apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: jellyfin
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: jellyfin
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      tolerations:
      - key: "node.kubernetes.io/unreachable"
        operator: "Exists"
        effect: "NoExecute"
        tolerationSeconds: 1
      - key: "node.kubernetes.io/not-ready"
        operator: "Exists"
        effect: "NoExecute"
        tolerationSeconds: 1
      containers:
      - name: jellyfin
        image: {{ .Values.jellyfin.image }}
        ports:
          - containerPort: 8096
            name: http
        volumeMounts:
          - mountPath: /config
            name: config
          - mountPath: /cache
            name: cache
          - mountPath: /movies
            name: movies
          - mountPath: /shows
            name: shows
          - mountPath: /videos
            name: videos
        resources:
          requests:
            memory: "1Gi"
            cpu: "1m"
          limits:
            memory: "8Gi"
            cpu: "24"
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: {{ .Release.Name }}-config
      - name: cache
        persistentVolumeClaim:
          claimName: {{ .Release.Name }}-cache
      - name: movies
        nfs:
          server: democratic-csi-server.reeselink.com
          path: /mnt/enc0/media/Movies
          readOnly: true
      - name: shows
        nfs:
          server: democratic-csi-server.reeselink.com
          path: /mnt/enc0/media/Shows
          readOnly: true
      - name: videos
        nfs:
          server: democratic-csi-server.reeselink.com
          path: /mnt/enc0/media/Videos
          readOnly: true

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ .Release.Name }}-config
  annotations:
    "helm.sh/resource-policy": keep
spec:
  storageClassName: zfs-iscsi-enc0
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ .Release.Name }}-cache
  annotations:
    "helm.sh/resource-policy": keep
spec:
  storageClassName: zfs-iscsi-enc1
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 128Gi

---

apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}
spec:
  type: ClusterIP
  selector:
    app.kubernetes.io/name: jellyfin
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: http

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ .Release.Name }}
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.org/client-max-body-size: "0"
spec:
  rules:
  - host: {{ .Values.jellyfin.domain }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: jellyfin
            port:
              name: http
  tls:
  - hosts:
    - {{ .Values.jellyfin.domain }}
    secretName: jellyfin-tls-cert