POD_SELECTOR_LABEL + value: "" + - name: DRAIN_TIMEOUT_SECONDS + value: 0s + - name: DRAIN_DELETE_EMPTYDIR_DATA + value: "false" + image: k8s-driver-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.8.0 + rdma: + enabled: false + useHostMofed: false + repoConfig: + configMapName: "" + repository: nvcr.io/nvidia + startupProbe: + failureThreshold: 120 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + upgradePolicy: + autoUpgrade: true + drain: + deleteEmptyDir: false + enable: false + force: false + timeoutSeconds: 300 + maxParallelUpgrades: 1 + maxUnavailable: 25% + podDeletion: + deleteEmptyDir: false + force: false + timeoutSeconds: 300 + waitForCompletion: + timeoutSeconds: 0 + useNvidiaDriverCRD: false + usePrecompiled: false + version: 570.148.08 + virtualTopology: + config: "" + gdrcopy: + enabled: false + image: gdrdrv + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v2.5 + gfd: + enabled: true + env: + - name: GFD_SLEEP_INTERVAL + value: 60s + - name: GFD_FAIL_ON_INIT_ERROR + value: "true" + image: k8s-device-plugin + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: v0.17.3 + hostPaths: + driverInstallDir: /run/nvidia/driver + rootFS: / + kataManager: + config: + artifactsDir: /opt/nvidia-gpu-operator/artifacts/runtimeclasses + runtimeClasses: + - artifacts: + pullSecret: "" + url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.54.03 + name: kata-nvidia-gpu + nodeSelector: {} + - artifacts: + pullSecret: "" + url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.86.10-snp + name: kata-nvidia-gpu-snp + nodeSelector: + nvidia.com/cc.capable: "true" + enabled: false + image: k8s-kata-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.2.3 + mig: + strategy: single + migManager: + config: + default: all-disabled + name: default-mig-parted-config + enabled: true + env: + - name: WITH_REBOOT + value: "false" + gpuClientsConfig: + name: "" + image: k8s-mig-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.12.2-ubuntu20.04 + nodeStatusExporter: + enabled: false + image: gpu-operator-validator + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v25.3.2 + operator: + defaultRuntime: docker + initContainer: + image: cuda + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: 12.8.1-base-ubi9 + runtimeClass: nvidia + psa: + enabled: false + sandboxDevicePlugin: + enabled: true + image: kubevirt-gpu-device-plugin + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: v1.3.1 + sandboxWorkloads: + defaultWorkload: container + enabled: false + toolkit: + enabled: true + env: + - name: CONTAINERD_SOCKET + value: /run/k3s/containerd/containerd.sock + - name: CONTAINERD_CONFIG + value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml + image: container-toolkit + imagePullPolicy: IfNotPresent + installDir: /usr/local/nvidia + repository: nvcr.io/nvidia/k8s + version: v1.17.8-ubuntu20.04 + validator: + image: gpu-operator-validator + imagePullPolicy: IfNotPresent + plugin: + env: + - name: WITH_WORKLOAD + value: "false" + repository: nvcr.io/nvidia/cloud-native + version: v25.3.2 + vfioManager: + driverManager: + env: + - name: ENABLE_GPU_POD_EVICTION + value: "false" + - name: ENABLE_AUTO_DRAIN + value: "false" + image: k8s-driver-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.8.0 + enabled: true + image: cuda + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: 12.8.1-base-ubi9 + vgpuDeviceManager: + config: + default: default + name: "" + enabled: true + image: vgpu-device-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.3.0 + vgpuManager: + driverManager: + env: + - name: ENABLE_GPU_POD_EVICTION + value: "false" + - name: ENABLE_AUTO_DRAIN + value: "false" + image: k8s-driver-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.8.0 + enabled: false + image: vgpu-manager + imagePullPolicy: IfNotPresent diff --git a/clusters/ipv6/gpu-operator/nvidia/gpu-operator-release.yml b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-release.yml new file mode 100644 index 0000000..5a281c2 --- /dev/null +++ b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-release.yml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: gpu-operator + namespace: gpu-operator +spec: + interval: 6h + chart: + spec: + chart: gpu-operator + version: "v25.10.1" + sourceRef: + kind: HelmRepository + name: nvidia + namespace: flux-system + interval: 6h + install: + createNamespace: true + upgrade: + remediation: + remediateLastFailure: true + values: + driver: + enabled: false + toolkit: + env: + - name: CONTAINERD_SOCKET + value: /run/k3s/containerd/containerd.sock + - name: CONTAINERD_CONFIG + value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml diff --git a/clusters/ipv6/gpu-operator/nvidia/gpu-operator-repo.yml b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-repo.yml new file mode 100644 index 0000000..738c012 --- /dev/null +++ b/clusters/ipv6/gpu-operator/nvidia/gpu-operator-repo.yml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: nvidia + namespace: flux-system +spec: + interval: 6h + url: https://helm.ngc.nvidia.com/nvidia diff --git a/clusters/ipv6/kube-system/csi-driver-smb/csi-driver-smb-release.yml b/clusters/ipv6/kube-system/csi-driver-smb/csi-driver-smb-release.yml new file mode 100644 index 0000000..b62b81a --- /dev/null +++ b/clusters/ipv6/kube-system/csi-driver-smb/csi-driver-smb-release.yml @@ -0,0 +1,22 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: csi-driver-smb + namespace: kube-system +spec: + interval: 6h + chart: + spec: + chart: csi-driver-smb + version: "1.19.1" + sourceRef: + kind: HelmRepository + name: csi-driver-smb + namespace: flux-system + interval: 6h + install: + createNamespace: true + upgrade: + remediation: + remediateLastFailure: true diff --git a/clusters/ipv6/kube-system/csi-driver-smb/csi-driver-smb-repo.yml b/clusters/ipv6/kube-system/csi-driver-smb/csi-driver-smb-repo.yml new file mode 100644 index 0000000..4a71ff4 --- /dev/null +++ b/clusters/ipv6/kube-system/csi-driver-smb/csi-driver-smb-repo.yml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: csi-driver-smb + namespace: flux-system +spec: + interval: 6h + url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts diff --git a/clusters/ipv6/media/ersatztv/ersatztv-ingress.yml b/clusters/ipv6/media/ersatztv/ersatztv-ingress.yml new file mode 100644 index 0000000..bd8a846 --- /dev/null +++ b/clusters/ipv6/media/ersatztv/ersatztv-ingress.yml @@ -0,0 +1,27 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ersatztv-ingress + namespace: media + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cloudflare + traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - ersatztv.akshun-lab.cc + secretName: ersatztv-tls + rules: + - host: ersatztv.akshun-lab.cc + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ersatztv-service + port: + number: 8409 diff --git a/clusters/ipv6/media/ersatztv/ersatztv-pvc.yml b/clusters/ipv6/media/ersatztv/ersatztv-pvc.yml new file mode 100644 index 0000000..585a6b1 --- /dev/null +++ b/clusters/ipv6/media/ersatztv/ersatztv-pvc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ersatztv-longhorn + namespace: media +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 3Gi + storageClassName: longhorn diff --git a/clusters/ipv6/media/ersatztv/ersatztv-svc.yml b/clusters/ipv6/media/ersatztv/ersatztv-svc.yml new file mode 100644 index 0000000..5cde3fe --- /dev/null +++ b/clusters/ipv6/media/ersatztv/ersatztv-svc.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: ersatztv-service + namespace: media +spec: + selector: + app: ersatztv + ports: + - port: 8409 + targetPort: 8409 + protocol: TCP diff --git a/clusters/ipv6/media/ersatztv/ersatztv.yml b/clusters/ipv6/media/ersatztv/ersatztv.yml new file mode 100644 index 0000000..c060f63 --- /dev/null +++ b/clusters/ipv6/media/ersatztv/ersatztv.yml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ersatztv + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: ersatztv + template: + metadata: + labels: + app: ersatztv + spec: + containers: + - name: ersatztv + image: jasongdove/ersatztv:v25.9.0 + ports: + - containerPort: 8409 + volumeMounts: + - name: data + mountPath: /root/.local/share/ersatztv + - name: i915 + mountPath: /dev/dri/ + - name: transcode + mountPath: /root/.local/share/etv-transcode + - name: merge + mountPath: /mnt/merge + securityContext: + privileged: true + resources: + requests: + gpu.intel.com/i915: "1" + limits: + gpu.intel.com/i915: "1" + volumes: + - name: data + persistentVolumeClaim: + claimName: ersatztv-longhorn + - name: i915 + hostPath: + path: /dev/dri + - name: merge + nfs: + server: 192.168.1.4 + path: /merge + - name: transcode + emptyDir: {} diff --git a/clusters/ipv6/media/immich/immich-db.yml b/clusters/ipv6/media/immich/immich-db.yml new file mode 100644 index 0000000..43f33b4 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-db.yml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: immich-psql + namespace: media +spec: + selector: + matchLabels: + app: immich-psql + serviceName: immich-psql + replicas: 1 + template: + metadata: + labels: + app: immich-psql + spec: + initContainers: + - name: cleanup + image: busybox + command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found'] + volumeMounts: + - name: immich-db + mountPath: /var/lib/postgresql/data + containers: + - name: immich-psql + image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0 + ports: + - containerPort: 5432 + name: postgres + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgres-secret + key: password + - name: POSTGRES_USER + value: "postgres" + - name: POSTGRES_DB + value: "immich" + - name: POSTGRES_INITDB_ARGS + value: "--data-checksums" + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: immich-db + volumeClaimTemplates: + - metadata: + name: immich-db + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi + storageClassName: longhorn diff --git a/clusters/ipv6/media/immich/immich-ingress.yml b/clusters/ipv6/media/immich/immich-ingress.yml new file mode 100644 index 0000000..9b8e3a8 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: immich-ingress + namespace: media + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cloudflare + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - immich.akshun-lab.cc + secretName: immich-tls + rules: + - host: immich.akshun-lab.cc + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: immich-service + port: + number: 2283 diff --git a/clusters/ipv6/media/immich/immich-ml.yml b/clusters/ipv6/media/immich/immich-ml.yml new file mode 100644 index 0000000..65b596f --- /dev/null +++ b/clusters/ipv6/media/immich/immich-ml.yml @@ -0,0 +1,43 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-ml + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: immich-ml + template: + metadata: + labels: + app: immich-ml + spec: + runtimeClassName: nvidia + containers: + - name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:v2.4.1-cuda + ports: + - containerPort: 3003 + env: + - name: REDIS_HOSTNAME + value: "immich-redis-service" + - name: NVIDIA_VISIBLE_DEVICES + value: "all" + - name: MACHINE_LEARNING_DEVICE_IDS + value: "0" + volumeMounts: + - name: model-cache + mountPath: /cache + resources: + requests: + nvidia.com/gpu: "1" + limits: + nvidia.com/gpu: "1" + volumes: + - name: model-cache + persistentVolumeClaim: + claimName: immich-cache-longhorn diff --git a/clusters/ipv6/media/immich/immich-pvc.yml b/clusters/ipv6/media/immich/immich-pvc.yml new file mode 100644 index 0000000..659a99d --- /dev/null +++ b/clusters/ipv6/media/immich/immich-pvc.yml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-cache-longhorn + namespace: media +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 10Gi + storageClassName: longhorn + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io + name: immich-pictures-pv + namespace: media +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: immich-pictures-pv + mountOptions: + - dir_mode=0777 + - file_mode=0777 + csi: + driver: smb.csi.k8s.io + volumeHandle: 192.168.1.4#pictures#immich + volumeAttributes: + source: //192.168.1.4/pictures + nodeStageSecretRef: + name: smb-creds + namespace: media + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-pictures-pvc + namespace: media +spec: + accessModes: + - ReadWriteMany + storageClassName: immich-pictures-pv + resources: + requests: + storage: 100Gi diff --git a/clusters/ipv6/media/immich/immich-redis.yml b/clusters/ipv6/media/immich/immich-redis.yml new file mode 100644 index 0000000..eb78e64 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-redis.yml @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: immich-redis + namespace: media +spec: + selector: + matchLabels: + app: immich-redis + serviceName: immich-redis + replicas: 1 + template: + metadata: + labels: + app: immich-redis + spec: + containers: + - name: redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + ports: + - containerPort: 6379 + name: redis diff --git a/clusters/ipv6/media/immich/immich-secrets-sealed.yml b/clusters/ipv6/media/immich/immich-secrets-sealed.yml new file mode 100644 index 0000000..f6606ab --- /dev/null +++ b/clusters/ipv6/media/immich/immich-secrets-sealed.yml @@ -0,0 +1,14 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: immich-postgres-secret + namespace: media +spec: + encryptedData: + password: AgBu1TYgl5+c8HAEZ62WcBcD6ebaF0YXl64RiumT5fOA8F16FA1OeATh17MTXUZuaF+WxpzJoJNSFp8GkfejSczMC2ZkViE/XR6spTGinHd6YI/HWQe0A1ojmTucohssWa00Ql0i6L6OTcD6fOS3gWZnUAi8W42vh4NVgdRx5AWSvjCwsF/visu5OwTFU0vRyTcYN3jrr/uYqLCrLKIQhf/jlfl7BdKN4Y/oZXMWP8K0mVp3deDqDF9NgL5fboL6B5XPihR7lPAZMmTQpf3ansxMMqesnWMKFUAyh50h4JEKcriSKPPuHhtsWTqKQmgUl+pmaTjDI31zmHKNQRbI4dTmkP0hVYGZ8hKomsbLvq9x8ZDfjGz2Vgt57ZMvMftMiz6Fvw8aQ+6XgTpfpYq6ZA4i3+p17nTrdQtMOuH1ogq5b09t2I6AB+0KANFJVG1iPTVGhG0nt23nZQydDHJ42ijl4OtRfJPHf28bUUpYSJ2X6g0/PGzTP8o2Hb+aLG5nJFfy6vikEHDDI4Z75hNSYrftHtQLxImxnEiMdIde1g26b00ECQ9roaOhszozQkGlKImC1+RpdUx1Mgi5yvqk7+RBRHolj9oxa0bdO9uj7u/SIuw8d7XHzHts2NBro9v6HpYjDiFmD35UTCvcaAi4PTUE/Sn2H5BWUDRnznrk1vp5EK3iv4uSM1L0EcD3Lkm6kTbwlctJaS0= + template: + metadata: + name: immich-postgres-secret + namespace: media + type: Opaque diff --git a/clusters/ipv6/media/immich/immich-svc.yml b/clusters/ipv6/media/immich/immich-svc.yml new file mode 100644 index 0000000..72ac582 --- /dev/null +++ b/clusters/ipv6/media/immich/immich-svc.yml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-service + namespace: media +spec: + selector: + app: immich-app + ports: + - port: 2283 + targetPort: 2283 + +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-machine-learning-service + namespace: media +spec: + selector: + app: immich-ml + ports: + - port: 3003 + targetPort: 3003 + +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-psql + namespace: media +spec: + selector: + app: immich-psql + ports: + - name: postgres + port: 5432 + targetPort: 5432 + clusterIP: None + +--- +apiVersion: v1 +kind: Service +metadata: + name: immich-redis + namespace: media +spec: + selector: + app: immich-redis + ports: + - name: redis + port: 6379 + targetPort: 