install jellyfin

infrastructure/core/daemonsets/device-plugin-jetson/daemonset.yaml

@@ -0,0 +1,47 @@
+# infrastructure/core/daemonsets/device-plugin-jetson/daemonset.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nvidia-device-plugin-jetson
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: nvidia-device-plugin
+    app.kubernetes.io/instance: jetson
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: nvidia-device-plugin
+      app.kubernetes.io/instance: jetson
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: nvidia-device-plugin
+        app.kubernetes.io/instance: jetson
+    spec:
+      nodeSelector:
+        kubernetes.io/arch: arm64
+        jetson: "true"
+      tolerations:
+        - operator: Exists
+      priorityClassName: system-node-critical
+      containers:
+        - name: nvidia-device-plugin-ctr
+          image: nvcr.io/nvidia/k8s-device-plugin:v0.16.2
+          imagePullPolicy: IfNotPresent
+          args:
+            - "--fail-on-init-error=false"
+            - "--device-list-strategy=envvar,cdi"
+          securityContext:
+            privileged: true
+          env:
+            - name: NVIDIA_VISIBLE_DEVICES
+              value: "all"
+            - name: NVIDIA_DRIVER_CAPABILITIES
+              value: "compute,video,utility"
+          volumeMounts:
+            - name: device-plugin
+              mountPath: /var/lib/kubelet/device-plugins
+      volumes:
+        - name: device-plugin
+          hostPath:
+            path: /var/lib/kubelet/device-plugins

infrastructure/core/daemonsets/device-plugin-jetson/kustomization.yaml

@@ -0,0 +1,4 @@
+# infrastructure/core/daemonsets/device-plugin-jetson/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: [daemonset.yaml]

infrastructure/core/daemonsets/device-plugin-minipc/daemonset.yaml

@@ -0,0 +1,47 @@
+# infrastructure/core/daemonsets/device-plugin-minipc/daemonset.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nvidia-device-plugin-minipc
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: nvidia-device-plugin
+    app.kubernetes.io/instance: titan22
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: nvidia-device-plugin
+      app.kubernetes.io/instance: titan22
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: nvidia-device-plugin
+        app.kubernetes.io/instance: titan22
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: titan-22
+        kubernetes.io/arch: amd64
+      tolerations:
+        - operator: Exists
+      priorityClassName: system-node-critical
+      containers:
+        - name: nvidia-device-plugin-ctr
+          image: nvcr.io/nvidia/k8s-device-plugin:v0.16.2
+          imagePullPolicy: IfNotPresent
+          args:
+            - "--fail-on-init-error=false"
+            - "--device-list-strategy=envvar,cdi"
+          securityContext:
+            privileged: true
+          env:
+            - name: NVIDIA_VISIBLE_DEVICES
+              value: "all"
+            - name: NVIDIA_DRIVER_CAPABILITIES
+              value: "compute,video,utility"
+          volumeMounts:
+            - name: device-plugin
+              mountPath: /var/lib/kubelet/device-plugins
+      volumes:
+        - name: device-plugin
+          hostPath:
+            path: /var/lib/kubelet/device-plugins

infrastructure/core/daemonsets/device-plugin-minipc/kustomization.yaml

@@ -0,0 +1,4 @@
+# infrastructure/core/daemonsets/device-plugin-minipc/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: [daemonset.yaml]

infrastructure/core/daemonsets/kustomization-device-plugin-jetson.yaml

@@ -0,0 +1,15 @@
+# infrastructure/core/daemonsets/kustomization-device-plugin-jetson.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: nvidia-device-plugin-jetson
+  namespace: flux-system
+spec:
+  suspend: true
+  interval: 10m
+  path: ./infrastructure/core/daemonsets/device-plugin-jetson
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system

infrastructure/core/daemonsets/kustomization-device-plugin-minipc.yaml

@@ -0,0 +1,15 @@
+# infrastructure/core/daemonsets/kustomization-device-plugin-minipc.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: nvidia-device-plugin-minipc
+  namespace: flux-system
+spec:
+  suspend: false
+  interval: 10m
+  path: ./infrastructure/core/daemonsets/device-plugin-minipc
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system

infrastructure/core/kustomization.yaml

@@ -2,6 +2,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - sc-asteria.yaml
-  - sc-astreae.yaml
-  - pc-scavenger.yaml  
+  - ./storageclass/kustomization.yaml
+  - ./priorityclass/kustomization.yaml
+  - ./daemonsets/kustomization-device-plugin-minipc.yaml
+  - ./daemonsets/kustomization-device-plugin-jetson.yaml

