Use local registry proxy for most services

ingress/Traefik2.x/chart-values.yml

@@ -10,6 +10,10 @@ ports:
   web:
     redirectTo: websecure
 
+service:
+  spec:
+    externalTrafficPolicy: Local
+
 volumes:
   - name: traefik-configmap
     mountPath: /etc/traefik

services/Adminer/deploy-Adminer.yml

@@ -37,7 +37,7 @@ spec:
       serviceAccountName: adminer
       containers:
       - name: adminer
-        image: adminer
+        image: registry.spamasaurus.com/proxy/library/adminer
         ports:
           - name: web
             containerPort: 8080

services/Authelia/deploy-Authelia.yml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: authelia
-        image: authelia/authelia
+        image: registry.spamasaurus.com/proxy/authelia/authelia
         env:
         - name: TZ
           value: Europe/Amsterdam
@@ -27,7 +27,7 @@ spec:
         - name: flexvolsmb-authelia-conf
           mountPath: /config
       - name: redis
-        image: redis:alpine
+        image: registry.spamasaurus.com/proxy/library/redis:alpine
         args:
           - redis-server
           - --requirepass authelia

services/DDclient/deploy-DDclient.yml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: ddclient
-        image: linuxserver/ddclient
+        image: registry.spamasaurus.com/proxy/linuxserver/ddclient
         volumeMounts:
         - mountPath: /config
           name: ddclient-secret

services/DroneCI/deploy-DroneCI.yml

@@ -39,8 +39,7 @@ spec:
       serviceAccountName: drone
       containers:
       - name: drone
-#        image: registry.spamasaurus.com/proxy/drone/drone:latest
-        image: drone/drone:latest
+        image: registry.spamasaurus.com/proxy/drone/drone:latest
         command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-server"]
         env:
         - name: DRONE_SERVER_PROTO
@@ -66,8 +65,7 @@ spec:
         - mountPath: /data
           name: flexvolsmb-drone-data
       - name: drone-runner
-#        image: registry.spamasaurus.com/proxy/drone/drone-runner-kube:latest
-        image: drone/drone-runner-kube:latest
+        image: registry.spamasaurus.com/proxy/drone/drone-runner-kube:latest
         command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-runner-kube"]
         ports:
         - containerPort: 3000

services/Gitea/deploy-Gitea.yml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
       - name: gitea
-        image: gitea/gitea:1
+        image: registry.spamasaurus.com/proxy/gitea/gitea:1
         env:
         - name: DB_TYPE
           value: 'sqlite3'

services/Gotify/deploy-Gotify.yml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
       - name: gotify
-        image: gotify/server
+        image: registry.spamasaurus.com/proxy/gotify/server
         ports:
           - name: web
             containerPort: 80

services/Guacamole/deploy-Guacamole.yml

@@ -35,7 +35,7 @@ spec:
       hostname: guacamole
       containers:
       - name: guacamole
-        image: guacamole/guacamole
+        image: registry.spamasaurus.com/proxy/guacamole/guacamole
         env:
         - name: GUACD_HOSTNAME
           value: 'guacamole.default.svc.cluster.local'
@@ -53,7 +53,7 @@ spec:
           - name: ui
             containerPort: 8080
       - name: guacd
-        image: guacamole/guacd
+        image: registry.spamasaurus.com/proxy/guacamole/guacd
         env:
         - name: GUACD_LOG_LEVEL
           value: 'debug'
@@ -61,7 +61,7 @@ spec:
           - name: proxy
             containerPort: 4822
       - name: mysql
-        image: mysql:latest
+        image: registry.spamasaurus.com/proxy/library/mysql:latest
         securityContext:
           runAsUser: 999
           runAsGroup: 999

services/Lighttpd/deploy-Lighttpd.yml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
       - name: lighttpd-php-pwsh
-        image: djpbessems/lighttpd-php-powershell
+        image: registry.spamasaurus.com/library/lighttpd-php-powershell
         ports:
           - name: web
             containerPort: 8080

services/PVR/deploy-NZBHydra.yml

@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: nzbhydra
-        image: linuxserver/nzbhydra2
+        image: registry.spamasaurus.com/proxy/linuxserver/nzbhydra2
         ports:
           - name: web
             containerPort: 5076

