diff --git a/README.md b/README.md index 9d20d82..6cbe355 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,7 @@ letting some customization to fit the resource inside your cluster. | general.storage.subPaths.config | Default subpath for all config files on used storage | config | | general.storage.volumes | Supply custom volume to be mounted for all services | {} | | general.ingress.ingressClassName | Reference an IngressClass resource that contains additional Ingress configuration | "" | +| general.ingress.enableSubdomains | If set to true each application will be accesible also as a subdomain. e.x. plex.domain.com | false | ### Plex @@ -280,34 +281,35 @@ letting some customization to fit the resource inside your cluster. ### Transmission -| Config path | Meaning | Default | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------------- | -| transmission.enabled | Flag if you want to enable Transmission | true | -| transmission.container.port.utp | The port in use by the container | 9091 | -| transmission.container.nodeSelector | Node Selector for the Transmission pods | {} | -| transmission.container.port.peer | The port in use by the container for peer connection | 51413 | -| transmission.container.image | The image used by the container | docker.io/linuxserver/transmission | -| transmission.container.tag | The tag used by the container | null | -| transmission.service.utp.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for Transmission itself | ClusterIP | -| transmission.service.utp.port | The port assigned to the service for Transmission itself | 9091 | -| transmission.service.utp.nodePort | In case of service.type NodePort, the nodePort to use for Transmission itself | "" | -| transmission.service.utp.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false | -| transmission.service.peer.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for peer port | ClusterIP | -| transmission.service.peer.port | The port assigned to the service for peer port | 51413 | -| transmission.service.peer.nodePort | In case of service.type NodePort, the nodePort to use for peer port | "" | -| transmission.service.peer.nodePortUDP | In case of service.type NodePort, the nodePort to use for peer port UDP service | "" | -| transmission.service.peer.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false | -| transmission.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer | null | -| transmission.ingress.enabled | If true, creates the ingress resource for the application | true | -| transmission.ingress.annotations | Additional field for annotations, if needed | {} | -| transmission.ingress.path | The path where the application is exposed | /transmission | -| transmission.ingress.tls.enabled | If true, tls is enabled | false | -| transmission.ingress.tls.secretName | Name of the secret holding certificates for the secure ingress | "" | -| transmission.config.auth.enabled | Enables authentication for Transmission | false | -| transmission.config.auth.username | Username for Transmission | "" | -| transmission.config.auth.password | Password for Transmission | "" | -| transmission.resources | Limits and Requests for the container | {} | -| transmission.volume | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {} | +| Config path | Meaning | Default | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | +| transmission.enabled | Flag if you want to enable Transmission | true | +| transmission.container.port.utp | The port in use by the container | 9091 | +| transmission.container.nodeSelector | Node Selector for the Transmission pods | {} | +| transmission.container.port.peer | The port in use by the container for peer connection | 51413 | +| transmission.container.image | The image used by the container | docker.io/linuxserver/transmission | +| transmission.container.tag | The tag used by the container | null | +| transmission.service.utp.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for Transmission itself | ClusterIP | +| transmission.service.utp.port | The port assigned to the service for Transmission itself | 9091 | +| transmission.service.utp.nodePort | In case of service.type NodePort, the nodePort to use for Transmission itself | "" | +| transmission.service.utp.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false | +| transmission.service.peer.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for peer port | ClusterIP | +| transmission.service.peer.port | The port assigned to the service for peer port | 51413 | +| transmission.service.peer.nodePort | In case of service.type NodePort, the nodePort to use for peer port | "" | +| transmission.service.peer.nodePortUDP | In case of service.type NodePort, the nodePort to use for peer port UDP service | "" | +| transmission.service.peer.