From 1ba33cd50a7f6d4c84c426506bdc7cc07da49843 Mon Sep 17 00:00:00 2001
From: Michael Thomson <mthomson@konradgroup.com>
Date: Mon, 4 Dec 2023 17:42:28 -0500
Subject: [PATCH] jellyfin test

---
 .../helmrepository-utkuozdemir.yaml           |   8 +
 .../kustomization-jellyfin.yaml               |  19 ++
 bootstrap/namespaces/namespace-jellyfin.yaml  |   4 +
 jellyfin/dns-endpoint-jellyfin.yaml           |  12 +
 jellyfin/helmrelease-jellyfin.yaml            | 216 ++++++++++++++++++
 5 files changed, 259 insertions(+)
 create mode 100644 bootstrap/helmrepositories/helmrepository-utkuozdemir.yaml
 create mode 100644 bootstrap/kustomizations/kustomization-jellyfin.yaml
 create mode 100644 bootstrap/namespaces/namespace-jellyfin.yaml
 create mode 100644 jellyfin/dns-endpoint-jellyfin.yaml
 create mode 100644 jellyfin/helmrelease-jellyfin.yaml

diff --git a/bootstrap/helmrepositories/helmrepository-utkuozdemir.yaml b/bootstrap/helmrepositories/helmrepository-utkuozdemir.yaml
new file mode 100644
index 0000000..f2bc9ba
--- /dev/null
+++ b/bootstrap/helmrepositories/helmrepository-utkuozdemir.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: utkuozdemir
+  namespace: flux-system
+spec:
+  interval: 15m
+  url: https://utkuozdemir.org/helm-charts
diff --git a/bootstrap/kustomizations/kustomization-jellyfin.yaml b/bootstrap/kustomizations/kustomization-jellyfin.yaml
new file mode 100644
index 0000000..eb7524d
--- /dev/null
+++ b/bootstrap/kustomizations/kustomization-jellyfin.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: jellyfin
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: jellyfin
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  validation: server
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: jellyfin
+      namespace: jellyfin
diff --git a/bootstrap/namespaces/namespace-jellyfin.yaml b/bootstrap/namespaces/namespace-jellyfin.yaml
new file mode 100644
index 0000000..167a2cb
--- /dev/null
+++ b/bootstrap/namespaces/namespace-jellyfin.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jellyfin
diff --git a/jellyfin/dns-endpoint-jellyfin.yaml b/jellyfin/dns-endpoint-jellyfin.yaml
new file mode 100644
index 0000000..d730ba7
--- /dev/null
+++ b/jellyfin/dns-endpoint-jellyfin.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: jellyfin.michaelthomson.dev
+  namespace: jellyfin
+spec:
+  endpoints:
+  - dnsName: jellyfin.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
diff --git a/jellyfin/helmrelease-jellyfin.yaml b/jellyfin/helmrelease-jellyfin.yaml
new file mode 100644
index 0000000..4ec90a5
--- /dev/null
+++ b/jellyfin/helmrelease-jellyfin.yaml
@@ -0,0 +1,216 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+spec:
+  chart:
+    spec:
+      chart: jellyfin
+      version: 2.x
+      sourceRef:
+        kind: HelmRepository
+        name: utkuozdemir
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: jellyfin
+  values:
+    # -- Number of replicas to run. Chart is not designed to scale horizontally, use at your own risk
+    replicaCount: 1
+
+    # -- Use host network
+    hostNetwork: false
+
+    port: 8096
+    hostPort:
+      # -- Use host port for the application
+      enabled: false
+      # -- Host port to bind to
+      port: 8096
+
+    # -- Additional port definitions for the pod
+    additionalPorts: []
+      # - name: tcp-8920
+      #   containerPort: 8920
+      #   protocol: TCP
+      #   hostPort: 8920
+      # - name: udp-1900
+      #   containerPort: 1900
+      #   protocol: UDP
+      #   hostPort: 1900
+      # - name: udp-7359
+      #   containerPort: 7359
+      #   protocol: UDP
+      #   hostPort: 7359
+
+    # -- Additional port definitions for the service
+    additionalServicePorts: []
+
+    image:
+      # -- Image repository
+      repository: docker.io/linuxserver/jellyfin
+      # -- Image pull policy
+      pullPolicy: IfNotPresent
+      # -- Image tag (if not specified, defaults to the chart's appVersion)
+      tag: ""
+
+    # -- Image pull secrets
+    imagePullSecrets: []
+    # -- String to partially override fullname template with a string (will prepend the release name)
+    nameOverride: ""
+    # -- String to fully override fullname template with a string
+    fullnameOverride: ""
+
+    serviceAccount:
+      # -- Specifies whether a service account should be created
+      create: true
+      # -- Annotations to add to the service account
+      annotations: {}
+      # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template
+      name: ""
+
+    # -- Annotations for the pods
+    podAnnotations: {}
+
+    # -- Security context for the pods
+    podSecurityContext: {}
+
+    # -- Security context for the container. NET_ADMIN capability is required for the VPN to work properly.
