From 704a19f86469e4f7a48b18e115c0a23975d00694 Mon Sep 17 00:00:00 2001 From: AB-UK Date: Thu, 19 Mar 2026 13:45:52 +0000 Subject: [PATCH] Added furumi-dev --- k8s/apps/furumi-dev/app.yaml | 20 +++++++ k8s/apps/furumi-dev/external-secrets.yaml | 55 ++++++++++++++++++ k8s/apps/furumi-dev/ingress.yaml | 59 +++++++++++++++++++ k8s/apps/furumi-dev/kustomization.yaml | 10 ++++ k8s/apps/furumi-dev/metadata-agent.yaml | 59 +++++++++++++++++++ k8s/apps/furumi-dev/service.yaml | 32 +++++++++++ k8s/apps/furumi-dev/web-player.yaml | 70 +++++++++++++++++++++++ 7 files changed, 305 insertions(+) create mode 100644 k8s/apps/furumi-dev/app.yaml create mode 100644 k8s/apps/furumi-dev/external-secrets.yaml create mode 100644 k8s/apps/furumi-dev/ingress.yaml create mode 100644 k8s/apps/furumi-dev/kustomization.yaml create mode 100644 k8s/apps/furumi-dev/metadata-agent.yaml create mode 100644 k8s/apps/furumi-dev/service.yaml create mode 100644 k8s/apps/furumi-dev/web-player.yaml diff --git a/k8s/apps/furumi-dev/app.yaml b/k8s/apps/furumi-dev/app.yaml new file mode 100644 index 0000000..fc2e2c9 --- /dev/null +++ b/k8s/apps/furumi-dev/app.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: furumi-dev + namespace: argocd +spec: + project: apps + destination: + namespace: furumi-dev + server: https://kubernetes.default.svc + source: + repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git + targetRevision: HEAD + path: k8s/apps/furumi-dev + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true diff --git a/k8s/apps/furumi-dev/external-secrets.yaml b/k8s/apps/furumi-dev/external-secrets.yaml new file mode 100644 index 0000000..11fa273 --- /dev/null +++ b/k8s/apps/furumi-dev/external-secrets.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: furumi-ng-creds +spec: + target: + name: furumi-ng-creds + deletionPolicy: Delete + template: + type: Opaque + data: + OIDC_CLIENT_ID: |- + {{ .client_id }} + OIDC_CLIENT_SECRET: |- + {{ .client_secret }} + OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-ng-web/ + OIDC_REDIRECT_URL: https://music.hexor.cy/auth/callback + OIDC_SESSION_SECRET: |- + {{ .session_secret }} + PG_STRING: |- + postgres://furumi_dev:{{ .pg_pass }}@psql.psql.svc:5432/furumi_dev + data: + - secretKey: client_id + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6 + property: fields[0].value + - secretKey: client_secret + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6 + property: fields[1].value + - secretKey: session_secret + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6 + property: fields[2].value + - secretKey: pg_pass + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 2a9deb39-ef22-433e-a1be-df1555625e22 + property: fields[17].value diff --git a/k8s/apps/furumi-dev/ingress.yaml b/k8s/apps/furumi-dev/ingress.yaml new file mode 100644 index 0000000..9bd1f77 --- /dev/null +++ b/k8s/apps/furumi-dev/ingress.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: admin-strip +spec: + stripPrefix: + prefixes: + - /admin +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: furumi-tls-ingress + annotations: + ingressClassName: traefik + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd + acme.cert-manager.io/http01-edit-in-place: "true" +spec: + rules: + - host: music-dev.hexor.cy + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: furumi-dev-web-player + port: + number: 8080 + tls: + - secretName: furumi-tls + hosts: + - '*.hexor.cy' +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: furumi-dev-admin-ingress + annotations: + ingressClassName: traefik + traefik.ingress.kubernetes.io/router.middlewares: furumi-server-admin-strip@kubernetescrd,kube-system-https-redirect@kubernetescrd +spec: + rules: + - host: music-dev.hexor.cy + http: + paths: + - path: /admin + pathType: Prefix + backend: + service: + name: furumi-dev-metadata-agent + port: + number: 8090 + tls: + - secretName: furumi-tls + hosts: + - '*.hexor.cy' diff --git a/k8s/apps/furumi-dev/kustomization.yaml b/k8s/apps/furumi-dev/kustomization.yaml new file mode 100644 index 0000000..692cad5 --- /dev/null +++ b/k8s/apps/furumi-dev/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app.yaml + - service.yaml + - external-secrets.yaml + - ingress.yaml + - web-player.yaml + - metadata-agent.yaml diff --git a/k8s/apps/furumi-dev/metadata-agent.yaml b/k8s/apps/furumi-dev/metadata-agent.yaml new file mode 100644 index 0000000..0fb7591 --- /dev/null +++ b/k8s/apps/furumi-dev/metadata-agent.