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false | +| transmission.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer | null | +| transmission.ingress.enabled | If true, creates the ingress resource for the application | true | +| transmission.ingress.annotations | Additional field for annotations, if needed | {} | +| transmission.ingress.path | The path where the application is exposed | /transmission | +| transmission.ingress.tls.enabled | If true, tls is enabled | false | +| transmission.ingress.tls.secretName | Name of the secret holding certificates for the secure ingress | "" | +| transmission.config.auth.enabled | Enables authentication for Transmission | false | +| transmission.config.auth.username | Username for Transmission | "" | +| transmission.config.auth.password | Password for Transmission | "" | +| transmission.resources | Limits and Requests for the container | {} | +| transmission.volume | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {} | +| transmission.vpn.enabled | If set, a [gluetun](https://github.com/qdm12/gluetun-wiki) sidecar will be provisioned to route the traffic through a VPN. This requires a 3rd party VPN account | {} | ### Sabnzbd @@ -376,9 +378,34 @@ plex: service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: ``` +### Setting up the VPN + +If you have enabled the VPN for transmission you will need to fullfill the rest of parameters related to it, currently only [Mullvad](https://mullvad.net) VPN is supported. + +The following shows an example of the current settings for mullvard. + +```yaml +vpn: + enabled: true + provider: mullvad + type: openvpn + user: "XXXXXX" + city: zurich +``` + ## About the project This project is intended as an exercise, and absolutely for fun. This is not intended to promote piracy. Also feel free to contribute and extend it! + +### Uninstalling the helm chart + +To fully remove all the resources created you should uninstall the helm deployment. + +```bash + helm uninstall k8s-mediaserver +``` + +This will not delete the Custom Resources like the operator. diff --git a/helm-charts/k8s-mediaserver/Chart.yaml b/helm-charts/k8s-mediaserver/Chart.yaml index aeee050..6d5eec6 100644 --- a/helm-charts/k8s-mediaserver/Chart.yaml +++ b/helm-charts/k8s-mediaserver/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.10.0 +appVersion: 0.10.3 description: A Helm chart for Kubernetes mediaserver name: k8s-mediaserver type: application -version: 0.10.0 +version: 0.10.3 \ No newline at end of file diff --git a/helm-charts/k8s-mediaserver/templates/jackett-resources.yml b/helm-charts/k8s-mediaserver/templates/jackett-resources.yml index 947b351..fdfb6ca 100644 --- a/helm-charts/k8s-mediaserver/templates/jackett-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/jackett-resources.yml @@ -213,5 +213,17 @@ spec: name: jackett port: number: {{ .Values.jackett.service.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "jackett" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jackett + port: + number: {{ .Values.jackett.service.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml b/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml index e0ab68d..3f6fbaf 100644 --- a/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml @@ -107,8 +107,10 @@ apiVersion: v1 kind: Service metadata: name: jellyfin-lb + {{- with .Values.jackett.service.extraLBAnnotations }} annotations: - {{- include .Values.jellyfin.service.extraLBService.annotations . | nindent 4 }} + {{- . | toYaml | nindent 4 }} + {{- end }} labels: {{- include "k8s-mediaserver.labels" . | nindent 4 }} spec: @@ -153,5 +155,17 @@ spec: name: jellyfin port: number: {{ .Values.jellyfin.service.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "jellyfin" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: {{ .Values.jellyfin.service.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/plex-resources.yml b/helm-charts/k8s-mediaserver/templates/plex-resources.yml index 67b65ed..964675d 100644 --- a/helm-charts/k8s-mediaserver/templates/plex-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/plex-resources.yml @@ -182,5 +182,17 @@ spec: name: plex port: number: {{ .Values.plex.service.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "plex" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: plex + port: + number: {{ .Values.plex.service.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/prowlarr-resources.yml b/helm-charts/k8s-mediaserver/templates/prowlarr-resources.yml index 57525ff..772fb29 100644 --- a/helm-charts/k8s-mediaserver/templates/prowlarr-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/prowlarr-resources.yml @@ -216,5 +216,17 @@ spec: name: prowlarr port: number: {{ .Values.prowlarr.service.