mirror of
https://github.com/truenas/charts.git
synced 2026-05-11 19:16:17 +08:00
358 lines
13 KiB
YAML
358 lines
13 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "plex.fullname" . }}
|
|
labels:
|
|
{{- include "plex.labels" . | nindent 4 }}
|
|
{{- if .Values.deploymentAnnotations }}
|
|
annotations:
|
|
{{- range $key, $value := .Values.deploymentAnnotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
spec:
|
|
replicas: 1
|
|
revisionHistoryLimit: 3
|
|
strategy:
|
|
type: {{ .Values.strategyType }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "plex.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "plex.selectorLabels" . | nindent 8 }}
|
|
{{- if .Values.podAnnotations }}
|
|
annotations:
|
|
{{- range $key, $value := .Values.podAnnotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.hostNetwork }}
|
|
hostNetwork: {{ .Values.hostNetwork }}
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
{{- end }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
{{- if .Values.certificate.pkcsMangler.enabled }}
|
|
initContainers:
|
|
# This is ugly, but it does work to create a pks file that will work with PLEX from the tls.crt and tls.key that cert-manager normally creates
|
|
{{- if .Values.certificate.pkcsMangler.enabled }}
|
|
- name: pkcsmangler-init-container
|
|
image: "{{ .Values.certificate.pkcsMangler.image.repository }}:{{ .Values.certificate.pkcsMangler.image.tag }}"
|
|
imagePullPolicy: Always
|
|
command: ["/bin/sh"]
|
|
args: ["-c", "openssl pkcs12 -export -passout pass:$(PKCSMANGLER_PFXPASSWORD) -out /shared/cert.pfx -inkey {{ .Values.certificate.pkcsMangler.certificateSecret.volume.mountPath }}/{{ .Values.certificate.pkcsMangler.certificateSecret.keyName }} -in {{ .Values.certificate.pkcsMangler.certificateSecret.volume.mountPath }}/{{ .Values.certificate.pkcsMangler.certificateSecret.crtName }}; chmod 0444 /shared/cert.pfx"]
|
|
env:
|
|
- name: "PKCSMANGLER_PFXPASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.certificate.pkcsMangler.pfxPassword.secretName }}
|
|
key: {{ .Values.certificate.pkcsMangler.pfxPassword.passwordKey }}
|
|
volumeMounts:
|
|
- name: shared
|
|
mountPath: /shared
|
|
- name: {{ .Values.certificate.pkcsMangler.certificateSecret.volume.name }}
|
|
mountPath: {{ .Values.certificate.pkcsMangler.certificateSecret.volume.mountPath }}
|
|
{{- end }}
|
|
{{- end }}
|
|
containers:
|
|
{{- if .Values.logging.promtail.enabled }}
|
|
- name: {{ .Chart.Name }}-promtail
|
|
image: "{{ .Values.logging.promtail.image.repository }}:{{ .Values.logging.promtail.image.tag }}"
|
|
imagePullPolicy: {{ .Values.logging.promtail.image.pullPolicy }}
|
|
args:
|
|
- -config.file=/etc/promtail/promtail.yaml
|
|
volumeMounts:
|
|
- name: promtail-config
|
|
mountPath: /etc/promtail/promtail.yaml
|
|
subPath: promtail.yaml
|
|
readOnly: true
|
|
- name: shared-logs
|
|
mountPath: /plex-logs
|
|
{{- end }}
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
ports:
|
|
- name: pms
|
|
protocol: TCP
|
|
containerPort: 32400
|
|
- name: plex-dlna
|
|
protocol: TCP
|
|
containerPort: 32469
|
|
- name: plex-dlna-udp
|
|
protocol: UDP
|
|
containerPort: 1900
|
|
- name: plex-gdm1
|
|
protocol: UDP
|
|
containerPort: 32410
|
|
- name: plex-gdm2
|
|
protocol: UDP
|
|
containerPort: 32412
|
|
- name: plex-gdm3
|
|
protocol: UDP
|
|
containerPort: 32413
|
|
- name: plex-gdm4
|
|
protocol: UDP
|
|
containerPort: 32414
|
|
env:
|
|
- name: TZ
|
|
value: "{{ .Values.timezone }}"
