From 9e659b790ba342e7106aeca5fc7e9f209a7bd20f Mon Sep 17 00:00:00 2001 From: jenkins Date: Tue, 5 May 2026 06:31:09 -0300 Subject: [PATCH] recovery(post-outage): restore jellyfin and maintenance sync --- services/jellyfin/deployment.yaml | 31 ++++++++----------- .../vault/scripts/vault_k8s_auth_configure.sh | 2 +- 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/services/jellyfin/deployment.yaml b/services/jellyfin/deployment.yaml index fe847434..ea50685c 100644 --- a/services/jellyfin/deployment.yaml +++ b/services/jellyfin/deployment.yaml @@ -77,23 +77,26 @@ spec: mountPath: /config affinity: nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: longhorn-host + operator: In + values: + - "true" + - key: node-role.kubernetes.io/worker + operator: In + values: + - "true" preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - - key: kubernetes.io/hostname + - key: hardware operator: In values: - - titan-22 + - rpi5 - weight: 80 - preference: - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - titan-20 - - titan-21 - - weight: 60 preference: matchExpressions: - key: kubernetes.io/hostname @@ -105,7 +108,6 @@ spec: fsGroup: 65532 fsGroupChangePolicy: OnRootMismatch runAsGroup: 65532 - runtimeClassName: nvidia containers: - name: jellyfin image: docker.io/jellyfin/jellyfin:10.11.5 @@ -118,8 +120,6 @@ spec: - name: http containerPort: 8096 env: - - name: NVIDIA_DRIVER_CAPABILITIES - value: "compute,video,utility" - name: JELLYFIN_PublishedServerUrl value: "https://stream.bstein.dev" - name: PUID @@ -131,12 +131,7 @@ spec: - name: VAULT_COPY_FILES value: /vault/secrets/ldap-config.xml:/config/plugins/configurations/LDAP-Auth.xml resources: - limits: - nvidia.com/gpu.shared: 1 - # cpu: "4" - # memory: 8Gi requests: - nvidia.com/gpu.shared: 1 cpu: "500m" memory: 1Gi volumeMounts: diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh index 1a8efc58..6c7772d8 100644 --- a/services/vault/scripts/vault_k8s_auth_configure.sh +++ b/services/vault/scripts/vault_k8s_auth_configure.sh @@ -237,7 +237,7 @@ write_policy_and_role "crypto" "crypto" "crypto-vault-sync" \ write_policy_and_role "health" "health" "health-vault-sync" \ "health/*" "" write_policy_and_role "maintenance" "maintenance" "ariadne,maintenance-vault-sync,metis" \ - "maintenance/ariadne-db maintenance/metis-oidc maintenance/soteria-oidc maintenance/metis-ssh-keys maintenance/metis-runtime portal/atlas-portal-db portal/bstein-dev-home-keycloak-admin mailu/mailu-db-secret mailu/mailu-initial-account-secret nextcloud/nextcloud-db nextcloud/nextcloud-admin health/wger-admin finance/firefly-secrets comms/mas-admin-client-runtime comms/atlasbot-credentials-runtime comms/synapse-db comms/synapse-admin vault/vault-oidc-config shared/harbor-pull harbor/harbor-core" "" \ + "maintenance/ariadne-db maintenance/metis-oidc maintenance/soteria-oidc maintenance/metis-ssh-keys maintenance/metis-runtime portal/atlas-portal-db portal/bstein-dev-home-keycloak-admin mailu/mailu-db-secret mailu/mailu-initial-account-secret nextcloud/nextcloud-db nextcloud/nextcloud-admin health/wger-admin finance/firefly-secrets comms/mas-admin-client-runtime comms/atlasbot-credentials-runtime comms/synapse-db comms/synapse-admin vault/vault-oidc-config shared/harbor-pull shared/soteria-restic harbor/harbor-core" "" \ ' path "kv/data/atlas/nodes/*" { capabilities = ["read"]