diff --git a/manifests/jackett.yaml b/manifests/jackett.yaml new file mode 100644 index 0000000..291897a --- /dev/null +++ b/manifests/jackett.yaml @@ -0,0 +1,114 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jackett +--- +apiVersion: v1 +kind: Secret +metadata: + name: jackett-auth + namespace: jackett + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jackett-auth + namespace: jackett + labels: + app: jackett-auth +spec: + replicas: 1 + selector: + matchLabels: + app: jackett-auth + template: + metadata: + labels: + app: jackett-auth + spec: + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://inlets.inlets.svc.cluster.local + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://jackett.cluster.fun/oauth2/callback + - --email-domain=* + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: jackett-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: jackett-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + memory: 50Mi + requests: + memory: 50Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: jackett-auth + namespace: jackett + labels: + app: jackett-auth +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: jackett-auth + type: ClusterIP +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: jackett-auth + namespace: jackett + labels: + app: jackett-auth + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + tls: + - hosts: + - jackett.cluster.fun + secretName: jackett-ingress + rules: + - host: jackett.cluster.fun + http: + paths: + - path: / + backend: + serviceName: jackett-auth + servicePort: 80 diff --git a/manifests/radarr.yaml b/manifests/radarr.yaml new file mode 100644 index 0000000..bfbcc75 --- /dev/null +++ b/manifests/radarr.yaml @@ -0,0 +1,114 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: radarr +--- +apiVersion: v1 +kind: Secret +metadata: + name: radarr-auth + namespace: radarr + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: radarr-auth + namespace: radarr + labels: + app: radarr-auth +spec: + replicas: 1 + selector: + matchLabels: + app: radarr-auth + template: + metadata: + labels: + app: radarr-auth + spec: + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://inlets.inlets.svc.cluster.local + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://radarr.cluster.fun/oauth2/callback + - --email-domain=* + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: radarr-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: radarr-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + memory: 50Mi + requests: + memory: 50Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: radarr-auth + namespace: radarr + labels: + app: radarr-auth +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: radarr-auth + type: ClusterIP +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: radarr-auth + namespace: radarr + labels: + app: radarr-auth + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + tls: + - hosts: + - radarr.cluster.fun + secretName: radarr-ingress + rules: + - host: radarr.cluster.fun + http: + paths: + - path: / + backend: + serviceName: radarr-auth + servicePort: 80 diff --git a/manifests/sonarr.yaml b/manifests/sonarr.yaml new file mode 100644 index 0000000..d3c7c21 --- /dev/null +++ b/manifests/sonarr.yaml @@ -0,0 +1,114 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sonarr +--- +apiVersion: v1 +kind: Secret +metadata: + name: sonarr-auth + namespace: sonarr + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sonarr-auth + namespace: sonarr + labels: + app: sonarr-auth +spec: + replicas: 1 + selector: + matchLabels: + app: sonarr-auth + template: + metadata: + labels: + app: sonarr-auth + spec: + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://inlets.inlets.svc.cluster.local + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://sonarr.cluster.fun/oauth2/callback + - --email-domain=* + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: sonarr-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: sonarr-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + memory: 50Mi + requests: + memory: 50Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: sonarr-auth + namespace: sonarr + labels: + app: sonarr-auth +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: sonarr-auth + type: ClusterIP +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: sonarr-auth + namespace: sonarr + labels: + app: sonarr-auth + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + tls: + - hosts: + - sonarr.cluster.fun + secretName: sonarr-ingress + rules: + - host: sonarr.cluster.fun + http: + paths: + - path: / + backend: + serviceName: sonarr-auth + servicePort: 80 diff --git a/manifests/transmission.yaml b/manifests/transmission.yaml new file mode 100644 index 0000000..c5dfe4d --- /dev/null +++ b/manifests/transmission.yaml @@ -0,0 +1,114 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: transmission +--- +apiVersion: v1 +kind: Secret +metadata: + name: transmission-auth + namespace: transmission + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: transmission-auth + namespace: transmission + labels: + app: transmission-auth +spec: + replicas: 1 + selector: + matchLabels: + app: transmission-auth + template: + metadata: + labels: + app: transmission-auth + spec: + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://inlets.inlets.svc.cluster.local + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://transmission.cluster.fun/oauth2/callback + - --email-domain=* + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: transmission-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: transmission-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + memory: 50Mi + requests: + memory: 50Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: transmission-auth + namespace: transmission + labels: + app: transmission-auth +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: transmission-auth + type: ClusterIP +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: transmission-auth + namespace: transmission + labels: + app: transmission-auth + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + tls: + - hosts: + - transmission.cluster.fun + secretName: transmission-ingress + rules: + - host: transmission.cluster.fun + http: + paths: + - path: / + backend: + serviceName: transmission-auth + servicePort: 80