infrastructure/core/priorityclass/kustomization.yaml

@@ -0,0 +1,5 @@
+# infrastructure/core/priorityclass/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - scavenger.yaml

infrastructure/core/priorityclass/scavenger.yaml

@@ -1,4 +1,4 @@
-# infrastructure/core/pc-scavenger.yaml
+# infrastructure/core/priorityclass/scavenger.yaml
 apiVersion: scheduling.k8s.io/v1
 kind: PriorityClass
 metadata:

infrastructure/core/storageclass/asteria.yaml

@@ -1,4 +1,4 @@
-# infrastructure/core/sc-asteria.yaml
+# infrastructure/core/storageclass/asteria.yaml
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:

infrastructure/core/storageclass/astreae.yaml

@@ -1,4 +1,4 @@
-# infrastructure/core/sc-astreae.yaml
+# infrastructure/core/storageclass/astreae.yaml
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:

infrastructure/core/storageclass/kustomization.yaml

@@ -0,0 +1,6 @@
+# infrastructure/core/storageclass/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - asteria.yaml
+  - astreae.yaml

infrastructure/flux-system/kustomization-helm.yaml

@@ -1,3 +1,4 @@
+# infrastructure/flux-system/kustomization-helm.yaml
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

infrastructure/flux-system/kustomization-jellyfin.yaml

@@ -0,0 +1,19 @@
+# infrastructure/flux-system/kustomization-jellyfin.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: jellyfin
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./services/jellyfin
+  targetNamespace: jellyfin
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  dependsOn:
+    - name: core
+  wait: true
+  timeout: 5m

infrastructure/flux-system/kustomization-vault.yaml

@@ -1,3 +1,4 @@
+# infrastructure/flux-system/kustomization-vault.yaml
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

infrastructure/flux-system/kustomization.yaml

@@ -11,4 +11,5 @@ resources:
 - kustomization-vault.yaml
 - kustomization-crypto.yaml
 - kustomization-monerod.yaml
+- kustomization-jellyfin.yaml
 - kustomization-xmr-miner.yaml

services/jellyfin/deployment.yaml

@@ -0,0 +1,62 @@
+# services/jellyfin/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+  labels:
+    app: jellyfin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jellyfin
+  template:
+    metadata:
+      labels:
+        app: jellyfin
+    spec:
+      nodeSelector:
+        jellyfin: "true"
+      runtimeClassName: nvidia
+      containers:
+        - name: jellyfin
+          image: docker.io/jellyfin/jellyfin:2025082505
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8096
+          env:
+            - name: NVIDIA_DRIVER_CAPABILITIES
+              value: "compute,video,utility"
+            - name: JELLYFIN_PublishedServerUrl
+              value: "https://stream.bstein.dev"
+          resources:
+            limits:
+              nvidia.com/gpu: 1
+            #   cpu: "4"
+            #   memory: 8Gi
+            requests:
+              nvidia.com/gpu: 1
+              cpu: "500m"
+              memory: 1Gi
+          volumeMounts:
+            - name: config
+              mountPath: /config
+            - name: cache
+              mountPath: /cache
+            - name: media
+              mountPath: /media
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: false
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: jellyfin-config
+        - name: cache
+          persistentVolumeClaim:
+            claimName: jellyfin-cache
+        - name: media
+          persistentVolumeClaim:
+            claimName: jellyfin-media

services/jellyfin/ingress.yaml

@@ -0,0 +1,24 @@
+# services/jellyfin/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: stream.bstein.dev
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: jellyfin
+                port:
+                  number: 80
+  tls:
+    - hosts: [stream.bstein.dev]
+      secretName: jellyfin-tls

services/jellyfin/kustomization.yaml

@@ -0,0 +1,10 @@
+# services/jellyfin/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - ingress.yaml
+  - runtimeclass.yaml

services/jellyfin/namespace.yaml

@@ -0,0 +1,5 @@
+# services/jellyfin/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jellyfin

services/jellyfin/pvc.yaml

@@ -0,0 +1,37 @@
+# services/jellyfin/pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jellyfin-config
+  namespace: jellyfin
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jellyfin-cache
+  namespace: jellyfin
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 50Gi
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jellyfin-media
+  namespace: jellyfin
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 1Ti

services/jellyfin/runtimeclass.yaml

@@ -0,0 +1,6 @@
+# services/jellyfin/runtimeclass.yaml
+apiVersion: node.k8s.io/v1
+kind: RuntimeClass
+metadata:
+  name: nvidia
+handler: nvidia

services/jellyfin/service.yaml

@@ -0,0 +1,14 @@
+# services/jellyfin/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+spec:
+  type: ClusterIP
+  selector:
+    app: jellyfin
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8096