+    securityContext:
+      capabilities:
+        add:
+          - NET_ADMIN
+
+    # -- Deployment strategy
+    strategy:
+      type: Recreate
+
+    service:
+      # -- Type of the service
+      type: ClusterIP
+      # -- Port for the service to use
+      port: 8096
+
+    ingress:
+      # -- Expose the app using an ingress
+      enabled: true
+      # -- Ingress class name
+      className: traefik
+      # -- Annotations for the ingress
+      annotations:
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+      # -- Ingress hosts configuration
+      # @default -- see [values.yaml](values.yaml)
+      hosts:
+        - host: jellyfin.michaelthomson.dev
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+      # -- The TLS configuration for the Ingress
+      tls:
+        - secretName: letsencrypt-wildcard-cert-michaelthomson.dev
+          hosts:
+            - jellyfin.michaelthomson.dev
+
+    # -- The resource requests and limits of the container
+    resources: {}
+
+    # -- The node selector for the deployment
+    nodeSelector: {}
+
+    # -- Tolerations for the pod assignment
+    tolerations: []
+
+    # -- Affinity for the pod assignment
+    affinity: {}
+
+    persistence:
+      config:
+        # -- Config: Enable persistence
+        enabled: true
+        # -- Config: Persistence type is pvc. When `false`, data volume definition is read from `persistence.config.customVolume`
+        isPvc: true
+        # -- Config: Name of the existing claim to be used for config
+        existingClaim: ""
+        # -- Config: Storage class for the volume
+        storageClass: longhorn
+        # -- Config: Annotations for the claim
+        annotations: {}
+          # helm.sh/resource-policy: keep
+        # -- Config: Access modes for the claim
+        accessModes:
+          - ReadWriteOnce
+        # -- Config: Size for the claim
+        size: 2Gi
+        # -- Config: Alternative data volume definition (e.g. nfs, hostPath). Used when `persistence.config.isPvc` is `false`
+        customVolume: {}
+          # hostPath:
+          #   path: /path/on/host
+      data:
+        # -- Data: Enable persistence
+        enabled: true
+        # -- Data: Persistence type is pvc. When `false`, data volume definition is read from `persistence.data.customVolume`
+        isPvc: true
+        # -- Data: Name of the existing claim to be used
+        existingClaim: ""
+        # -- Data: Storage class for the data volume
+        storageClass: longhorn
+        # -- Data: Annotations for the claim
+        annotations: {}
+        # helm.sh/resource-policy: keep
+        # -- Data: Access modes for the claim
+        accessModes:
+          - ReadWriteOnce
+        # -- Data: Size for the claim
+        size: 64Gi
+        # -- Data: Alternative data volume definition (e.g. nfs, hostPath). Used when `persistence.data.isPvc` is `false`
+        customVolume: {}
+        # hostPath:
+        #   path: /path/on/host
+
+    # -- Non-sensitive environment variables to be set in the pods. See the [application docs](https://docs.linuxserver.io/images/docker-jellyfin)
+    env: {}
+
+    # -- Sensitive environment variables to be set in the pods. See the [application docs](https://docs.linuxserver.io/images/docker-jellyfin)
+    secretEnv: {}
+
+    # -- DNS configuration for the pod
+    dnsConfig: {}
+
+    # -- DNS policy for the pod
+    dnsPolicy: ClusterFirst
+
+    # -- Arbitrary extra volume definitions for the pod
+    extraVolumes: []
+
+    # -- Arbitrary extra volume mounts for the pod
+    extraVolumeMounts: {}
+
+    # -- Pod liveness probe
+    livenessProbe: {}
+
+    # -- Pod readiness probe
+    readinessProbe:
+      httpGet:
+        port: http
+
+    # -- Init containers
+    initContainers: []
+      # - name: init
+      #   image: busybox:stable-musl
+      #   command:
+      #     - sh
+      #     - -c
+      #     - echo "initializing..."
+
+    # -- Sidecar containers
+    sidecarContainers: []
+      # - name: sidecar
+      #   image: busybox:stable-musl
+      #   command:
+      #     - tail
+      #     - -f
+      #     - /dev/null