From e226c3ce7167521151009ed279e6d204d6db20f6 Mon Sep 17 00:00:00 2001 From: djpbessems Date: Wed, 4 Nov 2020 13:11:47 +0100 Subject: [PATCH] Use local registry proxy for most services --- ingress/Traefik2.x/chart-values.yml | 4 + services/Adminer/deploy-Adminer.yml | 2 +- services/Authelia/deploy-Authelia.yml | 4 +- services/DDclient/deploy-DDclient.yml | 2 +- services/DroneCI/deploy-DroneCI.yml | 6 +- services/Gitea/deploy-Gitea.yml | 2 +- services/Gotify/deploy-Gotify.yml | 2 +- services/Guacamole/deploy-Guacamole.yml | 6 +- services/Lighttpd/deploy-Lighttpd.yml | 2 +- services/PVR/deploy-NZBHydra.yml | 2 +- services/PVR/deploy-Plex.yml | 129 ++++++++++++++++++ services/PVR/deploy-Radarr.yml | 2 +- services/PVR/deploy-Readarr.yml | 2 +- services/PVR/deploy-SABnzbd.yml | 2 +- services/PVR/deploy-Sonarr.yml | 2 +- services/Shaarli/deploy-Shaarli.yml | 2 +- services/Theia/deploy-Theia.yml | 2 +- .../deploy-TraefikCertsDumper.yml | 2 +- .../RolloutRestart/cronjob-RolloutRestart.yml | 2 +- system/UpgradeController/plan-Agent.yml | 2 +- system/UpgradeController/plan-Server.yml | 2 +- 21 files changed, 156 insertions(+), 25 deletions(-) create mode 100644 services/PVR/deploy-Plex.yml diff --git a/ingress/Traefik2.x/chart-values.yml b/ingress/Traefik2.x/chart-values.yml index 1cffc28..0f6f8d1 100644 --- a/ingress/Traefik2.x/chart-values.yml +++ b/ingress/Traefik2.x/chart-values.yml @@ -10,6 +10,10 @@ ports: web: redirectTo: websecure +service: + spec: + externalTrafficPolicy: Local + volumes: - name: traefik-configmap mountPath: /etc/traefik diff --git a/services/Adminer/deploy-Adminer.yml b/services/Adminer/deploy-Adminer.yml index f734854..c6c154e 100644 --- a/services/Adminer/deploy-Adminer.yml +++ b/services/Adminer/deploy-Adminer.yml @@ -37,7 +37,7 @@ spec: serviceAccountName: adminer containers: - name: adminer - image: adminer + image: registry.spamasaurus.com/proxy/library/adminer ports: - name: web containerPort: 8080 diff --git a/services/Authelia/deploy-Authelia.yml b/services/Authelia/deploy-Authelia.yml index a7e2a1a..15833f5 100644 --- a/services/Authelia/deploy-Authelia.yml +++ b/services/Authelia/deploy-Authelia.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: authelia - image: authelia/authelia + image: registry.spamasaurus.com/proxy/authelia/authelia env: - name: TZ value: Europe/Amsterdam @@ -27,7 +27,7 @@ spec: - name: flexvolsmb-authelia-conf mountPath: /config - name: redis - image: redis:alpine + image: registry.spamasaurus.com/proxy/library/redis:alpine args: - redis-server - --requirepass authelia diff --git a/services/DDclient/deploy-DDclient.yml b/services/DDclient/deploy-DDclient.yml index 92ad611..1453507 100644 --- a/services/DDclient/deploy-DDclient.yml +++ b/services/DDclient/deploy-DDclient.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: ddclient - image: linuxserver/ddclient + image: registry.spamasaurus.com/proxy/linuxserver/ddclient volumeMounts: - mountPath: /config name: ddclient-secret diff --git a/services/DroneCI/deploy-DroneCI.yml b/services/DroneCI/deploy-DroneCI.yml index c4c88f0..a530ae0 100644 --- a/services/DroneCI/deploy-DroneCI.yml +++ b/services/DroneCI/deploy-DroneCI.yml @@ -39,8 +39,7 @@ spec: serviceAccountName: drone containers: - name: drone -# image: registry.spamasaurus.com/proxy/drone/drone:latest - image: drone/drone:latest + image: registry.spamasaurus.com/proxy/drone/drone:latest command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-server"] env: - name: DRONE_SERVER_PROTO @@ -66,8 +65,7 @@ spec: - mountPath: /data name: flexvolsmb-drone-data - name: drone-runner -# image: registry.spamasaurus.com/proxy/drone/drone-runner-kube:latest - image: drone/drone-runner-kube:latest + image: registry.spamasaurus.com/proxy/drone/drone-runner-kube:latest command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-runner-kube"] ports: - containerPort: 3000 diff --git a/services/Gitea/deploy-Gitea.yml b/services/Gitea/deploy-Gitea.yml index 9471f97..618ce70 100644 --- a/services/Gitea/deploy-Gitea.yml +++ b/services/Gitea/deploy-Gitea.yml @@ -28,7 +28,7 @@ spec: spec: containers: - name: gitea - image: gitea/gitea:1 + image: registry.spamasaurus.com/proxy/gitea/gitea:1 env: - name: DB_TYPE value: 'sqlite3' diff --git a/services/Gotify/deploy-Gotify.yml b/services/Gotify/deploy-Gotify.yml index 7b602bf..4018509 100644 --- a/services/Gotify/deploy-Gotify.yml +++ b/services/Gotify/deploy-Gotify.yml @@ -28,7 +28,7 @@ spec: spec: containers: - name: gotify - image: gotify/server + image: registry.spamasaurus.com/proxy/gotify/server ports: - name: web containerPort: 80 diff --git a/services/Guacamole/deploy-Guacamole.yml b/services/Guacamole/deploy-Guacamole.yml index 2d36517..82eef9e 100644 --- a/services/Guacamole/deploy-Guacamole.yml +++ b/services/Guacamole/deploy-Guacamole.yml @@ -35,7 +35,7 @@ spec: hostname: guacamole containers: - name: guacamole - image: guacamole/guacamole + image: registry.spamasaurus.com/proxy/guacamole/guacamole env: - name: GUACD_HOSTNAME value: 'guacamole.default.svc.cluster.local' @@ -53,7 +53,7 @@ spec: - name: ui containerPort: 8080 - name: guacd - image: guacamole/guacd + image: registry.spamasaurus.com/proxy/guacamole/guacd env: - name: GUACD_LOG_LEVEL value: 'debug' @@ -61,7 +61,7 @@ spec: - name: proxy containerPort: 4822 - name: mysql - image: mysql:latest + image: registry.spamasaurus.com/proxy/library/mysql:latest securityContext: runAsUser: 999 runAsGroup: 999 diff --git a/services/Lighttpd/deploy-Lighttpd.yml b/services/Lighttpd/deploy-Lighttpd.yml index bf8d9d9..b2a323c 100644 --- a/services/Lighttpd/deploy-Lighttpd.yml +++ b/services/Lighttpd/deploy-Lighttpd.yml @@ -28,7 +28,7 @@ spec: spec: containers: - name: lighttpd-php-pwsh - image: djpbessems/lighttpd-php-powershell + image: registry.spamasaurus.com/library/lighttpd-php-powershell ports: - name: web containerPort: 8080 diff --git a/services/PVR/deploy-NZBHydra.yml b/services/PVR/deploy-NZBHydra.yml index c7cbe46..2686e16 100644 --- a/services/PVR/deploy-NZBHydra.yml +++ b/services/PVR/deploy-NZBHydra.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: nzbhydra - image: linuxserver/nzbhydra2 + image: registry.spamasaurus.com/proxy/linuxserver/nzbhydra2 ports: - name: web containerPort: 5076 diff --git a/services/PVR/deploy-Plex.yml b/services/PVR/deploy-Plex.yml new file mode 100644 index 0000000..d17eec4 --- /dev/null +++ b/services/PVR/deploy-Plex.yml @@ -0,0 +1,129 @@ +apiVersion: v1 +kind: Service +metadata: + name: plex + namespace: pvr +spec: + ports: + - protocol: TCP + name: web + port: 32400 + selector: + app: plex +--- +apiVersion: v1 +kind: Service +metadata: + name: plex-remoteaccess + namespace: pvr +spec: + ports: + - port: 32400 + protocol: TCP + targetPort: 32400 + selector: + app: plex + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plex + namespace: pvr + labels: + app: plex +spec: + replicas: 1 + selector: + matchLabels: + app: plex + template: + metadata: + labels: + app: plex + spec: + containers: + - name: plex + image: registry.spamasaurus.com/proxy/linuxserver/plex + ports: + - name: web + containerPort: 32400 + env: + - name: VERSION + value: latest + volumeMounts: + - mountPath: /config + name: flexvolsmb-plex-config + - mountPath: /data/series + name: flexvolsmb-pvr-series + - mountPath: /data/movies + name: flexvolsmb-pvr-movies + volumes: + - name: flexvolsmb-plex-config + persistentVolumeClaim: + claimName: flexvolsmb-plex-config + - name: flexvolsmb-pvr-series + persistentVolumeClaim: + claimName: flexvolsmb-pvr-series + - name: flexvolsmb-pvr-movies + persistentVolumeClaim: + claimName: flexvolsmb-pvr-movies +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: plex + namespace: pvr +spec: + entryPoints: + - websecure + routes: + - match: Host(`media.pvr.spamasaurus.com`) + kind: Rule + services: + - name: plex + port: 32400 + middlewares: + - name: security-headers@file + - name: compression@file + tls: + options: + name: defaults@file + certResolver: default + domains: + - main: '*.pvr.spamasaurus.com' + sans: + - 'pvr.spamasaurus.com' +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-plex-config + namespace: pvr +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-plex-config + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8 + server: 192.168.11.225 + share: /K3s.Volumes/plex/config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-plex-config + namespace: pvr +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-plex-config + resources: + requests: + storage: 1Gi diff --git a/services/PVR/deploy-Radarr.yml b/services/PVR/deploy-Radarr.yml index ca56a58..33cb563 100644 --- a/services/PVR/deploy-Radarr.yml +++ b/services/PVR/deploy-Radarr.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: radarr - image: linuxserver/radarr:nightly + image: registry.spamasaurus.com/proxy/linuxserver/radarr:nightly ports: - name: web containerPort: 7878 diff --git a/services/PVR/deploy-Readarr.yml b/services/PVR/deploy-Readarr.yml index 93a53a4..0346633 100644 --- a/services/PVR/deploy-Readarr.yml +++ b/services/PVR/deploy-Readarr.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: readarr - image: hotio/readarr:nightly + image: registry.spamasaurus.com/proxy/hotio/readarr:nightly env: - name: DEBUG value: 'yes' diff --git a/services/PVR/deploy-SABnzbd.yml b/services/PVR/deploy-SABnzbd.yml index 97a3373..7372dfe 100644 --- a/services/PVR/deploy-SABnzbd.yml +++ b/services/PVR/deploy-SABnzbd.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: sabnzbd - image: linuxserver/sabnzbd + image: registry.spamasaurus.com/proxy/linuxserver/sabnzbd ports: - name: web containerPort: 8080 diff --git a/services/PVR/deploy-Sonarr.yml b/services/PVR/deploy-Sonarr.yml index 34fe316..db4cf9a 100644 --- a/services/PVR/deploy-Sonarr.yml +++ b/services/PVR/deploy-Sonarr.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: sonarr - image: linuxserver/sonarr:preview + image: registry.spamasaurus.com/proxy/linuxserver/sonarr:preview ports: - name: web containerPort: 8989 diff --git a/services/Shaarli/deploy-Shaarli.yml b/services/Shaarli/deploy-Shaarli.yml index b8140b0..45a9e68 100644 --- a/services/Shaarli/deploy-Shaarli.yml +++ b/services/Shaarli/deploy-Shaarli.yml @@ -28,7 +28,7 @@ spec: spec: containers: - name: shaarli - image: shaarli/shaarli + image: registry.spamasaurus.com/proxy/shaarli/shaarli ports: - name: web containerPort: 80 diff --git a/services/Theia/deploy-Theia.yml b/services/Theia/deploy-Theia.yml index 5929b18..5ec53b0 100644 --- a/services/Theia/deploy-Theia.yml +++ b/services/Theia/deploy-Theia.yml @@ -28,7 +28,7 @@ spec: spec: containers: - name: theia - image: theiaide/theia-full + image: registry.spamasaurus.com/proxy/theiaide/theia-full ports: - name: web containerPort: 3000 diff --git a/services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml b/services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml index a5df66d..1345e05 100644 --- a/services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml +++ b/services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: traefik-certs-dumper - image: ldez/traefik-certs-dumper:latest-amd64 + image: registry.spamasaurus.com/proxy/ldez/traefik-certs-dumper:latest-amd64 command: ['traefik-certs-dumper', 'file'] args: - --watch diff --git a/system/RolloutRestart/cronjob-RolloutRestart.yml b/system/RolloutRestart/cronjob-RolloutRestart.yml index 9f5a5b9..6966716 100644 --- a/system/RolloutRestart/cronjob-RolloutRestart.yml +++ b/system/RolloutRestart/cronjob-RolloutRestart.yml @@ -49,7 +49,7 @@ spec: restartPolicy: Never containers: - name: kubectl - image: bitnami/kubectl + image: registry.spamasaurus.com/proxy/bitnami/kubectl command: - 'bash' - '-c' diff --git a/system/UpgradeController/plan-Agent.yml b/system/UpgradeController/plan-Agent.yml index 4effdb5..c515d0a 100644 --- a/system/UpgradeController/plan-Agent.yml +++ b/system/UpgradeController/plan-Agent.yml @@ -17,5 +17,5 @@ spec: image: rancher/k3s-upgrade:v1.18.6-k3s1 serviceAccountName: system-upgrade upgrade: - image: rancher/k3s-upgrade + image: registry.spamasaurus.com/proxy/rancher/k3s-upgrade channel: https://update.k3s.io/v1-release/channels/stable diff --git a/system/UpgradeController/plan-Server.yml b/system/UpgradeController/plan-Server.yml index 9c146ab..33d4094 100644 --- a/system/UpgradeController/plan-Server.yml +++ b/system/UpgradeController/plan-Server.yml @@ -14,5 +14,5 @@ spec: - "true" serviceAccountName: system-upgrade upgrade: - image: rancher/k3s-upgrade + image: registry.spamasaurus.com/proxy/rancher/k3s-upgrade channel: https://update.k3s.io/v1-release/channels/stable