From 7107558e41073d735c8eb06f978182ea4ed15792 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Fri, 5 Sep 2025 02:12:45 -0500 Subject: [PATCH] restore external longhorn-ui --- .../kustomization-longhorn-ui.yaml | 17 ++++++++++++ .../longhorn/ui-ingress/ingress.yaml | 26 +++++++++++++++++++ .../longhorn/ui-ingress/kustomization.yaml | 6 +++++ .../longhorn/ui-ingress/middleware.yaml | 22 ++++++++++++++++ infrastructure/traefik/clusterrole.yaml | 17 ++++++++++++ .../traefik/clusterrolebinding.yaml | 1 + infrastructure/traefik/deployment.yaml | 2 ++ infrastructure/traefik/kustomization.yaml | 1 + infrastructure/traefik/serviceaccount.yaml | 1 + scripts/jellyfin_manual_load.fish | 6 ++++- services/jellyfin/deployment.yaml | 2 +- services/jellyfin/loader.yaml | 2 +- services/vault/helmrelease.yaml | 1 + services/vault/ingress.yaml | 1 + services/vault/kustomization.yaml | 1 + services/vault/middleware.yaml | 1 + services/vault/namespace.yaml | 1 + services/vault/serverstransport.yaml | 1 + 18 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 infrastructure/flux-system/kustomization-longhorn-ui.yaml create mode 100644 infrastructure/longhorn/ui-ingress/ingress.yaml create mode 100644 infrastructure/longhorn/ui-ingress/kustomization.yaml create mode 100644 infrastructure/longhorn/ui-ingress/middleware.yaml diff --git a/infrastructure/flux-system/kustomization-longhorn-ui.yaml b/infrastructure/flux-system/kustomization-longhorn-ui.yaml new file mode 100644 index 0000000..f96944b --- /dev/null +++ b/infrastructure/flux-system/kustomization-longhorn-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: longhorn-ui + namespace: flux-system +spec: + interval: 10m + path: ./infrastructure/longhorn/ui-ingress + targetNamespace: longhorn-system + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + dependsOn: + - name: core + wait: true diff --git a/infrastructure/longhorn/ui-ingress/ingress.yaml b/infrastructure/longhorn/ui-ingress/ingress.yaml new file mode 100644 index 0000000..6250cfa --- /dev/null +++ b/infrastructure/longhorn/ui-ingress/ingress.yaml @@ -0,0 +1,26 @@ +# infrastructure/longhorn/ui-ingress/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: longhorn-system + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-longhorn-basicauth@kubernetescrd,longhorn-system-longhorn-headers@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: ["longhorn.bstein.dev"] + secretName: longhorn-tls + rules: + - host: longhorn.bstein.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: longhorn-frontend + port: + number: 80 diff --git a/infrastructure/longhorn/ui-ingress/kustomization.yaml b/infrastructure/longhorn/ui-ingress/kustomization.yaml new file mode 100644 index 0000000..551161f --- /dev/null +++ b/infrastructure/longhorn/ui-ingress/kustomization.yaml @@ -0,0 +1,6 @@ +# infrastructure/longhorn/ui-ingress/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - middlewares.yaml + - ingress.yaml diff --git a/infrastructure/longhorn/ui-ingress/middleware.yaml b/infrastructure/longhorn/ui-ingress/middleware.yaml new file mode 100644 index 0000000..c670cef --- /dev/null +++ b/infrastructure/longhorn/ui-ingress/middleware.yaml @@ -0,0 +1,22 @@ +# infrastructure/longhorn/ui-ingress/middleware.yaml +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: longhorn-basicauth + namespace: longhorn-system +spec: + basicAuth: + secret: longhorn-basic-auth + realm: "Longhorn Dashboard" + +--- + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: longhorn-headers + namespace: longhorn-system +spec: + headers: + customRequestHeaders: + X-Forwarded-Proto: "https" diff --git a/infrastructure/traefik/clusterrole.yaml b/infrastructure/traefik/clusterrole.yaml index 38fef27..52ed126 100644 --- a/infrastructure/traefik/clusterrole.yaml +++ b/infrastructure/traefik/clusterrole.yaml @@ -1,3 +1,4 @@ +# infrastructure/traefik/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -60,3 +61,19 @@ rules: - get - list - watch +- apiGroups: + - traefik.io + resources: + - middlewares + - ingressroutes + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + - serverstransports + - traefikservices + verbs: + - get + - list + - watch + diff --git a/infrastructure/traefik/clusterrolebinding.yaml b/infrastructure/traefik/clusterrolebinding.yaml index 4403a45..86941f3 100644 --- a/infrastructure/traefik/clusterrolebinding.yaml +++ b/infrastructure/traefik/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +# infrastructure/traefik/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/infrastructure/traefik/deployment.yaml b/infrastructure/traefik/deployment.yaml index 77f1d4e..35a1922 100644 --- a/infrastructure/traefik/deployment.yaml +++ b/infrastructure/traefik/deployment.yaml @@ -1,3 +1,4 @@ +# infrastructure/traefik/deployment.yaml apiVersion: v1 items: - apiVersion: apps/v1 @@ -30,6 +31,7 @@ items: containers: - args: - --providers.kubernetesIngress=true + - --providers.kubernetescrd=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --api.dashboard=true diff --git a/infrastructure/traefik/kustomization.yaml b/infrastructure/traefik/kustomization.yaml index 24a7f5e..ac7c74d 100644 --- a/infrastructure/traefik/kustomization.yaml +++ b/infrastructure/traefik/kustomization.yaml @@ -1,3 +1,4 @@ +# infrastructure/traefik/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: diff --git a/infrastructure/traefik/serviceaccount.yaml b/infrastructure/traefik/serviceaccount.yaml index d5fe199..c2b0907 100644 --- a/infrastructure/traefik/serviceaccount.yaml +++ b/infrastructure/traefik/serviceaccount.yaml @@ -1,3 +1,4 @@ +# infrastructure/traefik/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: diff --git a/scripts/jellyfin_manual_load.fish b/scripts/jellyfin_manual_load.fish index b8dcdf6..b4919e4 100755 --- a/scripts/jellyfin_manual_load.fish +++ b/scripts/jellyfin_manual_load.fish @@ -193,7 +193,11 @@ if test -n "$REMOTE_SUBDIR" end # --- rsync flags (robust/resumable/overwrite) --- -set -l RSYNC_FLAGS -a --progress --partial --inplace --append-verify --human-readable --exclude='.nfs*' --chmod=Du=rwx,Dgo=rwx,Fu=rw,Fgo=rw --timeout=60 --contimeout=30 +set -l RSYNC_FLAGS -a --progress --human-readable \ + --partial --partial-dir=.rsync-partial --delay-updates \ + --chmod=Du=rwx,Dgo=rwx,Fu=rw,Fgo=rw \ + --timeout=600 --contimeout=30 \ + --exclude='.nfs*' # --- perform copy --- set -l copy_ok 0 diff --git a/services/jellyfin/deployment.yaml b/services/jellyfin/deployment.yaml index b904d3a..5de81cf 100644 --- a/services/jellyfin/deployment.yaml +++ b/services/jellyfin/deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: app: jellyfin spec: - replicas: 1 + replicas: 0 strategy: type: RollingUpdate rollingUpdate: diff --git a/services/jellyfin/loader.yaml b/services/jellyfin/loader.yaml index 0da1759..58c53a8 100644 --- a/services/jellyfin/loader.yaml +++ b/services/jellyfin/loader.yaml @@ -9,7 +9,7 @@ spec: volumes: - name: media persistentVolumeClaim: - claimName: jellyfin-media + claimName: jellyfin-media-asteria containers: - name: toolbox image: alpine:3.19 diff --git a/services/vault/helmrelease.yaml b/services/vault/helmrelease.yaml index f1882f2..604d31c 100644 --- a/services/vault/helmrelease.yaml +++ b/services/vault/helmrelease.yaml @@ -1,3 +1,4 @@ +# services/vault/helmrelease.yaml apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: diff --git a/services/vault/ingress.yaml b/services/vault/ingress.yaml index b88e0ce..306556d 100644 --- a/services/vault/ingress.yaml +++ b/services/vault/ingress.yaml @@ -1,3 +1,4 @@ +# services/vault/helmrelease.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/services/vault/kustomization.yaml b/services/vault/kustomization.yaml index 8cf44dc..4c3fbc5 100644 --- a/services/vault/kustomization.yaml +++ b/services/vault/kustomization.yaml @@ -1,3 +1,4 @@ +# services/vault/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: vault diff --git a/services/vault/middleware.yaml b/services/vault/middleware.yaml index ced8d9c..0a41961 100644 --- a/services/vault/middleware.yaml +++ b/services/vault/middleware.yaml @@ -1,3 +1,4 @@ +# services/vault/middleware.yaml apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: diff --git a/services/vault/namespace.yaml b/services/vault/namespace.yaml index 0158c8f..4dd13a3 100644 --- a/services/vault/namespace.yaml +++ b/services/vault/namespace.yaml @@ -1,3 +1,4 @@ +# services/vault/namespace.yaml apiVersion: v1 kind: Namespace metadata: diff --git a/services/vault/serverstransport.yaml b/services/vault/serverstransport.yaml index 6ba3295..042aa43 100644 --- a/services/vault/serverstransport.yaml +++ b/services/vault/serverstransport.yaml @@ -1,3 +1,4 @@ +# services/vault/serverstransport.yaml apiVersion: traefik.io/v1alpha1 kind: ServersTransport metadata: