diff --git a/README.md b/README.md index e85dba3c5..d6b1ee8c2 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@
[![Discord](https://img.shields.io/discord/673534664354430999?style=for-the-badge&label&logo=discord&logoColor=white&color=blue)](https://discord.gg/k8s-at-home) -[![Kubernetes](https://img.shields.io/badge/v1.32-blue?style=for-the-badge&logo=kubernetes&logoColor=white)](https://talos.dev/) +[![Kubernetes](https://img.shields.io/badge/talos-blue?style=for-the-badge&logo=kubernetes&logoColor=white)](https://talos.dev/) [![Renovate](https://img.shields.io/github/actions/workflow/status/auricom/home-ops/renovate.yaml?branch=main&label=&logo=renovatebot&style=for-the-badge&color=blue)](https://github.com/auricom/home-ops/actions/workflows/renovate.yaml)
diff --git a/kubernetes/apps/default/calibre/calibre-downloader/helmrelease.yaml b/kubernetes/apps/default/calibre/calibre-downloader/helmrelease.yaml new file mode 100644 index 000000000..1d529b5e1 --- /dev/null +++ b/kubernetes/apps/default/calibre/calibre-downloader/helmrelease.yaml @@ -0,0 +1,107 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app calibre-downloader + namespace: default +spec: + interval: 1h + chartRef: + kind: OCIRepository + name: app-template + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + defaultPodOptions: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: false + seccompProfile: { type: RuntimeDefault } + controllers: + ${APP}: + containers: + app: + image: + repository: ghcr.io/calibrain/calibre-web-automated-book-downloader-extbp + tag: v0.2.1@sha256:ad85f74b495e8736d4081052236866f5a6587ffd60638f448cce80c1d35c5b03 + env: + FLASK_PORT: &port 8084 + INGEST_DIR: &ingest /cwa-book-ingest + BOOK_LANGUAGE: en + DEFAULT_SLEEP: 15 + USE_BOOK_TITLE: true + LOG_LEVEL: debug + # Use flaresolverr instead of integrated chromium + EXT_BYPASSER_URL: http://flaresolverr:8191 + command: + - /bin/sh + - -c + - | + gunicorn -t 300 -b 0.0.0.0:8084 app:app + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /request/api/status + port: *port + readiness: *probes + resources: + requests: + cpu: 10m + memory: 150Mi + limits: + memory: 500Mi + securityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + service: + app: + controller: *app + ports: + http: + port: *port + route: + app: + hostnames: ["books.${SECRET_EXTERNAL_DOMAIN}"] + parentRefs: + - name: internal + namespace: network + sectionName: https + rules: + - backendRefs: + - name: *app + port: *port + timeouts: + request: 0s + persistence: + tmpfs: + type: emptyDir + globalMounts: + - path: /tmp + subPath: tmp + - path: /app/downloaded_files + subPath: downloads + - path: /var/log/cwa-book-downloader/ + subPath: logs + ingest: + type: nfs + server: 192.168.9.10 + path: /var/mnt/vol1/apps/calibre/ingest + globalMounts: + - path: *ingest + diff --git a/kubernetes/apps/default/calibre/calibre-downloader/kustomization.yaml b/kubernetes/apps/default/calibre/calibre-downloader/kustomization.yaml new file mode 100644 index 000000000..4aa74b27c --- /dev/null +++ b/kubernetes/apps/default/calibre/calibre-downloader/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/calibre/calibre-web-automated/helmrelease.yaml b/kubernetes/apps/default/calibre/calibre-web-automated/helmrelease.yaml new file mode 100644 index 000000000..f78fe7385 --- /dev/null +++ b/kubernetes/apps/default/calibre/calibre-web-automated/helmrelease.yaml @@ -0,0 +1,112 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app calibre-web-automated + namespace: default +spec: + interval: 1h + chartRef: + kind: OCIRepository + name: app-template + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + defaultPodOptions: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + seccompProfile: { type: RuntimeDefault } + controllers: + ${APP}: + containers: + app: + image: + repository: ghcr.io/crocodilestick/calibre-web-automated + tag: V3.1.4@sha256:577e846f104fd21453ef306eefb4a95dd95b3b9ddd2463a150944494284da0fd + env: + CACHE_DIR: /cache + # Skips/soft fail on privileged actions that shouldn't exist anyways + NETWORK_SHARE_MODE: true + S6_YES_I_WANT_A_WORLD_WRITABLE_RUN_BECAUSE_KUBERNETES: 1 + S6_READ_ONLY_ROOT: 1 + securityContext: + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + add: + # S6 + - CHOWN + - SETUID + - SETGID + - FOWNER + - DAC_OVERRIDE + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + port: &port 8083 + path: /login + readiness: *probes + resources: + requests: + cpu: 50m + memory: 200Mi + limits: + memory: 600Mi + service: + app: + controller: *app + ports: + http: + port: *port + route: + app: + hostnames: ["calibre.${SECRET_EXTERNAL_DOMAIN}"] + parentRefs: + - name: internal + namespace: network + sectionName: https + rules: + - backendRefs: + - name: *app + port: *port + persistence: + config: + enabled: true + existingClaim: *app + globalMounts: + - path: /config + tmpfs: + type: emptyDir + globalMounts: + - path: /cache + subPath: cache + - path: /tmp + subPath: tmp + - path: /run + subPath: run + ingest: + type: nfs + server: &nas 192.168.9.10 + path: /var/mnt/vol1/apps/calibre/ingest + globalMounts: + - path: /cwa-book-ingest + library: + type: nfs + server: *nas + path: /var/mnt/vol1/apps/calibre/library + globalMounts: + - path: /calibre-library diff --git a/kubernetes/apps/default/calibre/calibre-web-automated/kustomization.yaml b/kubernetes/apps/default/calibre/calibre-web-automated/kustomization.yaml new file mode 100644 index 000000000..4aa74b27c --- /dev/null +++ b/kubernetes/apps/default/calibre/calibre-web-automated/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/calibre/ks.yaml b/kubernetes/apps/default/calibre/ks.yaml new file mode 100644 index 000000000..74dbd19ed --- /dev/null +++ b/kubernetes/apps/default/calibre/ks.yaml @@ -0,0 +1,55 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app calibre-web-automated + namespace: &namespace default +spec: + targetNamespace: *namespace + dependsOn: + - name: volsync + namespace: volsync + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/default/calibre/calibre-web-automated + components: + - ../../../../components/gatus/guarded + - ../../../../components/volsync + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + wait: true + interval: 30m + timeout: 3m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 10Gi +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app calibre-downloader + namespace: &namespace default +spec: + targetNamespace: *namespace + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/default/calibre/calibre-downloader + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + wait: true + interval: 30m + timeout: 3m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index fa5549de4..731904f63 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ./atuin/ks.yaml - ./authelia/ks.yaml - ./bazarr/ks.yaml + - ./calibre/ks.yaml - ./exercisediary/ks.yaml - ./flaresolverr/ks.yaml - ./flood/ks.yaml