feat(arr): implement arr stack

lidarr, prowlarr, radarr, sonarr, torrent
2025-10-30 01:22:31 +00:00 · 2024-07-18 15:24:16 +02:00
parent d7f90f34e1
commit bd7ae1f091
32 changed files with 667 additions and 9 deletions
--- a/remodel/k8s/apps/application-set.yaml
+++ b/remodel/k8s/apps/application-set.yaml
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: applications
+  namespace: argocd
+  labels:
+    dev.stonegarden: application
+spec:
+  generators:
+    - git:
+        repoURL: https://github.com/vehagn/homelab
+        revision: remodel
+        directories:
+          - path: remodel/k8s/apps/*
+  template:
+    metadata:
+      name: '{{ path.basename }}'
+      labels:
+        dev.stonegarden: application
+      finalizers:
+        - resources-finalizer.argocd.argoproj.io
+    spec:
+      project: applications
+      source:
+        repoURL: https://github.com/vehagn/homelab
+        targetRevision: remodel
+        path: '{{ path }}'
+      destination:
+        name: in-cluster
+        namespace: argocd
+      syncPolicy:
+        automated:
+          selfHeal: true
+          prune: true
--- a/remodel/k8s/apps/kustomization.yaml
+++ b/remodel/k8s/apps/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+commonLabels:
+  dev.stonegarden: app-management
+  app.kubernetes.io/managed-by: argocd
+
+resources:
+  - project.yaml
+  - application-set.yaml
--- a/remodel/k8s/apps/media/application-set.yaml
+++ b/remodel/k8s/apps/media/application-set.yaml
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: media
+  namespace: argocd
+  labels:
+    dev.stonegarden: application
+spec:
+  generators:
+    - git:
+        repoURL: https://github.com/vehagn/homelab
+        revision: remodel
+        directories:
+          - path: remodel/k8s/apps/media/*
+  template:
+    metadata:
+      name: '{{ path.basename }}'
+      labels:
+        dev.stonegarden: application
+      finalizers:
+        - resources-finalizer.argocd.argoproj.io
+    spec:
+      project: media
+      source:
+        repoURL: https://github.com/vehagn/homelab
+        targetRevision: remodel
+        path: '{{ path }}'
+      destination:
+        name: in-cluster
+        namespace: argocd
+      syncPolicy:
+        automated:
+          selfHeal: true
+          prune: true
--- a/remodel/k8s/apps/media/arr/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/kustomization.yaml
@@ -8,7 +8,8 @@ configMapGenerator:
      - TZ="Europe/Oslo"

 resources:
-  - sonarr/pvc.yaml
-  - sonarr/svc.yaml
-  - sonarr/http-route.yaml
-  - sonarr/deployment.yaml
+  - lidarr
+  - prowlarr
+  - radarr
+  - sonarr
+  - torrent
--- a/remodel/k8s/apps/media/arr/lidarr/deployment.yaml
+++ b/remodel/k8s/apps/media/arr/lidarr/deployment.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lidarr
+  namespace: arr
+  labels:
+    app: lidarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lidarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      namespace: lidarr
+      labels:
+        app: lidarr
+    spec:
+      nodeSelector:
+        topology.kubernetes.io/zone: cantor
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+        fsGroup: 65534
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: lidarr
+          image: ghcr.io/onedr0p/lidarr:2.4.3
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ "ALL" ]
+          ports:
+            - name: http
+              containerPort: 8686
+          envFrom:
+            - configMapRef:
+                name: common-env
+          volumeMounts:
+            - name: lidarr-config
+              mountPath: /config
+            - name: tmp
+              mountPath: /tmp
+            - name: data
+              mountPath: /app/data
+          resources:
+            requests:
+              cpu: 50m
+              memory: 192Mi
+            limits:
+              cpu: 1000m
+              memory: 256Mi
+      volumes:
+        - name: lidarr-config
+          persistentVolumeClaim:
+            claimName: lidarr-config
+        - name: tmp
+          emptyDir: { }
+        - name: data
+          nfs:
+            server: 192.168.1.55
+            path: /mnt/pool-0/data
--- a/remodel/k8s/apps/media/arr/lidarr/http-route.yaml
+++ b/remodel/k8s/apps/media/arr/lidarr/http-route.yaml
@@ -0,0 +1,19 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: lidarr-http-route
+  namespace: arr
+spec:
+  parentRefs:
+    - name: euclid
+      namespace: gateway
+  hostnames:
+    - "lidarr.euclid.stonegarden.dev"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: lidarr-web
+          port: 80
--- a/remodel/k8s/apps/media/arr/lidarr/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/lidarr/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - pvc.yaml
+  - svc-web.yaml
+  - http-route.yaml
+  - deployment.yaml
--- a/remodel/k8s/apps/media/arr/lidarr/pvc.yaml
+++ b/remodel/k8s/apps/media/arr/lidarr/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lidarr-config
+  namespace: arr
+spec:
+  storageClassName: proxmox-csi
+  volumeName: pv-lidarr-config
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4G
--- a/remodel/k8s/apps/media/arr/lidarr/svc-web.yaml
+++ b/remodel/k8s/apps/media/arr/lidarr/svc-web.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lidarr-web
+  namespace: arr
+spec:
+  type: ClusterIP
+  selector:
+    app: lidarr
+  ports:
+    - name: web
+      port: 80
+      targetPort: http
--- a/remodel/k8s/apps/media/arr/prowlarr/deployment.yaml
+++ b/remodel/k8s/apps/media/arr/prowlarr/deployment.yaml
@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prowlarr
+  namespace: arr
+  labels:
+    app: prowlarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prowlarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      namespace: prowlarr
+      labels:
+        app: prowlarr
+    spec:
+      nodeSelector:
+        topology.kubernetes.io/zone: euclid
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+        fsGroup: 65534
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: prowlarr
+          image: ghcr.io/onedr0p/prowlarr:1.20.1
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ "ALL" ]
+          ports:
+            - name: http
+              containerPort: 9696
+          envFrom:
+            - configMapRef:
+                name: common-env
+          volumeMounts:
+            - name: prowlarr-config
+              mountPath: /config
+            - name: tmp
+              mountPath: /tmp
+          resources:
+            requests:
+              cpu: 50m
+              memory: 192Mi
+            limits:
+              cpu: 1000m
+              memory: 256Mi
+      volumes:
+        - name: prowlarr-config
+          persistentVolumeClaim:
+            claimName: prowlarr-config
+        - name: tmp
+          emptyDir: { }
--- a/remodel/k8s/apps/media/arr/prowlarr/http-route.yaml
+++ b/remodel/k8s/apps/media/arr/prowlarr/http-route.yaml
@@ -0,0 +1,19 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: prowlarr-http-route
+  namespace: arr
+spec:
+  parentRefs:
+    - name: euclid
+      namespace: gateway
+  hostnames:
+    - "prowlarr.euclid.stonegarden.dev"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: prowlarr-web
+          port: 80
--- a/remodel/k8s/apps/media/arr/prowlarr/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/prowlarr/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - pvc.yaml
+  - svc-web.yaml
+  - http-route.yaml
+  - deployment.yaml
--- a/remodel/k8s/apps/media/arr/prowlarr/pvc.yaml
+++ b/remodel/k8s/apps/media/arr/prowlarr/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prowlarr-config
+  namespace: arr
+spec:
+  storageClassName: proxmox-csi
+  volumeName: pv-prowlarr-config
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1G
--- a/remodel/k8s/apps/media/arr/prowlarr/svc-web.yaml
+++ b/remodel/k8s/apps/media/arr/prowlarr/svc-web.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prowlarr-web
+  namespace: arr
+spec:
+  type: ClusterIP
+  selector:
+    app: prowlarr
+  ports:
+    - name: web
+      port: 80
+      targetPort: http
--- a/remodel/k8s/apps/media/arr/radarr/deployment.yaml
+++ b/remodel/k8s/apps/media/arr/radarr/deployment.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radarr
+  namespace: arr
+  labels:
+    app: radarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: radarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      namespace: radarr
+      labels:
+        app: radarr
+    spec:
+      nodeSelector:
+        topology.kubernetes.io/zone: cantor
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+        fsGroup: 65534
