diff --git a/helm/templates/deploy.yaml b/helm/templates/deploy.yaml index a544a6b..dad2ffa 100644 --- a/helm/templates/deploy.yaml +++ b/helm/templates/deploy.yaml @@ -35,7 +35,6 @@ spec: fieldPath: metadata.namespace ports: - containerPort: 8096 - protocol: TCP volumeMounts: - mountPath: /config name: config diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml index ce2e1d5..4e0d76a 100644 --- a/helm/templates/ingress.yaml +++ b/helm/templates/ingress.yaml @@ -1,65 +1,37 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute +# headers: +# customResponseHeaders: +# X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" +# SSLHost: "jellyfin.ducoterra.net" +# SSLForceHost: true +# STSSeconds: "315360000" +# STSIncludeSubdomains: true +# STSPreload: true +# forceSTSHeader: true +# frameDeny: true +# contentTypeNosniff: true +# browserXSSFilter: true +# customFrameOptionsValue: "https://jellyfin.ducoterra.net" + +apiVersion: networking.k8s.io/v1 +kind: Ingress metadata: - name: {{ .Release.Name }}-tls annotations: - kubernetes.io/ingress.class: traefik -spec: - entryPoints: - - websecure - tls: - certResolver: duconet - routes: - - match: Host(`{{ .Release.Name }}.ducoterra.net`) - kind: Rule - services: - - name: {{ .Release.Name }} - port: 8096 - middlewares: - - name: headers-{{ .Release.Name }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx name: {{ .Release.Name }} - annotations: - kubernetes.io/ingress.class: traefik spec: - entryPoints: - - web - routes: - - match: Host(`{{ .Release.Name }}.ducoterra.net`) - kind: Rule - services: - - name: {{ .Release.Name }} - port: 8096 - middlewares: - - name: httpsredirect-{{ .Release.Name }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: httpsredirect-{{ .Release.Name }} -spec: - redirectScheme: - scheme: https - permanent: true ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: headers-{{ .Release.Name }} -spec: - headers: - customResponseHeaders: - X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" - SSLHost: "jellyfin.ducoterra.net" - SSLForceHost: true - STSSeconds: "315360000" - STSIncludeSubdomains: true - STSPreload: true - forceSTSHeader: true - frameDeny: true - contentTypeNosniff: true - browserXSSFilter: true - customFrameOptionsValue: "https://jellyfin.ducoterra.net" \ No newline at end of file + rules: + - host: {{ .Release.Name }}.ducoterra.net + http: + paths: + - backend: + service: + name: {{ .Release.Name }} + port: + number: 8096 + path: / + pathType: Prefix + tls: + - hosts: + - {{ .Release.Name }}.ducoterra.net + secretName: {{.Release.Name}}-tls-cert diff --git a/helm/templates/middleware.yaml b/helm/templates/middleware.yaml deleted file mode 100644 index 62bc01d..0000000 --- a/helm/templates/middleware.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: jellyfin -spec: - headers: - customResponseHeaders: - X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" - SSLHost: "jellyfin.ducoterra.net" - SSLForceHost: true - STSSeconds: "315360000" - STSIncludeSubdomains: true - STSPreload: true - forceSTSHeader: true - frameDeny: true - contentTypeNosniff: true - browserXSSFilter: true - customFrameOptionsValue: "https://jellyfin.ducoterra.net" \ No newline at end of file diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml index d50cfc4..257c2c7 100644 --- a/helm/templates/pvc.yaml +++ b/helm/templates/pvc.yaml @@ -6,7 +6,7 @@ metadata: "helm.sh/resource-policy": keep spec: accessModes: - - ReadWriteMany + - ReadWriteOnce resources: requests: storage: 32Gi @@ -19,7 +19,7 @@ metadata: "helm.sh/resource-policy": keep spec: accessModes: - - ReadWriteMany + - ReadWriteOnce resources: requests: storage: 32Gi diff --git a/helm/values.yaml b/helm/values.yaml index 69463c8..43ffab5 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,5 +1,5 @@ install: - jf_detector: true + jf_detector: false jf_detector: image: hub.ducoterra.net/ducoterra/jf-detector:0.0.4 diff --git a/media.yaml b/media.yaml index 895a543..ea19ba8 100644 --- a/media.yaml +++ b/media.yaml @@ -8,8 +8,12 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain + mountOptions: + - nolock + - noatime + - nfsvers=3 nfs: - server: 3.14.3.101 # replace with your nfs server IP or hostname + server: freenas.dnet # replace with your nfs server IP or hostname path: "/mnt/enc0/media" # replace with your mount path --- # nfs-pvc.yaml @@ -18,10 +22,11 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nfs-media + namespace: jellyfin spec: resources: requests: storage: 4T accessModes: - ReadWriteMany - storageClassName: "" \ No newline at end of file + storageClassName: ""