working on K3OS

2021-12-02 23:30:42 -05:00
parent 1c127d6726
commit a00db8727c
6 changed files with 43 additions and 85 deletions
--- a/helm/templates/deploy.yaml
+++ b/helm/templates/deploy.yaml
@@ -35,7 +35,6 @@ spec:
              fieldPath: metadata.namespace
        ports:
        - containerPort: 8096
-          protocol: TCP
        volumeMounts:
          - mountPath: /config
            name: config
--- a/helm/templates/ingress.yaml
+++ b/helm/templates/ingress.yaml
@@ -1,65 +1,37 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
+#   headers:
+#     customResponseHeaders:
+#       X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
+#     SSLHost: "jellyfin.ducoterra.net"
+#     SSLForceHost: true
+#     STSSeconds: "315360000"
+#     STSIncludeSubdomains: true
+#     STSPreload: true
+#     forceSTSHeader: true
+#     frameDeny: true
+#     contentTypeNosniff: true
+#     browserXSSFilter: true
+#     customFrameOptionsValue: "https://jellyfin.ducoterra.net"
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
 metadata:
-  name: {{ .Release.Name }}-tls
  annotations:
-    kubernetes.io/ingress.class: traefik
-spec:
-  entryPoints:
-    - websecure
-  tls:
-    certResolver: duconet
-  routes:
-  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
-    kind: Rule
-    services:
-    - name: {{ .Release.Name }}
-      port: 8096
-    middlewares:
-      - name: headers-{{ .Release.Name }}
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: nginx
  name: {{ .Release.Name }}
-  annotations:
-    kubernetes.io/ingress.class: traefik
 spec:
-  entryPoints:
-    - web
-  routes:
-  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
-    kind: Rule
-    services:
-    - name: {{ .Release.Name }}
-      port: 8096
-    middlewares:
-      - name: httpsredirect-{{ .Release.Name }}
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: httpsredirect-{{ .Release.Name }}
-spec:
-  redirectScheme:
-    scheme: https
-    permanent: true
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: headers-{{ .Release.Name }}
-spec:
-  headers:
-    customResponseHeaders:
-      X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
-    SSLHost: "jellyfin.ducoterra.net"
-    SSLForceHost: true
-    STSSeconds: "315360000"
-    STSIncludeSubdomains: true
-    STSPreload: true
-    forceSTSHeader: true
-    frameDeny: true
-    contentTypeNosniff: true
-    browserXSSFilter: true
-    customFrameOptionsValue: "https://jellyfin.ducoterra.net"
+  rules:
+  - host: {{ .Release.Name }}.ducoterra.net
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}
+            port:
+              number: 8096
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ .Release.Name }}.ducoterra.net
+    secretName: {{.Release.Name}}-tls-cert
--- a/helm/templates/middleware.yaml
+++ b/helm/templates/middleware.yaml
@@ -1,18 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: jellyfin
-spec:
-  headers:
-    customResponseHeaders:
-      X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
-    SSLHost: "jellyfin.ducoterra.net"
-    SSLForceHost: true
-    STSSeconds: "315360000"
-    STSIncludeSubdomains: true
-    STSPreload: true
-    forceSTSHeader: true
-    frameDeny: true
-    contentTypeNosniff: true
-    browserXSSFilter: true
-    customFrameOptionsValue: "https://jellyfin.ducoterra.net"
--- a/helm/templates/pvc.yaml
+++ b/helm/templates/pvc.yaml
@@ -6,7 +6,7 @@ metadata:
    "helm.sh/resource-policy": keep
 spec:
  accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
  resources:
    requests:
      storage: 32Gi
@@ -19,7 +19,7 @@ metadata:
    "helm.sh/resource-policy": keep
 spec:
  accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
  resources:
    requests:
      storage: 32Gi
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -1,5 +1,5 @@
 install:
-  jf_detector: true
+  jf_detector: false

 jf_detector:
  image: hub.ducoterra.net/ducoterra/jf-detector:0.0.4
--- a/media.yaml
+++ b/media.yaml
@@ -8,8 +8,12 @@ spec:
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - nolock
+    - noatime
+    - nfsvers=3
  nfs:
-    server: 3.14.3.101 # replace with your nfs server IP or hostname
+    server: freenas.dnet # replace with your nfs server IP or hostname
    path: "/mnt/enc0/media" # replace with your mount path
 ---
 # nfs-pvc.yaml
@@ -18,10 +22,11 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: nfs-media
+  namespace: jellyfin
 spec:
  resources:
    requests:
      storage: 4T
  accessModes:
  - ReadWriteMany
-  storageClassName: ""
+  storageClassName: ""