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: radarr
+          image: ghcr.io/onedr0p/radarr:5.7.0
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ "ALL" ]
+          ports:
+            - name: http
+              containerPort: 7878
+          envFrom:
+            - configMapRef:
+                name: common-env
+          volumeMounts:
+            - name: radarr-config
+              mountPath: /config
+            - name: tmp
+              mountPath: /tmp
+            - name: data
+              mountPath: /app/data
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 1000m
+              memory: 256Mi
+      volumes:
+        - name: radarr-config
+          persistentVolumeClaim:
+            claimName: radarr-config
+        - name: tmp
+          emptyDir: { }
+        - name: data
+          nfs:
+            server: 192.168.1.55
+            path: /mnt/pool-0/data
--- a/remodel/k8s/apps/media/arr/radarr/http-route.yaml
+++ b/remodel/k8s/apps/media/arr/radarr/http-route.yaml
@@ -0,0 +1,19 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: radarr-http-route
+  namespace: arr
+spec:
+  parentRefs:
+    - name: euclid
+      namespace: gateway
+  hostnames:
+    - "radarr.euclid.stonegarden.dev"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: radarr-web
+          port: 80
--- a/remodel/k8s/apps/media/arr/radarr/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/radarr/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - pvc.yaml
+  - svc-web.yaml
+  - http-route.yaml
+  - deployment.yaml
--- a/remodel/k8s/apps/media/arr/radarr/pvc.yaml
+++ b/remodel/k8s/apps/media/arr/radarr/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: radarr-config
+  namespace: arr
+spec:
+  storageClassName: proxmox-csi
+  volumeName: pv-radarr-config
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4G
--- a/remodel/k8s/apps/media/arr/radarr/svc-web.yaml
+++ b/remodel/k8s/apps/media/arr/radarr/svc-web.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: radarr-web
+  namespace: arr
+spec:
+  type: ClusterIP
+  selector:
+    app: radarr
+  ports:
+    - name: web
+      port: 80
+      targetPort: http
--- a/remodel/k8s/apps/media/arr/sonarr/deployment.yaml
+++ b/remodel/k8s/apps/media/arr/sonarr/deployment.yaml
@@ -51,7 +51,7 @@ spec:
              mountPath: /app/data
          resources:
            requests:
-              cpu: 100m
+              cpu: 50m
              memory: 384Mi
            limits:
              cpu: 1000m
--- a/remodel/k8s/apps/media/arr/sonarr/http-route.yaml
+++ b/remodel/k8s/apps/media/arr/sonarr/http-route.yaml
@@ -15,5 +15,5 @@ spec:
            type: PathPrefix
            value: /
      backendRefs:
-        - name: sonarr
-          port: 80
+        - name: sonarr-web
+          port: 80
--- a/remodel/k8s/apps/media/arr/sonarr/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/sonarr/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - pvc.yaml
+  - svc-web.yaml
+  - http-route.yaml
+  - deployment.yaml
--- a/remodel/k8s/apps/media/arr/sonarr/svc-web.yaml
+++ b/remodel/k8s/apps/media/arr/sonarr/svc-web.yaml
@@ -1,12 +1,13 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: sonarr
+  name: sonarr-web
  namespace: arr
 spec:
  type: ClusterIP
  selector:
    app: sonarr
  ports:
-    - port: 80
+    - name: web
+      port: 80
      targetPort: http
--- a/remodel/k8s/apps/media/arr/torrent/deployment.yaml
+++ b/remodel/k8s/apps/media/arr/torrent/deployment.yaml
@@ -0,0 +1,93 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: torrent
+  namespace: arr
+  labels:
+    app: torrent
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: torrent
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      namespace: torrent
+      labels:
+        app: torrent
+    spec:
+      nodeSelector:
+        topology.kubernetes.io/zone: euclid
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        fsGroupChangePolicy: Always
+        seccompProfile:
+          type: RuntimeDefault
+      initContainers:
+        - name: vuetorrent
+          image: busybox
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ "ALL" ]
+          command:
+            - sh
+            - -c
+            - wget -O /themes/vuetorrent.zip https://github.com/VueTorrent/VueTorrent/releases/download/v2.10.2/vuetorrent.zip && unzip /themes/vuetorrent.zip -d /themes/ && rm /themes/vuetorrent.zip
