From 024dd3357e8f66903a2297deec35817c24392adb Mon Sep 17 00:00:00 2001
From: Jason Gilfoil <jgilfoil@gmail.com>
Date: Thu, 29 Feb 2024 18:40:05 +0000
Subject: [PATCH] deploy overseer

---
 .../apps/media/overseerr/app/helmrelease.yaml | 109 ++++++++++++++++++
 .../media/overseerr/app/kustomization.yaml    |   6 +
 kubernetes/apps/media/overseerr/ks.yaml       |  31 +++++
 3 files changed, 146 insertions(+)
 create mode 100644 kubernetes/apps/media/overseerr/app/helmrelease.yaml
 create mode 100644 kubernetes/apps/media/overseerr/app/kustomization.yaml
 create mode 100644 kubernetes/apps/media/overseerr/ks.yaml

diff --git a/kubernetes/apps/media/overseerr/app/helmrelease.yaml b/kubernetes/apps/media/overseerr/app/helmrelease.yaml
new file mode 100644
index 00000000..89c5323d
--- /dev/null
+++ b/kubernetes/apps/media/overseerr/app/helmrelease.yaml
@@ -0,0 +1,109 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: overseerr
+  namespace: ${NAMESPACE}
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  dependsOn:
+    - name: rook-ceph-cluster
+      namespace: rook-ceph
+    - name: volsync
+      namespace: storage
+    - name: vpn-gateway
+      namespace: network
+  values:
+    defaultPodOptions:
+      annotations:
+        setGateway: "true"
+    controllers:
+      main:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          main:
+            image:
+              repository: ghcr.io/sct/overseerr
+              tag: 1.33.2@sha256:714ea6db2bc007a2262d112bef7eec74972eb33d9c72bddb9cbd98b8742de950
+            env:
+              TZ: "America/Denver"
+              LOG_LEVEL: "info"
+              PORT: &port 80
+            probes:
+              liveness: &probes
+                enabled: false
+                custom: true
+                exec:
+                  command:
+                    - sh
+                    - -c
+                    - "if [ \"$(wget -q -O- http://localhost/api/v1/status | jq -r '.status')\" = 'OK' ]; then exit 0; else exit 1; fi"
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+              startup:
+                enabled: false
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                memory: 250Mi
+                cpu: 100m
+              limits:
+                memory: 750Mi
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            runAsNonRoot: true
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      main:
+        ports:
+          http:
+            port: *port
+    ingress:
+      main:
+        enabled: true
+        className: internal
+        hosts:
+          - host: &host overseerr.${SECRET_DOMAIN}
+            paths:
+              - path: /
+                service:
+                  name: main
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        enabled: true
+        existingClaim: overseerr
+        globalMounts:
+          - path: /app/config
+      tmp:
+        type: emptyDir
diff --git a/kubernetes/apps/media/overseerr/app/kustomization.yaml b/kubernetes/apps/media/overseerr/app/kustomization.yaml
new file mode 100644
index 00000000..c05e07c2
--- /dev/null
+++ b/kubernetes/apps/media/overseerr/app/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml
+  - ../../../../templates/volsync
diff --git a/kubernetes/apps/media/overseerr/ks.yaml b/kubernetes/apps/media/overseerr/ks.yaml
new file mode 100644
index 00000000..5306b617
--- /dev/null
+++ b/kubernetes/apps/media/overseerr/ks.yaml
@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app overseerr
+  namespace: flux-system
+spec:
+  targetNamespace: &namespace media
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/media/overseerr/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 5m30s
+  timeout: 5m
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substitute:
+      APP: *app
+      NAMESPACE: *namespace
+      VOLSYNC_CAPACITY: 1Gi
+      VOLSYNC_CACHE_CAPCITY: 1Gi