6379 + clusterIP: None diff --git a/clusters/ipv6/media/immich/immich.yml b/clusters/ipv6/media/immich/immich.yml new file mode 100644 index 0000000..3694d9f --- /dev/null +++ b/clusters/ipv6/media/immich/immich.yml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: immich-app + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: immich-app + template: + metadata: + labels: + app: immich-app + spec: + containers: + - name: immich-server + image: ghcr.io/immich-app/immich-server:v2.4.1 + readinessProbe: + exec: + command: + - sh + - -c + - | + pg_isready -h immich-psql.media.svc.cluster.local -U postgres -p 5432 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 5 + ports: + - containerPort: 2283 + env: + - name: TZ + value: "Asia/Kolkata" + - name: REDIS_HOSTNAME + value: "immich-redis.media.svc.cluster.local" + - name: DB_USERNAME + value: "postgres" + - name: DB_DATABASE_NAME + value: "immich" + - name: DB_HOSTNAME + value: "immich-psql.media.svc.cluster.local" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgres-secret + key: password + volumeMounts: + - mountPath: /usr/src/app/upload + name: pictures + volumes: + - name: pictures + persistentVolumeClaim: + claimName: immich-pictures-pvc diff --git a/clusters/ipv6/media/immich/smb-secrets-sealed.yml b/clusters/ipv6/media/immich/smb-secrets-sealed.yml new file mode 100644 index 0000000..196b613 --- /dev/null +++ b/clusters/ipv6/media/immich/smb-secrets-sealed.yml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: smb-creds + namespace: media +spec: + encryptedData: + password: AgC+7n+UgTpWtKSAT2pM3ko4DyqXlw3PzlBgcX/goSOGbLmxhN/wP1VFh8KJTy/+InMLjPs+Ja0mks6J5YCbl3hvOHFxEnwScnk8vRXgQUgpJTLwZQUR6TOQVJw1jsGqkPOHDzXQiqzvxYgWDdtAX1Fl4Lj6BUOS0zyZqJjC2DKlhLSNqEs2ABuoPLaTwT0i7BEVtUMjIKNJvu+bt2Tc+zdGLeT/RCGiDjiEUvyFOW7/5exPAn0s569EbhG60Wu6Baywz8c+QrgHTkoUkBO+kdSKy1yYMxpNrJ73rblgEUSzxTI/moNrWdpkre3C7hjD99a07zqf83znwwDB7njgecn/Xk4aWy5xyVgViQ4BFcaynR089zuInOtiJHKwv55hvW0jf4xR1pazgHlM/ZEAEv+WZXGd9nwWoCFiPOB/0hta4iJWUkcpfImzNlTq4xbVOUt4DqhNPEKqUAfjBr7krg0LM5y8wAUtepvbD99NVz4yfGMMmZBNBE/REhkJxN5WDPBQZGRdIq0X20wRWN2uCnaj7VYaxLnQbpczka76+dzO/GOlnBLBWkTUwV8VgKn3nsyNYG/7gbvi5c+7U4iDh8oa2/vn3O0nw0vEfnKCKkK5PYy8Ocfe05atQtq+ydtYP131XC/gQMJazOsjmS+8+mJ41b3JnhSI1ptWt0qE1NwcfaUsCFxhjJT6NsUtgvbelz1ixLswyFA= + username: AgAebr79UtTr4TK8wwndPZTBoWdeMs/6TCyfh2PWSw81IH3TV6xiVvey/IS3VK+0inXnF5Mx5osNqP7pvigZ+nRy1Opo8Yi1f+9l7dbDQ1LU4InAX4v/SHrNmyZYHfmLTTLfpoh8D+beLmNWXJDd4mz5CxleOIeai/UBdmsasHoQvvKZFBeIIRz2uv+fWurjQFT+8ZOjtyANa7W1Wqd/2WQI/3rP6CRRfOALoANj/+y3oCXXixzcyl/mEv1GN+p1B9g6AgQycpQSr8kNCeigFEiurU4flliRjwOP6NoZOxc6Vu8i2s4BqGexfgdVpEOLjFL2LtsIf5qLL1MXaquyx7ycXMM3zS8+yeitJ76U65HYswt6EpuksUKay+RFBAMXAzRvjY1MaLzdzso2qUh8yueQ28yI8HEXZLCMuEfTLs3vSHfFApk/JpTCYOtsUJynrF2EY7TxWYNlmn00f9i33Asikv3al+gKzjiN3btdk8y27LhIN3vCmzogHOO+Dt5kEuUCwMjfVGfnoVqQ7GpX7blEdhV9yNlY7evpwJJTYdY3avJnxVD7CXRihS0o2AYgQ5qfVllwR4BePsnyUlr4kwdsMf+PJRYXEBtGEKnJJGA6N+n3hSm6UYRaDXJxy7iCGMUOhiilA9gfnEZ/Zmmy0W7l034o+cFMZxaWOR9/hF3s8keF9iN8SUgsxrPMwdfJ2jgpzhDe9cA= + template: + metadata: + name: smb-creds + namespace: media + type: Opaque diff --git a/clusters/ipv6/media/invidious/invidious-companion.yml b/clusters/ipv6/media/invidious/invidious-companion.yml new file mode 100644 index 0000000..ebd0a4b --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-companion.yml @@ -0,0 +1,28 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious-companion + namespace: media +spec: + selector: + matchLabels: + app: invidious-companion + template: + metadata: + labels: + app: invidious-companion + spec: + containers: + - name: inv-companion + image: quay.io/invidious/invidious-companion@sha256:dbeaaab6a1c718f5874cc588aaab2d2b169dea4c742add6deac955c2879fc9c4 + env: + - name: SERVER_SECRET_KEY + valueFrom: + secretKeyRef: + name: invidious-secrets + key: INVIDIOUS_COMPANION_KEY + securityContext: + capabilities: + drop: + - ALL diff --git a/clusters/ipv6/media/invidious/invidious-config.yml b/clusters/ipv6/media/invidious/invidious-config.yml new file mode 100644 index 0000000..5bdcfab --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-config.yml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: invidious-config + namespace: media +data: + invidious.yml: | + db: + dbname: invidious + user: kemal + password: ${INVIDIOUS_DB_PASSWORD} + host: invidious-db.media.svc.cluster.local + port: 5432 + check_tables: true + invidious_companion: + - private_url: "http://invidious-companion-service.media.svc.cluster.local:8282/companion" + invidious_companion_key: ${INVIDIOUS_COMPANION_KEY} + hmac_key: ${INVIDIOUS_HMAC_KEY} diff --git a/clusters/ipv6/media/invidious/invidious-db-secrets-sealed.yml b/clusters/ipv6/media/invidious/invidious-db-secrets-sealed.yml new file mode 100644 index 0000000..3e670d9 --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-db-secrets-sealed.yml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: invidious-db-secrets + namespace: media +spec: + encryptedData: + postgres-db: AgDCRTGZMrx88eyNM/JENijAUak+FHV1llYWvG9CXqe+p3FqFxL1BBh2vICymkDGX1p7UeASvcNDWQQh+jeuzzPjfEo1t+tyBpZdA8KibIzR8LnQdcIWd76KKUpkDx9QLlu1d+j+zXOxlloTDe1kD/LNlGsb/5EWKfTsxD9xwtv9HDbHctqMLkQPK+fwVZNpaO60LII6dKc2igFjEbcV4203jiWG3Dx3oUMqb3xfNYrb0m2bndU9TfFCHV0TGkLgNX6impmIaHoQvozfniRRvrzjlFdClQW8FrwhnpLZ/gLk+W+zYbvZlHvfU2MeV+VKMDAuTOm36h2iEc6VrS6hy7xhAUY1vLTi+F9fA91qLeH5ZlU9/DTN4U3S47HsTumz3Fu9dvxsg/qtl+7mqBXTJpL7DusHJXE0pia1+RjM8ZwIXd4VLh1rrTt1ohUgOtytYdIzP42UWpIqKXfnzio74jk+CUULMaqB97R92gh2FdLzsSxY7znB+YT7Jie7cOCtSWds+OSNLiX/tm99CIKY+g6mYhCfgBWy/ZIZ4VSHIS2UZDKeqqbDa81IX+f5ASSCLD5daMVIl4qz37tboa0ah7YIvGS5Le9u0XiBWiy/+QOvp1nLYB2/N41kwDMsSqqAtpyqKzBJxu3eTb8QH1h0wllylFpO7yQNKHaZkcwOWqHyfpJQiDvcGr11inJDvkjU1U+ml5Nuq4IHNCg= + postgres-password: AgB0s+vZL++A9kEIBaknYFzwRNGQhsj3LQo7gfR0PebuaM96gFJxsBlrDgDrsIjfOWuwU8abg2Fjif4iU/N43Jz/mTmSVQe0WBhWYV0eBS/KMg8hEzQYA6Hm+WM1W0xS36QGgObP73eguHCictD6NcN0ff3IUZzg1z2Jyr+vDCGy98V2ANbPhiPPamIYaE8NG2B0cxFhi0XCcqkNIy6JTjFbVq/ivFNDmlZY6lZhATWjHine9BKgoTRAwqYHLFx/R0DR1fYiG/fHAzbNGBtDDnLcvL/uCj0LFLLHJ4DxvSmi4re61iBiG/ZFck/ET0bGnusUl7rjz/o9prUcINHtrFmhs6Oh2FwzzCvA1op1xbhOeKWceMAFNkd8BpY31DVjoVrQ1/JQRvqoS4J9TZ10YMtMdpOWxgmOb66W+kwhZOgT9bYrkSkOirGNLeFpC5uOt+rAm5rfiFrKsaLD4OTj1YDuSfewNpnM5rPawK36t9y5VFtSsJamtbS09vXLnKnO9D1M+Z/fxyCoBkeTE8UmSEfFZ52BODIasy1YVrXGLW6jXJOTLrj9ZaMajzS1LnlxeGPrJ/l7Q4qCo88/iEgrENHgx+x2j8kJm7jRsvyfa/U7vTpfIfuUIhSBxl8pHL1i7N/ZFL6Ses5lNEJ+53rXLSpkHEYh7gWId9eKUNTWikLkoAyNzcSS62jAWc2jUSO3V8rdoTPapE2OVifJ5g== + postgres-user: AgAMdnMR0vcu5ox07A1eZW55ihOs+qqA4sdoCZZa6VIgz0RoVO1R5XghBVk3l6XXn24bUFbufzZlWwAW+202ONLAsPHPOKjMB9ODOxk5iFP+D9iPiRlzpvuOf4cGdoyxlIuyr/p5OwTyAq9GQOZOzUZ0sB1bNyfQSpYISD+vTvkNIWe+O2LMQOXVegPkb0eWDCv5fHrjYrri0qurOQ9ah/wZMvSTRRRZcq+mpAU71VCycdC527JNb5/nxdhth7wXEVTuyh97il/Pu9fUdVyLMh8bnVPxB5cdxa1Bmo9txH7NKFyrscmlYfv9IinaxZhZSGKJxwX4zeaq4+wu8+JDPqD3OJr0jBepg88ZRWIkeFcDLFEjPcXeGjsF1B+fwb5iYI4KVI2QZGXNTrpFkFZQvTMjXh6WtH6BbluSBGsUAg4EW/gA6higfDQ7YM3ZN4KHXYy9Z8rK1TvC8TCNeWNRrG6hYN2wwkUmHh4Q9Y6Y3RSn8UNvdCvQCM7gF1SoUcyF4T97cJC0ER8YihwDKrsZHDDGNXXMtOV8gCi4MMNwdjuB2+lePrcidKMVYCtLhbevogyll6xgGPYU1PvZhyV0WSpY8z+ypcBlh9Z9kVd/PkbUcXRHdSm6znmzwKgWRi+zHfNfg9OxTBuy6oX/Kg48d1UIR59P2tGMteTTKf2e7SY3wQzRRdMrzY93sqa/rGilLu7RszYcCQ== + template: + metadata: + name: invidious-db-secrets + namespace: media + type: Opaque diff --git a/clusters/ipv6/media/invidious/invidious-db.yml b/clusters/ipv6/media/invidious/invidious-db.yml new file mode 100644 index 0000000..460efce --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-db.yml @@ -0,0 +1,59 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: