⬆️ sonarr app-template v2

kubernetes/apps/default/sonarr/app/externalsecret.yaml

@@ -16,9 +16,23 @@ spec:
       data:
         # App
         SONARR__API_KEY: "{{ .SONARR__API_KEY }}"
+        SONARR__POSTGRES_HOST: &dbHost postgres-rw.default.svc.cluster.local
+        SONARR__POSTGRES_PORT: "5432"
+        SONARR__POSTGRES_USER: &dbUser "{{ .SONARR__POSTGRES_USER }}"
+        SONARR__POSTGRES_PASSWORD: &dbPass "{{ .SONARR__POSTGRES_PASSWORD }}"
+        SONARR__POSTGRES_MAIN_DB: sonarr_main
+        SONARR__POSTGRES_LOG_DB: sonarr_log
         PUSHOVER_TOKEN: "{{ .PUSHOVER_API_TOKEN }}"
         PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}"
+        # Postgres Init
+        INIT_POSTGRES_DBNAME: sonarr_main sonarr_log
+        INIT_POSTGRES_HOST: *dbHost
+        INIT_POSTGRES_USER: *dbUser
+        INIT_POSTGRES_PASS: *dbPass
+        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
+    - extract:
+        key: cloudnative-pg
     - extract:
         key: pushover
     - extract:

kubernetes/apps/default/sonarr/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 1.5.1
+      version: 2.0.3
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -27,25 +27,65 @@ spec:
   uninstall:
     keepHistory: false
   values:
-    controller:
-      annotations:
-        reloader.stakater.com/auto: "true"
-        configmap.reloader.stakater.com/reload: sonarr-pushover
-    image:
-      repository: ghcr.io/onedr0p/sonarr-develop
-      tag: 4.0.0.710@sha256:438f46db13f15df81159118a9f1d74ce7e2a46e9bd45024b2fa6aecae6036068
-    env:
-      TZ: "${TIMEZONE}"
-      PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
-      PUSHOVER_DEBUG: "false"
-      PUSHOVER_PRIORITY: "0"
-      SONARR__INSTANCE_NAME: Sonarr
-      SONARR__PORT: &port 8080
-      SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
-      SONARR__LOG_LEVEL: info
-    envFrom:
-      - secretRef:
-          name: sonarr-secret
+    defaultPodOptions:
+      securityContext:
+        runAsUser: 568
+        runAsGroup: 568
+        fsGroup: 568
+        fsGroupChangePolicy: OnRootMismatch
+    controllers:
+      main:
+        annotations:
+          reloader.stakater.com/auto: "true"
+          configmap.reloader.stakater.com/reload: "sonarr-pushover"
+        initContainers:
+          init-db:
+            image:
+              repository: ghcr.io/auricom/postgres-init
+              tag: 15.4@sha256:83e1abf06be5741bdfb8cb53fc03a1ade6e6b5ec7b92a8aac0c69ba5dc7e51f0
+              pullPolicy: IfNotPresent
+            envFrom: &envFrom
+              - secretRef:
+                  name: sonarr-secret
+        containers:
+          main:
+            image:
+              repository: ghcr.io/onedr0p/sonarr-develop
+              tag: 4.0.0.710@sha256:438f46db13f15df81159118a9f1d74ce7e2a46e9bd45024b2fa6aecae6036068
+            env:
+              TZ: "${TIMEZONE}"
+              PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+              PUSHOVER_DEBUG: "false"
+              PUSHOVER_PRIORITY: "0"
+              SONARR__AUTHENTICATION_METHOD: External
+              SONARR__AUTHENTICATION_REQUIRED: DisabledForLocalAddresses
+              SONARR__INSTANCE_NAME: Sonarr
+              SONARR__PORT: &port 8080
+              SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+              SONARR__LOG_LEVEL: info
+              SONARR__THEME: dark
+            envFrom: *envFrom
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /ping
+                    port: *port
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+              startup:
+                enabled: false
+            resources:
+              requests:
+                cpu: 10m
+                memory: 256M
+              limits:
+                memory: 1Gi
     service:
       main:
         ports:
@@ -54,57 +94,41 @@ spec:
     ingress:
       main:
         enabled: true
-        ingressClassName: "nginx"
+        className: "nginx"
         annotations:
           auth.home.arpa/enabled: "true"
-          nginx.ingress.kubernetes.io/configuration-snippet: |
-            proxy_set_header Accept-Encoding "";
-            sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/sonarr/nord.css"></head>';
-            sub_filter_once on;
           hajimari.io/icon: mdi:television-classic
         hosts:
           - host: *host
             paths:
               - path: /
-                pathType: Prefix
+                service:
+                  name: main
+                  port: http
         tls:
           - hosts:
               - *host
-    podSecurityContext:
-      runAsUser: 568
-      runAsGroup: 568
-      fsGroup: 568
-      fsGroupChangePolicy: "OnRootMismatch"
-      supplementalGroups:
-        - 100
     persistence:
       config:
         enabled: true
-        existingClaim: sonarr-config
-        mountPath: /config
+        type: emptyDir
       downloads:
-        enabled: true
         type: nfs
         server: "${LOCAL_LAN_TRUENAS}"
         path: /mnt/storage/downloads
-        mountPath: /mnt/storage/downloads
+        globalMounts:
+          - path: /mnt/storage/downloads
       video:
-        enabled: true
         type: nfs
         server: "${LOCAL_LAN_TRUENAS}"
         path: /mnt/storage/video
-        mountPath: /mnt/storage/video
+        globalMounts:
+          - path: /mnt/storage/video
       scripts:
-        enabled: true
         type: configMap
         name: sonarr-pushover
-        subPath: pushover-notify.sh
-        mountPath: /scripts/pushover-notify.sh
         defaultMode: 0775
-        readOnly: true
-    resources:
-      requests:
-        cpu: 500m
-        memory: 500Mi
-      limits:
-        memory: 2000Mi
+        globalMounts:
+          - path: /scripts/pushover-notify.sh
+            subPath: pushover-notify.sh
+            readOnly: true

kubernetes/apps/default/sonarr/app/kustomization.yaml

@@ -7,8 +7,6 @@ resources:
   - ./externalsecret.yaml
   - ./gatus.yaml
   - ./helmrelease.yaml
-  - ./volsync.yaml
-  - ./volume.yaml
 configMapGenerator:
   - name: sonarr-pushover
     files:

kubernetes/apps/default/sonarr/app/volsync.yaml

@@ -1,49 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: sonarr-restic
-  namespace: default
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: sonarr-restic-secret
-    creationPolicy: Owner
-    template:
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/sonarr'
-        RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
-        AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
-        AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
-  dataFrom:
-    - extract:
-        key: volsync-restic-template
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  name: sonarr
-  namespace: default
-spec:
-  sourcePVC: sonarr-config
-  trigger:
-    schedule: "0 7 * * *"
-  restic:
-    copyMethod: Snapshot
-    pruneIntervalDays: 7
-    repository: sonarr-restic-secret
-    cacheCapacity: 2Gi
-    volumeSnapshotClassName: csi-ceph-blockpool
-    storageClassName: rook-ceph-block
-    moverSecurityContext:
-      runAsUser: 568
-      runAsGroup: 568
-      fsGroup: 568
-    retain:
-      daily: 7
-      within: 3d

kubernetes/apps/default/sonarr/app/volume.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: sonarr-config
-  namespace: default
-  labels:
-    app.kubernetes.io/name: &name sonarr
-    app.kubernetes.io/instance: *name
-    snapshot.home.arpa/enabled: "true"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
-  storageClassName: rook-ceph-block