feat(valheim): valheim round 2

kubernetes/apps/default/kustomization.yaml

@@ -17,4 +17,4 @@ resources:
   - ./nodered/ks.yaml
   - ./paperless/ks.yaml
   - ./firefly-iii/ks.yaml
-#  - ./valheim/ks.yaml
+  - ./valheim/ks.yaml

kubernetes/apps/default/valheim/app/helmrelease.yaml

@@ -39,41 +39,45 @@ spec:
               tag: 3.0.4
             env:
               TZ: "${TIMEZONE}"
-              NAME: "Shojkkborg"
+              NAME: "Shojkborg"
               WORLD: "Shokushkino"
               PUBLIC: "False"
-              TYPE: "ValheimPlus"
+              TYPE: "BepInEx"
               ENABLE_CROSSPLAY: "True"
               HTTP_PORT: &port 1025
               AUTO_BACKUP: 1
               AUTO_BACKUP_ON_UPDATE: 1
               AUTO_BACKUP_ON_SHUTDOWN: 1
+              ADDRESS: "127.0.0.1:2457"
+              # It MUST be a link with a command and a new line at the end to be valid.
+              MODS: |
+                https://thunderstore.io/package/download/ValheimModding/Jotunn/2.20.2/,
+                https://thunderstore.io/package/download/ValheimModding/HookGenPatcher/0.0.4/,
+                https://thunderstore.io/package/download/MathiasDecrock/PlanBuild/0.16.0/
+
             envFrom:
               - secretRef:
                   name: valheim-secret
             probes:
-              liveness: &probes
-                enabled: true
-                custom: true
-                spec:
-                  httpGet:
-                    path: /status
-                    port: *port
-                  initialDelaySeconds: 320
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-                  failureThreshold: 3
-              readiness: *probes
-              startup: *probes
+              liveness:
+                enabled: false
+              readiness:
+                enabled: false
+              startup:
+                enabled: false
             resources:
               requests:
                 memory: 4Gi
-                cpu: 200m
+                cpu: 400m
               limits:
                 memory: 7Gi
     service:
       app:
         controller: valheim
+        type: LoadBalancer
+        clusterIP: 10.96.0.30 # FIXME: Remove if/when playit supports hostname tunnel endpoints
+        annotations:
+          io.cilium/lb-ipam-ips: "${CLUSTER_LB_VALHEIM}"
         ports:
           http:
             port: *port

kubernetes/apps/network/kustomization.yaml

@@ -11,3 +11,4 @@ resources:
   - ./ingress-nginx/ks.yaml
   - ./k8s-gateway/ks.yaml
   - ./external-services/ks.yaml
+  - ./playit/ks.yaml

kubernetes/apps/network/playit/app/dnsendpoint.yaml

@@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: playit
+spec:
+  endpoints:
+    - dnsName: "play.${SECRET_DOMAIN}"
+      recordType: A
+      targets: [ '147.185.221.16' ]
+      # https://github.com/kubernetes-sigs/external-dns/issues/2418#issuecomment-987587518
+      providerSpecific:
+        - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+          value: 'false'

kubernetes/apps/network/playit/app/externalsecret.yaml

@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/clustersecretstore_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: playit
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  refreshInterval: 15m
+  target:
+    name: playit-secret
+    template:
+      engineVersion: v2
+      data:
+        playit.toml: |
+          api_url = "https://api.playit.cloud/agent"
+          ping_target_addresses = []
+          control_address = "control.playit.gg"
+          refresh_from_api = true
+          api_refresh_rate = 5000
+          ping_interval = 5000
+          secret_key = "{{ .PLAYIT_SECRET_KEY }}"
+          mappings = []
+  dataFrom:
+    - extract:
+        key: playit

kubernetes/apps/network/playit/app/helmrelease.yaml

@@ -0,0 +1,65 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: playit
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.3.2
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      playit:
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: pepaondrugs/playitgg-docker
+              tag: v0.15.13@sha256:c48ac110afced4f8abd54d3586e8322022a0b8e8668b7ef5746137533d0724b5
+            probes:
+              liveness:
+                enabled: false
+              readiness:
+                enabled: false
+              startup:
+                enabled: false
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 256Mi
+    defaultPodOptions:
+      securityContext:
+        runAsUser: 568
+        runAsGroup: 568
+        fsGroup: 568
+        fsGroupChangePolicy: OnRootMismatch
+    persistence:
+      creds:
+        type: secret
+        name: playit-secret
+        globalMounts:
+          - path: /etc/playit/playit.toml
+            subPath: playit.toml
+            readOnly: false

kubernetes/apps/network/playit/app/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./dnsendpoint.yaml
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml

kubernetes/apps/network/playit/ks.yaml

@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app playit
+  namespace: flux-system
+spec:
+  targetNamespace: network
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-dns-cloudflare
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/network/playit/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

kubernetes/flux/vars/cluster-settings.yaml

@@ -14,6 +14,7 @@ data:
   CLUSTER_LB_QBITTORRENT: "192.168.20.64"
   CLUSTER_LB_PLEX: "192.168.20.65"
   CLUSTER_LB_VECTOR: "192.168.20.66"
+  CLUSTER_LB_VALHEIM: "192.168.20.67"
   NAS_URL: "192.168.20.5"
   RPI_URL: "192.168.20.3"
   NAS_PATH: "/volume1/kubernetes"