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: furumi-dev-metadata-agent + labels: + app: furumi-dev-metadata-agent +spec: + replicas: 1 + selector: + matchLabels: + app: furumi-dev-metadata-agent + template: + metadata: + labels: + app: furumi-dev-metadata-agent + spec: + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + containers: + - name: furumi-dev-metadata-agent + image: ultradesu/furumi-metadata-agent:dev + imagePullPolicy: Always + env: + - name: FURUMI_AGENT_DATABASE_URL + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: PG_STRING + - name: FURUMI_AGENT_INBOX_DIR + value: "/inbox" + - name: FURUMI_AGENT_STORAGE_DIR + value: "/media" + - name: FURUMI_AGENT_OLLAMA_URL + value: "http://ollama.ollama.svc:11434" + - name: FURUMI_AGENT_OLLAMA_MODEL + value: "qwen3:14b" + - name: FURUMI_AGENT_POLL_INTERVAL_SECS + value: "10" + - name: RUST_LOG + value: "info" + ports: + - name: admin-ui + containerPort: 8090 + protocol: TCP + volumeMounts: + - name: library + mountPath: /media + - name: inbox + mountPath: /inbox + volumes: + - name: library + hostPath: + path: /k8s/furumi-dev/library + type: DirectoryOrCreate + - name: inbox + hostPath: + path: /k8s/furumi-dev/inbox + type: DirectoryOrCreate + diff --git a/k8s/apps/furumi-dev/service.yaml b/k8s/apps/furumi-dev/service.yaml new file mode 100644 index 0000000..c7ecdea --- /dev/null +++ b/k8s/apps/furumi-dev/service.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: furumi-dev-metadata-agent + labels: + app: furumi-dev-metadata-agent +spec: + type: ClusterIP + selector: + app: furumi-dev-metadata-agent + ports: + - name: admin-ui + protocol: TCP + port: 8090 + targetPort: 8090 +--- +apiVersion: v1 +kind: Service +metadata: + name: furumi-dev-web-player + labels: + app: furumi-dev-web-player +spec: + type: ClusterIP + selector: + app: furumi-dev-web-player + ports: + - name: web-ui + protocol: TCP + port: 8080 + targetPort: 8080 diff --git a/k8s/apps/furumi-dev/web-player.yaml b/k8s/apps/furumi-dev/web-player.yaml new file mode 100644 index 0000000..16f47ca --- /dev/null +++ b/k8s/apps/furumi-dev/web-player.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: furumi-dev-web-player + labels: + app: furumi-dev-web-player +spec: + replicas: 1 + selector: + matchLabels: + app: furumi-dev-web-player + template: + metadata: + labels: + app: furumi-dev-web-player + spec: + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + containers: + - name: furumi-dev-web-player + image: ultradesu/furumi-web-player:dev + imagePullPolicy: Always + env: + - name: FURUMI_PLAYER_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_CLIENT_ID + - name: FURUMI_PLAYER_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_CLIENT_SECRET + - name: FURUMI_PLAYER_OIDC_ISSUER_URL + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_ISSUER_URL + - name: FURUMI_PLAYER_OIDC_REDIRECT_URL + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_REDIRECT_URL + - name: FURUMI_PLAYER_OIDC_SESSION_SECRET + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_SESSION_SECRET + - name: FURUMI_PLAYER_DATABASE_URL + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: PG_STRING + - name: FURUMI_PLAYER_STORAGE_DIR + value: "/media" + - name: RUST_LOG + value: "info" + ports: + - name: web-ui + containerPort: 8080 + protocol: TCP + volumeMounts: + - name: music + mountPath: /media + volumes: + - name: music + hostPath: + path: /k8s/furumi-dev/library + type: DirectoryOrCreate +