|
|
# TODO: move this to a secret?
|
|
- name: PLEX_CLAIM
|
|
value: "{{ .Values.claimToken }}"
|
|
# plex env vars
|
|
- name: PMS_INTERNAL_ADDRESS
|
|
value: http://{{ template "plex.fullname" . }}:32400
|
|
- name: PMS_IMAGE
|
|
value: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
- name: KUBE_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: TRANSCODE_PVC
|
|
{{- if .Values.persistence.transcode.claimName }}
|
|
value: "{{ .Values.persistence.transcode.claimName }}"
|
|
{{- else }}
|
|
value: "{{ template "plex.fullname" . }}-transcode"
|
|
{{- end }}
|
|
{{- if .Values.persistence.data.enabled }}
|
|
- name: DATA_PVC
|
|
{{- if .Values.persistence.data.claimName }}
|
|
value: "{{ .Values.persistence.data.claimName }}"
|
|
{{- else }}
|
|
value: "{{ template "plex.fullname" . }}-data"
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: CONFIG_PVC
|
|
{{- if .Values.persistence.config.claimName }}
|
|
value: "{{ .Values.persistence.config.claimName }}"
|
|
{{- else }}
|
|
value: "{{ template "plex.fullname" . }}-config"
|
|
{{- end }}
|
|
{{- if .Values.proxy.enabled }}
|
|
{{- if .Values.proxy.http }}
|
|
- name: "HTTP_PROXY"
|
|
value: "{{.Values.proxy.http}}"
|
|
{{- end }}
|
|
{{- if .Values.proxy.https }}
|
|
- name: "HTTPS_PROXY"
|
|
value: "{{.Values.proxy.https}}"
|
|
{{- end }}
|
|
{{- if .Values.proxy.noproxy }}
|
|
- name: "NO_PROXY"
|
|
value: "{{.Values.proxy.noproxy}}"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.advertiseIp }}
|
|
- name: "ADVERTISE_IP"
|
|
value: "{{.Values.advertiseIp}}"
|
|
{{- end }}
|
|
{{- if .Values.changeConfigDirOwnership }}
|
|
- name: "CHANGE_CONFIG_DIR_OWNERSHIP"
|
|
value: "{{.Values.changeConfigDirOwnership}}"
|
|
{{- end }}
|
|
{{- if .Values.allowedNetworks }}
|
|
- name: "ALLOWED_NETWORKS"
|
|
value: "{{include "joinListWithComma" .Values.allowedNetworks}}"
|
|
{{- end }}
|
|
{{- if .Values.plexUid }}
|
|
- name: "PLEX_UID"
|
|
value: "{{.Values.plexUid}}"
|
|
{{- end }}
|
|
{{- if .Values.plexGid }}
|
|
- name: "PLEX_GID"
|
|
value: "{{.Values.plexGid}}"
|
|
{{- end }}
|
|
# Extra ENV Values supplied by user
|
|
{{- range $key, $value := .Values.extraEnv }}
|
|
- name: {{ $key }}
|
|
value: {{ $value }}
|
|
{{- end }}
|
|
# This is part of pkcsMangler
|
|
{{- if .Values.certificate.pkcsMangler.enabled }}
|
|
- name: "PKCSMANGLER_PFXINCONTAINERPATH"
|
|
value: "{{.Values.certificate.pkcsMangler.pfxInContainerPath}}"
|
|
{{- if .Values.certificate.pkcsMangler.setPlexPreferences.enabled }}
|
|
- name: "PKCSMANGLER_PFXPASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.certificate.pkcsMangler.pfxPassword.secretName }}
|
|
key: {{ .Values.certificate.pkcsMangler.pfxPassword.passwordKey }}
|
|
- name: "PKCSMANGLER_CUSTOMCERTDOMAIN"
|
|
value: "customCertificateDomain={{.Values.certificate.pkcsMangler.setPlexPreferences.customCertificateDomain}}"
|
|
{{- end }}
|
|
{{- end }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /identity
|
|
port: 32400
|
|
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
|
|
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /identity
|
|
port: 32400
|
|
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
|
|
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
|
|
startupProbe:
|
|
httpGet:
|
|
path: /identity
|
|
port: 32400
|
|
initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
|
|
failureThreshold: {{ .Values.probes.startup.failureThreshold }}
|
|
periodSeconds: {{ .Values.probes.startup.periodSeconds }}
|
|
volumeMounts:
|
|
{{- if .Values.persistence.data.enabled }}
|
|
- name: data
|
|
mountPath: /data
|
|
{{- if .Values.persistence.data.subPath }}
|
|
subPath: {{ .Values.persistence.data.subPath }}
|
|
{{ end }}
|
|
{{ end }}
|
|
- name: config
|
|
mountPath: /config
|
|
{{- if .Values.persistence.config.subPath }}
|
|
subPath: {{ .Values.persistence.config.subPath }}
|
|
{{ end }}
|
|
- name: transcode
|
|
mountPath: /transcode
|
|
{{- if .Values.persistence.transcode.subPath }}
