diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index c9175c86..c1b28c23 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -17,4 +17,4 @@ resources: - ./nodered/ks.yaml - ./paperless/ks.yaml - ./firefly-iii/ks.yaml -# - ./valheim/ks.yaml + - ./valheim/ks.yaml diff --git a/kubernetes/apps/default/valheim/app/helmrelease.yaml b/kubernetes/apps/default/valheim/app/helmrelease.yaml index 1da394f4..364cb6c6 100644 --- a/kubernetes/apps/default/valheim/app/helmrelease.yaml +++ b/kubernetes/apps/default/valheim/app/helmrelease.yaml @@ -39,41 +39,45 @@ spec: tag: 3.0.4 env: TZ: "${TIMEZONE}" - NAME: "Shojkkborg" + NAME: "Shojkborg" WORLD: "Shokushkino" PUBLIC: "False" - TYPE: "ValheimPlus" + TYPE: "BepInEx" ENABLE_CROSSPLAY: "True" HTTP_PORT: &port 1025 AUTO_BACKUP: 1 AUTO_BACKUP_ON_UPDATE: 1 AUTO_BACKUP_ON_SHUTDOWN: 1 + ADDRESS: "127.0.0.1:2457" + # It MUST be a link with a command and a new line at the end to be valid. + MODS: | + https://thunderstore.io/package/download/ValheimModding/Jotunn/2.20.2/, + https://thunderstore.io/package/download/ValheimModding/HookGenPatcher/0.0.4/, + https://thunderstore.io/package/download/MathiasDecrock/PlanBuild/0.16.0/ + envFrom: - secretRef: name: valheim-secret probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /status - port: *port - initialDelaySeconds: 320 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: *probes + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false resources: requests: memory: 4Gi - cpu: 200m + cpu: 400m limits: memory: 7Gi service: app: controller: valheim + type: LoadBalancer + clusterIP: 10.96.0.30 # FIXME: Remove if/when playit supports hostname tunnel endpoints + annotations: + io.cilium/lb-ipam-ips: "${CLUSTER_LB_VALHEIM}" ports: http: port: *port diff --git a/kubernetes/apps/network/kustomization.yaml b/kubernetes/apps/network/kustomization.yaml index d527fd1a..f61a9af3 100644 --- a/kubernetes/apps/network/kustomization.yaml +++ b/kubernetes/apps/network/kustomization.yaml @@ -11,3 +11,4 @@ resources: - ./ingress-nginx/ks.yaml - ./k8s-gateway/ks.yaml - ./external-services/ks.yaml + - ./playit/ks.yaml diff --git a/kubernetes/apps/network/playit/app/dnsendpoint.yaml b/kubernetes/apps/network/playit/app/dnsendpoint.yaml new file mode 100644 index 00000000..609f887a --- /dev/null +++ b/kubernetes/apps/network/playit/app/dnsendpoint.yaml @@ -0,0 +1,15 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: playit +spec: + endpoints: + - dnsName: "play.${SECRET_DOMAIN}" + recordType: A + targets: [ '147.185.221.16' ] + # https://github.com/kubernetes-sigs/external-dns/issues/2418#issuecomment-987587518 + providerSpecific: + - name: external-dns.alpha.kubernetes.io/cloudflare-proxied + value: 'false' diff --git a/kubernetes/apps/network/playit/app/externalsecret.yaml b/kubernetes/apps/network/playit/app/externalsecret.yaml new file mode 100644 index 00000000..5cf23dd4 --- /dev/null +++ b/kubernetes/apps/network/playit/app/externalsecret.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/clustersecretstore_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: playit +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + refreshInterval: 15m + target: + name: playit-secret + template: + engineVersion: v2 + data: + playit.toml: | + api_url = "https://api.playit.cloud/agent" + ping_target_addresses = [] + control_address = "control.playit.gg" + refresh_from_api = true + api_refresh_rate = 5000 + ping_interval = 5000 + secret_key = "{{ .PLAYIT_SECRET_KEY }}" + mappings = [] + dataFrom: + - extract: + key: playit diff --git a/kubernetes/apps/network/playit/app/helmrelease.yaml b/kubernetes/apps/network/playit/app/helmrelease.yaml new file mode 100644 index 00000000..635bd15f --- /dev/null +++ b/kubernetes/apps/network/playit/app/helmrelease.yaml @@ -0,0 +1,65 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: playit +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.3.2 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + playit: + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: pepaondrugs/playitgg-docker + tag: v0.15.13@sha256:c48ac110afced4f8abd54d3586e8322022a0b8e8668b7ef5746137533d0724b5 + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 256Mi + defaultPodOptions: + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + persistence: + creds: + type: secret + name: playit-secret + globalMounts: + - path: /etc/playit/playit.toml + subPath: playit.toml + readOnly: false diff --git a/kubernetes/apps/network/playit/app/kustomization.yaml b/kubernetes/apps/network/playit/app/kustomization.yaml new file mode 100644 index 00000000..ce28656e --- /dev/null +++ b/kubernetes/apps/network/playit/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./dnsendpoint.yaml + - ./externalsecret.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/network/playit/ks.yaml b/kubernetes/apps/network/playit/ks.yaml new file mode 100644 index 00000000..3c8494e8 --- /dev/null +++ b/kubernetes/apps/network/playit/ks.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app playit + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-dns-cloudflare + - name: external-secrets-stores + path: ./kubernetes/apps/network/playit/app + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/flux/vars/cluster-settings.yaml b/kubernetes/flux/vars/cluster-settings.yaml index 3b0c3785..ad46944b 100644 --- a/kubernetes/flux/vars/cluster-settings.yaml +++ b/kubernetes/flux/vars/cluster-settings.yaml @@ -14,6 +14,7 @@ data: CLUSTER_LB_QBITTORRENT: "192.168.20.64" CLUSTER_LB_PLEX: "192.168.20.65" CLUSTER_LB_VECTOR: "192.168.20.66" + CLUSTER_LB_VALHEIM: "192.168.20.67" NAS_URL: "192.168.20.5" RPI_URL: "192.168.20.3" NAS_PATH: "/volume1/kubernetes"