invidious-db + namespace: media +spec: + selector: + matchLabels: + app: invidious-db + serviceName: invidious-db + replicas: 1 + template: + metadata: + labels: + app: invidious-db + spec: + initContainers: + - name: clean-db-dir + image: busybox + command: + - sh + - -c + - | + rm -rf /var/lib/postgresql/lost+found + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql + containers: + - name: postgres + image: postgres:18 + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-db + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-password + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql + volumeClaimTemplates: + - metadata: + name: postgres-data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + storageClassName: longhorn diff --git a/clusters/ipv6/media/invidious/invidious-ingress.yml b/clusters/ipv6/media/invidious/invidious-ingress.yml new file mode 100644 index 0000000..ebd22e1 --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-ingress.yml @@ -0,0 +1,27 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: invidious-ingress + namespace: media + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cloudflare + traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - invidious.akshun-lab.cc + secretName: invidious-tls + rules: + - host: invidious.akshun-lab.cc + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: invidious-service + port: + number: 3000 diff --git a/clusters/ipv6/media/invidious/invidious-secrets-sealed.yml b/clusters/ipv6/media/invidious/invidious-secrets-sealed.yml new file mode 100644 index 0000000..7eb4270 --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-secrets-sealed.yml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: invidious-secrets + namespace: media +spec: + encryptedData: + INVIDIOUS_COMPANION_KEY: AgDRcKWTyaK2LAPkjlHXJyhVkxkVg1AG6eLAh1JQjgz+w5f5op8/G7RJ+9rVEJd1liHNu8dZKxSJ09PHLbrgRW4WDwlOBoMA5YkP3UfmlsZC1oExxsIjSzjssvUU3ewDJY5ny/LVYeGD5I0KkKPGyVEDbaD1UL986t+GY56cVVF7xZJwyPyXokqRd23PahecmMgkOSk6Ikct0hyNBlKuAeB5obGB9kNdpNZwOHV33EyIjeZOsVlCd7mtf4kE2qIWKtZSR3MtGq2hGjelFXwD0s6++cLAZv3zC9nB6F9VY+JjZxmH2FZtB8QMcPSnjk0ea7qMDMIalYXqOn1AVPZ8v5l+V+iQeIRMOvoYnM5okY5ffP2Ug81V6h6lnSt2cqPg4+5U7Tu7GSct78sgudYCZwYvpUEZgoyJ5B8z9sqOhKtVSuyOwqnpWdzDufL4yLhIQVGsJ1T8U34IrietxEJ7YwwLsv5S/wkErgaUF54ZUED+C31gYXDebdJDdZcIrjWdSAp3gYXURoiv13sqmxLOZMgwsy9HZoozf1rzxKj67O45dRZWXE6JWuhFUDH8+boe9t8O/nHvpHwE7C4Gm79WC4AXJOO4cwzJySqiu8VZUywGojOHS6bGqRmcKootXSG+OM7o9ay0/6ctkYXbflKwza0JzzDorQ5vkt7A7vFhJss2y9sJa093WFvY2Wd0RsYwe8V48ZRx5ChXU6PB53/xt8KD + INVIDIOUS_DB_PASSWORD: AgCYcytQkrWQMQXlp1zRHgA2R/RO32tFXJTZufzjLh+uK6Na6lH9iRReWv/qLE3xR4qXDSy5Ph6+SbuQHi2GnqFKpmiU0CvjPvvl+dFmVhJvB7ho7AR06UYTmMqK9jLw9TWfLu21pUHQPBovZuofcNSllsEjZ9Zd6oN99gh51DiVFEwlJvLu2+bdIhM0wALqEphjihBJEdWzvr0WUOZoyqX8Dtb/d/bHeeEmmDRoIu8btmsyNwvMP+rDqfzXhQ+/HEhf40ZfnUWzxYGYfFz0m8CVVlk4WNxAJ8obb2jHfLDRIB1Fzwgyn+gQU6lhWo7vnAWLTZ2NAKKwN3Rs7Tu7B6SHkuNkAI89jwtlG1cSX3NnQe0gbvnNLtGG6yWBnh1ZJufseRgsOx2VU3CAYT16S6EM5Cpk41YKA0/tMu9Z8CG3MevnmTSQmke94AR+Yl2hFsEFDMqlOeCzS38urKM7oE1MkfMpdB8th19fPj00jdBixmEY5FlMBltQwX4T+xMdZEpZQnlFWfvLrIRwg1l8/JQAI+KRP6Ym8RwShWwc+DW58VSgaAjg/rqWl1nHPmZVdYGghyCM77HXQ1N7H+nMesFL0ebxg+bm0OTllNAL8m2S1l2lukH7d8OUoQT5yTrwuD/DvMv5S9RAVGBE/41ZQ3MSx1s/5DrIvUaFk8gdIpbIMhoKP5KaB4PdFnzy9yd3nQIgTfzMixrMlhW1ww== + INVIDIOUS_HMAC_KEY: AgCY3C9mojZsBnGVbs8HuJrm0H2A4qOMDWnuh7Ifru0cc6TGjMbkYUki63uETk/mNl/WH5t+kQkyZhXACjPbFCoW+CI4uLMR7YnNoVRUsftRDDG3mAZ4g2skGo3QSkI7HYC/UOTpBT+TYldwEznS5cZjKit4R0EvqJBRSE4BfE1cqn9pVnJX4SOeQNCKDWi5biGfMuZt3htZYYXCQrihLDCtgOMHJgYk3AgO9vCJZl3j5IwyQT77iA38xpio93AKkhyYL+XzdX38K4eQDkDJf/jyl4ZzRCeFNAKUX5WhBPkTfkn5Mp0rPvxk3/aDXqdNgTmcGYn1iM3uev4k38u9EaJ1ESbbh97CzDAK1nHVXbXtMJzUWsjN+E9xojsknkaucuMcVFrq5ZuE8EVzmoows+kVsXyYaahg4at0RgxtNovLbJ8Ct1SB1oNwwd/VaNNxl0Uy+5hO+9n2jjnP6j83U52SlkBPoqXp8hLCQxiglMiGhN3QapkghHoaN3DFjYtmTC6q/BCzFvF10Daa/iRALt/fBO7VbR9+hvknmYvv1Z6L/s2Rm4xYKkunjB4qWZdHIfwt4lSVHF94wg6NsRm3dkF4RA/AJlx9wfXaSvVJLj7Gfri/nZQ236RojFtPpvLrDAYV2qfNv2nmpCnpFH1XgWQmwn6xjcaT/VEf4pUdn4yu2T1mnjJkWua1oJ53hUyCK5lZDeJQurZj5f7y8HHv3pBo + template: + metadata: + name: invidious-secrets + namespace: media + type: Opaque diff --git a/clusters/ipv6/media/invidious/invidious-svc.yml b/clusters/ipv6/media/invidious/invidious-svc.yml new file mode 100644 index 0000000..dcf876f --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious-svc.yml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-service + namespace: media +spec: + selector: + app: invidious + ports: + - port: 3000 + targetPort: 3000 + protocol: TCP + +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-companion-service + namespace: media +spec: + selector: + app: invidious-companion + ports: + - port: 8282 + targetPort: 8282 + +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-db + namespace: media +spec: + selector: + app: invidious-db + ports: + - port: 5432 + targetPort: 5432 + clusterIP: None diff --git a/clusters/ipv6/media/invidious/invidious.yml b/clusters/ipv6/media/invidious/invidious.yml new file mode 100644 index 0000000..eeaa879 --- /dev/null +++ b/clusters/ipv6/media/invidious/invidious.yml @@ -0,0 +1,70 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: invidious + template: + metadata: + labels: + app: invidious + spec: + initContainers: + - name: substitute-config + image: alpine + envFrom: + - secretRef: + name: invidious-secrets + command: + - sh + - -c + - apk add gettext && envsubst < /mnt/init/invidious.yml > /mnt/invidious.yml + volumeMounts: + - name: invidious-config + mountPath: /mnt/init/invidious.yml + subPath: invidious.yml + - name: tmp + mountPath: /mnt + subPath: invidious.yml + containers: + - name: invidious + image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06 + command: + - sh + - -c + - | + export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" && + exec /invidious/invidious + readinessProbe: + exec: + command: + - sh + - -c + - | + nc -z invidious-db.media.svc.cluster.local 5432 && nc -z invidious-companion-service.media.svc.cluster.local 8282 + env: + - name: INVIDIOUS_PORT + value: "3000" + ports: + - containerPort: 3000 + volumeMounts: + - name: logging + mountPath: /var/log/invidious + - name: tmp + mountPath: /mnt + subPath: invidious.yml + volumes: + - name: logging + emptyDir: {} + - name: tmp + emptyDir: {} + - name: invidious-config + configMap: + name: invidious-config diff --git a/clusters/ipv6/media/namespace.yml b/clusters/ipv6/media/namespace.yml new file mode 100644 index 0000000..6a13a7e --- /dev/null +++ b/clusters/ipv6/media/namespace.yml @@ -0,0 +1,7 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: media + labels: + name: media diff --git a/config.js b/config.js new file mode 100644 index 0000000..732e7f0 --- /dev/null +++ b/config.js @@ -0,0 +1,14 @@ +module.exports = { + platform: 'gitea', + endpoint: 'https://gitea.akshun-lab.cc/api/v1', + gitAuthor: 'Renovate Bot ', + username: 'renovate', + autodiscover: false, + onboardingConfig: { + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: ['config:recommended'] + }, + optimizeForDisabled: true, + persistRepoData: true, + repositories: ["aggarwalakshun/k3s-at-home"], +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..fe210d7 --- /dev/null +++ b/renovate.json @@ -0,0 +1,21 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ], + "prHourlyLimit": 0, + "ignorePaths": [ + "**/disabled/**", + "**/.gitea/workflows/**" + ], + "flux": { + "managerFilePatterns": [ + "/\\.yml$/" + ] + }, + "kubernetes": { + "managerFilePatterns": [ + "/\\.yml$/" + ] + } +}