services/PVR/deploy-Plex.yml

@@ -0,0 +1,129 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+  namespace: pvr
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 32400
+  selector:
+    app: plex
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex-remoteaccess
+  namespace: pvr
+spec:
+  ports:
+  - port: 32400
+    protocol: TCP
+    targetPort: 32400
+  selector:
+    app: plex
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plex
+  namespace: pvr
+  labels:
+    app: plex
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: plex
+  template:
+    metadata:
+      labels:
+        app: plex
+    spec:
+      containers:
+      - name: plex
+        image: registry.spamasaurus.com/proxy/linuxserver/plex
+        ports:
+          - name: web
+            containerPort: 32400
+        env:
+          - name: VERSION
+            value: latest
+        volumeMounts:
+        - mountPath: /config
+          name: flexvolsmb-plex-config
+        - mountPath: /data/series
+          name: flexvolsmb-pvr-series
+        - mountPath: /data/movies
+          name: flexvolsmb-pvr-movies
+      volumes:
+      - name: flexvolsmb-plex-config
+        persistentVolumeClaim:
+          claimName: flexvolsmb-plex-config
+      - name: flexvolsmb-pvr-series
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pvr-series
+      - name: flexvolsmb-pvr-movies
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pvr-movies
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: plex
+  namespace: pvr
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`media.pvr.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: plex
+      port: 32400
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  tls:
+    options:
+      name: defaults@file
+    certResolver: default
+    domains:
+    - main: '*.pvr.spamasaurus.com'
+      sans:
+        - 'pvr.spamasaurus.com'
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-plex-config
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-plex-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8
+      server: 192.168.11.225
+      share: /K3s.Volumes/plex/config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-plex-config
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-plex-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/deploy-Radarr.yml

@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: radarr
-        image: linuxserver/radarr:nightly
+        image: registry.spamasaurus.com/proxy/linuxserver/radarr:nightly
         ports:
           - name: web
             containerPort: 7878

services/PVR/deploy-Readarr.yml

@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: readarr
-        image: hotio/readarr:nightly
+        image: registry.spamasaurus.com/proxy/hotio/readarr:nightly
         env:
         - name: DEBUG
           value: 'yes'

services/PVR/deploy-SABnzbd.yml

@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: sabnzbd
-        image: linuxserver/sabnzbd
+        image: registry.spamasaurus.com/proxy/linuxserver/sabnzbd
         ports:
           - name: web
             containerPort: 8080

services/PVR/deploy-Sonarr.yml

@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: sonarr
-        image: linuxserver/sonarr:preview
+        image: registry.spamasaurus.com/proxy/linuxserver/sonarr:preview
         ports:
           - name: web
             containerPort: 8989

services/Shaarli/deploy-Shaarli.yml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
       - name: shaarli
-        image: shaarli/shaarli
+        image: registry.spamasaurus.com/proxy/shaarli/shaarli
         ports:
           - name: web
             containerPort: 80

services/Theia/deploy-Theia.yml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
       - name: theia
-        image: theiaide/theia-full
+        image: registry.spamasaurus.com/proxy/theiaide/theia-full
         ports:
           - name: web
             containerPort: 3000

services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: traefik-certs-dumper
-        image: ldez/traefik-certs-dumper:latest-amd64
+        image: registry.spamasaurus.com/proxy/ldez/traefik-certs-dumper:latest-amd64
         command: ['traefik-certs-dumper', 'file']
         args: 
         - --watch

system/RolloutRestart/cronjob-RolloutRestart.yml

@@ -49,7 +49,7 @@ spec:
           restartPolicy: Never
           containers:
             - name: kubectl
-              image: bitnami/kubectl
+              image: registry.spamasaurus.com/proxy/bitnami/kubectl
               command:
                 - 'bash'
                 - '-c'

system/UpgradeController/plan-Agent.yml

@@ -17,5 +17,5 @@ spec:
     image: rancher/k3s-upgrade:v1.18.6-k3s1
   serviceAccountName: system-upgrade
   upgrade:
-    image: rancher/k3s-upgrade
+    image: registry.spamasaurus.com/proxy/rancher/k3s-upgrade
   channel: https://update.k3s.io/v1-release/channels/stable

system/UpgradeController/plan-Server.yml

@@ -14,5 +14,5 @@ spec:
       - "true"
   serviceAccountName: system-upgrade
   upgrade:
-    image: rancher/k3s-upgrade
+    image: registry.spamasaurus.com/proxy/rancher/k3s-upgrade
   channel: https://update.k3s.io/v1-release/channels/stable