|
|
subPath: {{ .Values.persistence.transcode.subPath }}
|
|
{{ end }}
|
|
{{- range .Values.persistence.extraData }}
|
|
- mountPath: "/data-{{ .name }}"
|
|
{{- if .subPath }}
|
|
subPath: {{ .subPath }}
|
|
{{ end }}
|
|
name: "extradata-{{ .name }}"
|
|
{{- end }}
|
|
{{- range .Values.persistence.extraMounts }}
|
|
{{- if .mountPath }}
|
|
- mountPath: /{{ .mountPath }}
|
|
{{- else }}
|
|
- mountPath: /{{ .name }}
|
|
{{- end }}
|
|
{{- if .subPath }}
|
|
subPath: {{ .subPath }}
|
|
{{ end }}
|
|
name: {{ .name }}
|
|
{{- end }}
|
|
- name: shared
|
|
mountPath: /shared
|
|
- name: shared-logs
|
|
mountPath: "/config/Library/Application Support/Plex Media Server/Logs"
|
|
{{- if .Values.plexPreferences.enabled }}
|
|
- name: {{ .Values.plexPreferences.volume.name }}
|
|
mountPath: {{ .Values.plexPreferences.volume.mountPath }}
|
|
subPath: {{ .Values.plexPreferences.volume.subPath }}
|
|
{{- end }}
|
|
{{- if .Values.certificate.pkcsMangler.enabled }}
|
|
- name: {{ .Values.certificate.pkcsMangler.volume.name }}
|
|
mountPath: {{ .Values.certificate.pkcsMangler.volume.mountPath }}
|
|
subPath: {{ .Values.certificate.pkcsMangler.volume.subPath }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
##### VOLUMES START #####
|
|
volumes:
|
|
{{- if .Values.persistence.data.enabled }}
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
{{- if .Values.persistence.data.claimName }}
|
|
claimName: "{{ .Values.persistence.data.claimName }}"
|
|
{{- else }}
|
|
claimName: "{{ template "plex.fullname" . }}-data"
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: config
|
|
persistentVolumeClaim:
|
|
{{- if .Values.persistence.config.claimName }}
|
|
claimName: "{{ .Values.persistence.config.claimName }}"
|
|
{{- else }}
|
|
claimName: "{{ template "plex.fullname" . }}-config"
|
|
{{- end }}
|
|
- name: transcode
|
|
{{- if .Values.persistence.transcode.enabled }}
|
|
persistentVolumeClaim:
|
|
{{- if .Values.persistence.transcode.claimName }}
|
|
claimName: "{{ .Values.persistence.transcode.claimName }}"
|
|
{{- else }}
|
|
claimName: "{{ template "plex.fullname" . }}-transcode"
|
|
{{- end }}
|
|
{{- else }}
|
|
{{- if .Values.persistence.transcode.emptyDir.medium }}
|
|
emptyDir:
|
|
medium: "{{ .Values.persistence.transcode.emptyDir.medium }}"
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- range .Values.persistence.extraData }}
|
|
- name: "extradata-{{ .name }}"
|
|
persistentVolumeClaim:
|
|
{{- if .claimName }}
|
|
claimName: "{{ .claimName }}"
|
|
{{- else }}
|
|
claimName: "extradata-{{ .name }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- range .Values.persistence.extraMounts }}
|
|
{{- if .claimName }}
|
|
- name: {{ .name }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .claimName }}
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: shared
|
|
emptyDir: {}
|
|
- name: shared-logs
|
|
emptyDir: {}
|
|
{{- if .Values.plexPreferences.enabled }}
|
|
- name: {{ .Values.plexPreferences.volume.name }}
|
|
configMap:
|
|
name: {{ .Values.plexPreferences.configmap.name }}
|
|
defaultMode: {{ .Values.plexPreferences.volume.defaultMode }}
|
|
{{- end }}
|
|
{{- if .Values.certificate.pkcsMangler.enabled }}
|
|
- name: {{ .Values.certificate.pkcsMangler.volume.name }}
|
|
configMap:
|
|
name: {{ .Values.certificate.pkcsMangler.configmap.name }}
|
|
defaultMode: {{ .Values.certificate.pkcsMangler.volume.defaultMode }}
|
|
- name: {{ .Values.certificate.pkcsMangler.certificateSecret.volume.name }}
|
|
secret:
|
|
secretName: {{ .Values.certificate.pkcsMangler.certificateSecret.name }}
|
|
{{- end }}
|
|
{{- if .Values.logging.promtail.enabled }}
|
|
- name: promtail-config
|
|
projected:
|
|
defaultMode: 0444
|
|
sources:
|
|
- configMap:
|
|
name: {{ template "plex.fullname" . }}-promtail
|
|
items:
|
|
- key: promtail.yaml
|
|
path: promtail.yaml
|
|
{{- end }}
|
|
##### VOLUMES END #####
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|