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "prowlarr" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prowlarr + port: + number: {{ .Values.prowlarr.service.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/radarr-resources.yml b/helm-charts/k8s-mediaserver/templates/radarr-resources.yml index b901eb4..ed1ddc2 100644 --- a/helm-charts/k8s-mediaserver/templates/radarr-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/radarr-resources.yml @@ -223,5 +223,17 @@ spec: name: radarr port: number: {{ .Values.radarr.service.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "radarr" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: radarr + port: + number: {{ .Values.radarr.service.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/sabnzbd-resources.yml b/helm-charts/k8s-mediaserver/templates/sabnzbd-resources.yml index 8432cf4..11fdc5b 100644 --- a/helm-charts/k8s-mediaserver/templates/sabnzbd-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/sabnzbd-resources.yml @@ -565,5 +565,17 @@ spec: name: sabnzbd port: number: {{ .Values.sabnzbd.service.http.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "sabnzbd" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: sabnzbd + port: + number: {{ .Values.sabnzbd.service.http.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/sonarr-resources.yml b/helm-charts/k8s-mediaserver/templates/sonarr-resources.yml index be36434..723519c 100644 --- a/helm-charts/k8s-mediaserver/templates/sonarr-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/sonarr-resources.yml @@ -221,5 +221,17 @@ spec: name: sonarr port: number: {{ .Values.sonarr.service.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "sonarr" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: sonarr + port: + number: {{ .Values.sonarr.service.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/templates/transmission-resources.yml b/helm-charts/k8s-mediaserver/templates/transmission-resources.yml index 402cb02..c7de2f8 100644 --- a/helm-charts/k8s-mediaserver/templates/transmission-resources.yml +++ b/helm-charts/k8s-mediaserver/templates/transmission-resources.yml @@ -173,6 +173,28 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.transmission.vpn.enabled }} + - name: gluetun + image: ghcr.io/qdm12/gluetun # Optionally you can use the "qmcgaw/gluetun" image as well as specify what version of Gluetun you desire + imagePullPolicy: Always + securityContext: + capabilities: + add: ["NET_ADMIN"] + env: + {{- if eq .Values.transmission.vpn.provider `mullvad` }} + # https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md + - name: TZ + value: "Europe/London" + - name: VPN_SERVICE_PROVIDER + value: "{{ .Values.transmission.vpn.provider }}" + - name: VPN_TYPE + value: "{{ .Values.transmission.vpn.type }}" + - name: OPENVPN_USER + value: {{ .Values.transmission.vpn.user | quote }} + - name: SERVER_CITIES + value: {{ .Values.transmission.vpn.city }} + {{ end }} + {{- end }} volumes: {{ if not .Values.general.storage.customVolume }} - name: mediaserver-volume @@ -371,5 +393,17 @@ spec: name: transmission port: number: {{ .Values.transmission.service.utp.port }} +{{ if .Values.general.ingress.enableSubdomains }} + - host: {{ printf "%s.%s" "transmission" .Values.general.ingress_host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: transmission + port: + number: {{ .Values.transmission.service.utp.port }} +{{ end }} {{ end }} {{ end }} diff --git a/helm-charts/k8s-mediaserver/values.yaml b/helm-charts/k8s-mediaserver/values.yaml index 2056019..fd70825 100644 --- a/helm-charts/k8s-mediaserver/values.yaml +++ b/helm-charts/k8s-mediaserver/values.yaml @@ -32,6 +32,7 @@ general: # path: /mnt/share ingress: ingressClassName: "" + enableSubdomains: true nodeSelector: {} sonarr: @@ -166,6 +167,8 @@ transmission: password: "" resources: {} volume: {} + vpn: + enabled: false # name: pvc-transmission-config # storageClassName: longhorn # annotations: {} @@ -294,6 +297,7 @@ jellyfin: nodePort: # Defines an additional LB service, requires cloud provider service or MetalLB extraLBService: false + extraLBAnnotations: {} ingress: enabled: true annotations: {} diff --git a/k8s-mediaserver.yml b/k8s-mediaserver.yml index b585264..1e86dbb 100644 --- a/k8s-mediaserver.yml +++ b/k8s-mediaserver.yml @@ -8,6 +8,7 @@ spec: general: ingress_host: k8s-mediaserver.k8s.test plex_ingress_host: k8s-plex.k8s.test + jellyfin_ingress_host: k8s-jellyfin.k8s.test image_tag: latest podDistribution: cluster # can be "spread" or "cluster" #UID to run the process with @@ -34,6 +35,7 @@ spec: # path: /mnt/share ingress: ingressClassName: "" + enableSubdomains: false nodeSelector: {} sonarr: @@ -170,6 +172,8 @@ spec: password: "" resources: {} volume: {} + vpn: + enabled: false # name: pvc-transmission-config # storageClassName: longhorn # annotations: {}