+          volumeMounts:
+            - name: themes
+              mountPath: /themes
+      containers:
+        - name: torrent
+          image: ghcr.io/onedr0p/qbittorrent:4.6.5
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ "ALL" ]
+          ports:
+            - name: http
+              containerPort: 8080
+            - name: tcp
+              containerPort: 11012
+              protocol: TCP
+            - name: udp
+              containerPort: 11012
+              protocol: UDP
+          envFrom:
+            - configMapRef:
+                name: common-env
+          volumeMounts:
+            - name: torrent-config
+              mountPath: /config
+            - name: tmp
+              mountPath: /tmp
+            - name: themes
+              mountPath: /themes
+            - name: data
+              mountPath: /app/data
+          resources:
+            requests:
+              cpu: 100m
+              memory: 1.5Gi
+            limits:
+              cpu: 2000m
+              memory: 8Gi
+      volumes:
+        - name: torrent-config
+          persistentVolumeClaim:
+            claimName: torrent-config
+        - name: tmp
+          emptyDir: { }
+        - name: themes
+          emptyDir: { }
+        - name: data
+          nfs:
+            server: 192.168.1.55
+            path: /mnt/pool-0/data
--- a/remodel/k8s/apps/media/arr/torrent/http-route.yaml
+++ b/remodel/k8s/apps/media/arr/torrent/http-route.yaml
@@ -0,0 +1,19 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: torrent-http-route
+  namespace: arr
+spec:
+  parentRefs:
+    - name: euclid
+      namespace: gateway
+  hostnames:
+    - "torrent.euclid.stonegarden.dev"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: torrent-web
+          port: 80
--- a/remodel/k8s/apps/media/arr/torrent/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/torrent/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - pvc.yaml
+  - svc-web.yaml
+  - svc-torrent.yaml
+  - http-route.yaml
+  - deployment.yaml
--- a/remodel/k8s/apps/media/arr/torrent/pvc.yaml
+++ b/remodel/k8s/apps/media/arr/torrent/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: torrent-config
+  namespace: arr
+spec:
+  storageClassName: proxmox-csi
+  volumeName: pv-torrent-config
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1G
--- a/remodel/k8s/apps/media/arr/torrent/svc-torrent.yaml
+++ b/remodel/k8s/apps/media/arr/torrent/svc-torrent.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: torrent
+  namespace: arr
+  annotations:
+    io.cilium/lb-ipam-ips: 192.168.1.225
+spec:
+  type: LoadBalancer
+  selector:
+    app: torrent
+  ports:
+    - name: tcp
+      port: 11011
+      protocol: TCP
+      targetPort: tcp
+    - name: udp
+      port: 11011
+      protocol: UDP
+      targetPort: udp
--- a/remodel/k8s/apps/media/arr/torrent/svc-web.yaml
+++ b/remodel/k8s/apps/media/arr/torrent/svc-web.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: torrent-web
+  namespace: arr
+spec:
+  type: ClusterIP
+  selector:
+    app: torrent
+  ports:
+    - name: web
+      port: 80
+      targetPort: http
--- a/remodel/k8s/apps/media/kustomization.yaml
+++ b/remodel/k8s/apps/media/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+commonLabels:
+  dev.stonegarden: app-management
+  app.kubernetes.io/managed-by: argocd
+
+resources:
+  - project.yaml
+  - application-set.yaml
--- a/remodel/k8s/apps/media/project.yaml
+++ b/remodel/k8s/apps/media/project.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: media
+  namespace: argocd
+spec:
+  sourceRepos:
+    - 'https://github.com/vehagn/homelab'
+  destinations:
+    - namespace: 'argocd'
+      server: '*'
+    - namespace: 'arr'
+      server: '*'
+    - namespace: 'plex'
+      server: '*'
+    - namespace: 'jellyfin'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'
--- a/remodel/k8s/apps/project.yaml
+++ b/remodel/k8s/apps/project.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: applications
+  namespace: argocd
+spec:
+  sourceNamespaces:
+    - '*'
+  sourceRepos:
+    - 'https://github.com/vehagn/*'
+  destinations:
+    - namespace: 'argocd'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'