API tools faq
paste
Advertisement
blackbinary

Untitled

blackbinary
Mar 14th, 2022
1,024
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 4.38 KB | None | 0 0
raw download clone embed print report
  1. ---
  2. helmCharts:
  3. - name: plex # name within the helm-repo
  4.   releaseName: plex
  5.   namespace: media
  6.   repo: https://k8s-at-home.com/charts/
  7.   # version: 3.1.3 # not latest because ...
  8.   includeCRDs: true
  9.   valuesInline:
  10.     env:
  11.       TZ: Europe/Zurich
  12.       PLEX_MEDIA_SERVER_USE_SYSLOG: true
  13.  
  14.     service:
  15.       main:
  16.         annotations:
  17.           metallb.universe.tf/address-pool: main-metallb-pool
  18.           metallb.universe.tf/allow-shared-ip: 96-ingress-nginx
  19.         type: LoadBalancer
  20.       dnla-tcp:
  21.         enabled: true
  22.         externalTrafficPolicy: Cluster
  23.         annotations:
  24.           metallb.universe.tf/address-pool: main-metallb-pool
  25.           metallb.universe.tf/allow-shared-ip: 96-ingress-nginx
  26.         type: LoadBalancer
  27.       dnla-udp:
  28.         enabled: true
  29.         externalTrafficPolicy: Cluster
  30.         annotations:
  31.           metallb.universe.tf/address-pool: main-metallb-pool
  32.           metallb.universe.tf/allow-shared-ip: 96-ingress-nginx
  33.         type: LoadBalancer
  34.  
  35.     ingress:
  36.       main:
  37.         enabled: true
  38.         tls:
  39.           - secretName: acme-plex-tls
  40.             hosts:
  41.              - plex.fuog.net
  42.         annotations:
  43.           nginx.ingress.kubernetes.io/proxy-body-size: 0 # streaming never ends :D
  44.           nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  45.  
  46.         hosts:
  47.           - host: plex.k8s.fuog.net
  48.             paths:
  49.               - path: /
  50.                 pathType: Prefix
  51.                 service:
  52.                   name: plex
  53.                   port: 32400
  54.           - host: plex.fuog.net
  55.             paths:
  56.               - path: /
  57.                 pathType: Prefix
  58.                 service:
  59.                   name: plex
  60.                   port: 32400
  61.  
  62.     podSecurityContext:
  63.       runAsUser: 1000014
  64.       runAsGroup: 1000001
  65. #      fsGroup: 568
  66.       supplementalGroups:
  67.        - 44
  68.         - 107
  69.  
  70.     persistence:
  71.       config:
  72.         enabled: true
  73.         storageClass: iscsi # because deployment uses fragile stuff
  74.         accessMode: ReadWriteOnce
  75.         mountPath: /config
  76.         size: 40Gi
  77.         retain: true
  78.  
  79.       pkcs12:
  80.         enabled: true
  81.         type: emptyDir
  82.         accessMode: ReadWriteOnce
  83.         mountPath: /cert-pkcs12
  84.         size: 1Mi
  85.         retain: false
  86.  
  87.       transcode:
  88.         enabled: true
  89.         storageClass: nfs
  90.         accessMode: ReadWriteOnce
  91.         size: 1Gi
  92.         mountPath: /transcode
  93.  
  94.       lucifron-video:
  95.         enabled: true
  96.         mountPath: /mnt/video
  97.         existingClaim: lucifron-video-pv
  98.  
  99.       lucifron-data:
  100.         enabled: true
  101.         mountPath: /mnt/music
  102.         existingClaim: lucifron-music-pv
  103.  
  104. resources:
  105. - custom/lucifron-music-pv.yaml
  106.  - custom/lucifron-video-pv.yaml
  107.  - custom/acme-plex-cert.yaml
  108.  
  109. patches:
  110.   - target:
  111.       kind: Deployment
  112.       name: plex
  113.     patch: |-
  114.       apiVersion: apps/v1
  115.       kind: Deployment
  116.       metadata:
  117.         name: plex
  118.       spec:
  119.         template:
  120.           spec:
  121.             hostname: plex
  122.             volumes:
  123.               - name: cert
  124.                 secret:
  125.                   secretName: acme-plex-tls
  126.             initContainers:
  127.               - name: ensure-iscsi-permissions
  128.                 image: busybox
  129.                 command: ['sh', '-c', "chown -R  1000014:1000001 /config"]
  130.                 securityContext:
  131.                   runAsUser: 0
  132.                   runAsGroup: 0
  133.                 volumeMounts:
  134.                   - mountPath: /config
  135.                     name: config
  136.               - name: convert-cert
  137.                 image: frapsoft/openssl
  138.                 command:
  139.                  - '/bin/sh'
  140.                   - '-c'
  141.                   - 'openssl pkcs12 -export -inkey /cert/tls.key -in /cert/tls.crt -passout pass:1234 -out /cert-pkcs12/cert.p12'
  142.                 securityContext:
  143.                   runAsUser: 0
  144.                   runAsGroup: 0
  145.                 volumeMounts:
  146.                   - mountPath: /cert
  147.                     readOnly: true
  148.                     name: cert
  149.                   - mountPath: /cert-pkcs12
  150.                     name: pkcs12
  151.             containers:
  152.               - name: plex
  153.                 resources:
  154.                   limits:
  155.                     gpu.intel.com/i915: 0
  156.                 volumeMounts:
  157.                 - mountPath: /cert
  158.                   name: cert
  159.                   readOnly: true
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!