From 4f0ce13e790613da7fca926cac288c242d034cd8 Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 31 Oct 2024 15:00:13 +0800 Subject: [PATCH] feat: deploy slskd --- .../main/apps/default/kustomization.yaml | 1 + .../default/slskd/app/externalsecret.yaml | 20 +++ .../apps/default/slskd/app/helmrelease.yaml | 130 ++++++++++++++++++ .../apps/default/slskd/app/kustomization.yaml | 16 +++ .../main/apps/default/slskd/app/pvc.yaml | 11 ++ .../default/slskd/app/resources/slskd.yml | 22 +++ kubernetes/main/apps/default/slskd/ks.yaml | 25 ++++ 7 files changed, 225 insertions(+) create mode 100644 kubernetes/main/apps/default/slskd/app/externalsecret.yaml create mode 100644 kubernetes/main/apps/default/slskd/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/default/slskd/app/kustomization.yaml create mode 100644 kubernetes/main/apps/default/slskd/app/pvc.yaml create mode 100644 kubernetes/main/apps/default/slskd/app/resources/slskd.yml create mode 100644 kubernetes/main/apps/default/slskd/ks.yaml diff --git a/kubernetes/main/apps/default/kustomization.yaml b/kubernetes/main/apps/default/kustomization.yaml index ab98959a0..2a3cd82c7 100644 --- a/kubernetes/main/apps/default/kustomization.yaml +++ b/kubernetes/main/apps/default/kustomization.yaml @@ -35,6 +35,7 @@ resources: - ./radarr/ks.yaml - ./readarr/ks.yaml - ./sabnzbd/ks.yaml + - ./slskd/ks.yaml - ./smtp-relay/ks.yaml - ./sonarr-kids/ks.yaml - ./sonarr/ks.yaml diff --git a/kubernetes/main/apps/default/slskd/app/externalsecret.yaml b/kubernetes/main/apps/default/slskd/app/externalsecret.yaml new file mode 100644 index 000000000..efde90781 --- /dev/null +++ b/kubernetes/main/apps/default/slskd/app/externalsecret.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: slskd +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: slskd-secret + template: + engineVersion: v2 + data: + SLSKD_SLSK_USERNAME: "{{ .SLSKD_SLSK_USERNAME }}" + SLSKD_SLSK_PASSWORD: "{{ .SLSKD_SLSK_PASSWORD }}" + dataFrom: + - extract: + key: slskd diff --git a/kubernetes/main/apps/default/slskd/app/helmrelease.yaml b/kubernetes/main/apps/default/slskd/app/helmrelease.yaml new file mode 100644 index 000000000..7d7afd2ad --- /dev/null +++ b/kubernetes/main/apps/default/slskd/app/helmrelease.yaml @@ -0,0 +1,130 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: slskd +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: rook-ceph-cluster + namespace: rook-ceph + values: + controllers: + slskd: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/slskd/slskd + tag: 0.21.4@sha256:34c613067dac899eddee137fc90cf0c0510e573e083b4c7589e6a823009a859a + env: + DOTNET_BUNDLE_EXTRACT_BASE_DIR: /tmp/.net + TZ: Australia/Perth + SLSKD_APP_DIR: /config + SLSKD_HTTP_PORT: &port 80 + SLSKD_NO_AUTH: true + SLSKD_NO_HTTPS: true + SLSKD_SLSK_LISTEN_PORT: &soulseekPort 50300 + envFrom: + - secretRef: + name: slskd-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 1Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [10000] + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: slskd + type: LoadBalancer + annotations: + lbipam.cilium.io/ips: 10.88.0.37 + ports: + http: + port: *port + soulseek: + enabled: true + port: *soulseekPort + protocol: TCP + serviceMonitor: + app: + serviceName: slskd + endpoints: + - port: http + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + app: + className: internal + hosts: + - host: "{{ .Release.Name }}.lumu.au" + paths: + - path: / + service: + identifier: app + port: http + persistence: + config: + existingClaim: slskd + config-file: + type: configMap + name: slskd-configmap + globalMounts: + - path: /config/slskd.yml + subPath: slskd.yml + readOnly: true + tmp: + type: emptyDir + media: + type: nfs + server: truenas.internal + path: /mnt/dead/media/soulseek + globalMounts: + - path: /media diff --git a/kubernetes/main/apps/default/slskd/app/kustomization.yaml b/kubernetes/main/apps/default/slskd/app/kustomization.yaml new file mode 100644 index 000000000..cb4d37968 --- /dev/null +++ b/kubernetes/main/apps/default/slskd/app/kustomization.yaml @@ -0,0 +1,16 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./pvc.yaml + - ./helmrelease.yaml + - ../../../../templates/gatus/guarded + - ../../../../templates/externaldns/internal +configMapGenerator: + - name: slskd-configmap + files: + - slskd.yml=./resources/slskd.yml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/main/apps/default/slskd/app/pvc.yaml b/kubernetes/main/apps/default/slskd/app/pvc.yaml new file mode 100644 index 000000000..e38059ef3 --- /dev/null +++ b/kubernetes/main/apps/default/slskd/app/pvc.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd +spec: + accessModes: ["ReadWriteMany"] + resources: + requests: + storage: 5Gi + storageClassName: ceph-filesystem diff --git a/kubernetes/main/apps/default/slskd/app/resources/slskd.yml b/kubernetes/main/apps/default/slskd/app/resources/slskd.yml new file mode 100644 index 000000000..8305ccb7e --- /dev/null +++ b/kubernetes/main/apps/default/slskd/app/resources/slskd.yml @@ -0,0 +1,22 @@ +--- +directories: + downloads: /media/complete + incomplete: /media/incomplete +flags: + no_version_check: true +metrics: + enabled: true + url: /metrics + authentication: + disabled: true +permissions: + file: + mode: 750 +remote_configuration: false +shares: + directories: + - /media/shared + filters: + - \.ini$ + - Thumbs.db$ + - \.DS_Store$ diff --git a/kubernetes/main/apps/default/slskd/ks.yaml b/kubernetes/main/apps/default/slskd/ks.yaml new file mode 100644 index 000000000..569a24830 --- /dev/null +++ b/kubernetes/main/apps/default/slskd/ks.yaml @@ -0,0 +1,25 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app slskd + namespace: flux-system +spec: + targetNamespace: default + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/main/apps/default/slskd/app + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + timeout: 5m + postBuild: + substitute: + APP: *app