Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- helmCharts:
- - name: plex # name within the helm-repo
- releaseName: plex
- namespace: media
- repo: https://k8s-at-home.com/charts/
- # version: 3.1.3 # not latest because ...
- includeCRDs: true
- valuesInline:
- env:
- TZ: Europe/Zurich
- PLEX_MEDIA_SERVER_USE_SYSLOG: true
- service:
- main:
- annotations:
- metallb.universe.tf/address-pool: main-metallb-pool
- metallb.universe.tf/allow-shared-ip: 96-ingress-nginx
- type: LoadBalancer
- dnla-tcp:
- enabled: true
- externalTrafficPolicy: Cluster
- annotations:
- metallb.universe.tf/address-pool: main-metallb-pool
- metallb.universe.tf/allow-shared-ip: 96-ingress-nginx
- type: LoadBalancer
- dnla-udp:
- enabled: true
- externalTrafficPolicy: Cluster
- annotations:
- metallb.universe.tf/address-pool: main-metallb-pool
- metallb.universe.tf/allow-shared-ip: 96-ingress-nginx
- type: LoadBalancer
- ingress:
- main:
- enabled: true
- tls:
- - secretName: acme-plex-tls
- hosts:
- - plex.fuog.net
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: 0 # streaming never ends :D
- nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
- hosts:
- - host: plex.k8s.fuog.net
- paths:
- - path: /
- pathType: Prefix
- service:
- name: plex
- port: 32400
- - host: plex.fuog.net
- paths:
- - path: /
- pathType: Prefix
- service:
- name: plex
- port: 32400
- podSecurityContext:
- runAsUser: 1000014
- runAsGroup: 1000001
- # fsGroup: 568
- supplementalGroups:
- - 44
- - 107
- persistence:
- config:
- enabled: true
- storageClass: iscsi # because deployment uses fragile stuff
- accessMode: ReadWriteOnce
- mountPath: /config
- size: 40Gi
- retain: true
- pkcs12:
- enabled: true
- type: emptyDir
- accessMode: ReadWriteOnce
- mountPath: /cert-pkcs12
- size: 1Mi
- retain: false
- transcode:
- enabled: true
- storageClass: nfs
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /transcode
- lucifron-video:
- enabled: true
- mountPath: /mnt/video
- existingClaim: lucifron-video-pv
- lucifron-data:
- enabled: true
- mountPath: /mnt/music
- existingClaim: lucifron-music-pv
- resources:
- - custom/lucifron-music-pv.yaml
- - custom/lucifron-video-pv.yaml
- - custom/acme-plex-cert.yaml
- patches:
- - target:
- kind: Deployment
- name: plex
- patch: |-
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: plex
- spec:
- template:
- spec:
- hostname: plex
- volumes:
- - name: cert
- secret:
- secretName: acme-plex-tls
- initContainers:
- - name: ensure-iscsi-permissions
- image: busybox
- command: ['sh', '-c', "chown -R 1000014:1000001 /config"]
- securityContext:
- runAsUser: 0
- runAsGroup: 0
- volumeMounts:
- - mountPath: /config
- name: config
- - name: convert-cert
- image: frapsoft/openssl
- command:
- - '/bin/sh'
- - '-c'
- - 'openssl pkcs12 -export -inkey /cert/tls.key -in /cert/tls.crt -passout pass:1234 -out /cert-pkcs12/cert.p12'
- securityContext:
- runAsUser: 0
- runAsGroup: 0
- volumeMounts:
- - mountPath: /cert
- readOnly: true
- name: cert
- - mountPath: /cert-pkcs12
- name: pkcs12
- containers:
- - name: plex
- resources:
- limits:
- gpu.intel.com/i915: 0
- volumeMounts:
- - mountPath: /cert
- name: cert
- readOnly: true
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement