refactor!: rename be-stream-downloader app to belgarr#158
Merged
Conversation
Migrate the GitOps app to the new repo + image + hostname:
- Dir: apps/media/be-stream-downloader → apps/media/belgarr
- Namespace + HR + PVC + ES + ServiceAccount names: be-stream-downloader → belgarr
- Image: ghcr.io/varashi/be-stream-downloader:v0.5.0 → ghcr.io/varashi/belgarr:v0.6.0
- Env-var prefix: BEDL_* → BELG_*
- Hostname: bedl.${SECRET_DOMAIN} → belgarr.${SECRET_DOMAIN}
- BW SM key: SECRET_BEDL_WVD → SECRET_BELG_WVD
- Renovate cronjob: track Varashi/belgarr
PVC `belgarr-data` carries `volumeName: pvc-b6adea0b-…` to rebind the
existing PV. The pre-merge runbook clears the old claimRef so flux can
land this manifest without losing the camoufox profile / provider token
caches in /data.
|
--- cluster-talos/kubernetes/apps Kustomization: flux-system/apps Kustomization: flux-system/be-stream-downloader
+++ cluster-talos/kubernetes/apps Kustomization: flux-system/apps Kustomization: flux-system/be-stream-downloader
@@ -1,25 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: be-stream-downloader
- namespace: flux-system
-spec:
- interval: 1h
- path: ./cluster-talos/kubernetes/apps/media/be-stream-downloader/app
- postBuild:
- substituteFrom:
- - kind: Secret
- name: cluster-vars
- - kind: Secret
- name: apps-substvars
- prune: false
- sourceRef:
- kind: GitRepository
- name: flux-system
- timeout: 10m
- wait: true
-
--- cluster-talos/kubernetes/apps Kustomization: flux-system/apps Kustomization: flux-system/belgarr
+++ cluster-talos/kubernetes/apps Kustomization: flux-system/apps Kustomization: flux-system/belgarr
@@ -0,0 +1,25 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: belgarr
+ namespace: flux-system
+spec:
+ interval: 1h
+ path: ./cluster-talos/kubernetes/apps/media/belgarr/app
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: cluster-vars
+ - kind: Secret
+ name: apps-substvars
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ timeout: 10m
+ wait: true
+
--- cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader Namespace: flux-system/be-stream-downloader
+++ cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader Namespace: flux-system/be-stream-downloader
@@ -1,14 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- k10.kasten.io/backup: 'true'
- k10.kasten.io/storage-class: vsphere
- kustomize.toolkit.fluxcd.io/name: be-stream-downloader
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- pod-security.kubernetes.io/audit: baseline
- pod-security.kubernetes.io/enforce: baseline
- pod-security.kubernetes.io/warn: baseline
- name: be-stream-downloader
-
--- cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader ExternalSecret: be-stream-downloader/be-stream-downloader-secrets
+++ cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader ExternalSecret: be-stream-downloader/be-stream-downloader-secrets
@@ -1,22 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: be-stream-downloader
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: be-stream-downloader-secrets
- namespace: be-stream-downloader
-spec:
- data:
- - remoteRef:
- key: SECRET_PLEX_TOKEN
- secretKey: PLEX_TOKEN
- refreshInterval: 1h
- secretStoreRef:
- kind: ClusterSecretStore
- name: bitwarden-secretsmanager
- target:
- creationPolicy: Owner
- name: be-stream-downloader-secrets
-
--- cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader ExternalSecret: be-stream-downloader/be-stream-downloader-wvd
+++ cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader ExternalSecret: be-stream-downloader/be-stream-downloader-wvd
@@ -1,26 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: be-stream-downloader
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: be-stream-downloader-wvd
- namespace: be-stream-downloader
-spec:
- data:
- - remoteRef:
- key: SECRET_BEDL_WVD
- secretKey: wvd
- refreshInterval: 1h
- secretStoreRef:
- kind: ClusterSecretStore
- name: bitwarden-secretsmanager
- target:
- creationPolicy: Owner
- name: be-stream-downloader-wvd
- template:
- data:
- cdm.wvd: '{{ .wvd | b64dec }}'
- type: Opaque
-
--- cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader ExternalSecret: be-stream-downloader/ghcr-pull-secret
+++ cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader ExternalSecret: be-stream-downloader/ghcr-pull-secret
@@ -1,27 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: be-stream-downloader
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: ghcr-pull-secret
- namespace: be-stream-downloader
-spec:
- data:
- - remoteRef:
- key: SECRET_GHCR_PULL_TOKEN
- secretKey: token
- refreshInterval: 1h
- secretStoreRef:
- kind: ClusterSecretStore
- name: bitwarden-secretsmanager
- target:
- creationPolicy: Owner
- name: ghcr-pull-secret
- template:
- data:
- .dockerconfigjson: |
- {"auths":{"ghcr.io":{"auth":"{{ printf "Varashi:%s" .token | b64enc }}"}}}
- type: kubernetes.io/dockerconfigjson
-
--- cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader PersistentVolumeClaim: be-stream-downloader/be-stream-downloader-data
+++ cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader PersistentVolumeClaim: be-stream-downloader/be-stream-downloader-data
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: be-stream-downloader
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: be-stream-downloader-data
- namespace: be-stream-downloader
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 10Gi
- storageClassName: vsan
-
--- cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader HelmRelease: be-stream-downloader/be-stream-downloader
+++ cluster-talos/kubernetes/apps/media/be-stream-downloader/app Kustomization: flux-system/be-stream-downloader HelmRelease: be-stream-downloader/be-stream-downloader
@@ -1,122 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: be-stream-downloader
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: be-stream-downloader
- namespace: be-stream-downloader
-spec:
- chart:
- spec:
- chart: app-template
- interval: 30m
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- version: 5.0.1
- interval: 30m
- values:
- controllers:
- be-stream-downloader:
- containers:
- app:
- env:
- BEDL_GOPLAY_USE_REMOTE_CDM: '1'
- DOWNLOADS_DIR: /media
- MEDIA_LIBRARY_DEFAULT_MOVIE: Movies
- MEDIA_LIBRARY_DEFAULT_SHOW: Series
- PLEX_URL: http://plex.plex.svc:32400
- envFrom:
- - secretRef:
- name: be-stream-downloader-secrets
- image:
- pullPolicy: IfNotPresent
- repository: ghcr.io/varashi/be-stream-downloader
- tag: v0.5.0@sha256:9a0159fc1f1458dea69def98f9ea3edbb139ada0ad1a367e7c251cbd018d1785
- probes:
- liveness:
- custom: true
- enabled: true
- spec:
- httpGet:
- path: /jobs
- port: 8000
- initialDelaySeconds: 15
- periodSeconds: 30
- readiness:
- custom: true
- enabled: true
- spec:
- httpGet:
- path: /jobs
- port: 8000
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: '2'
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 256Mi
- defaultPodOptions:
- imagePullSecrets:
- - name: ghcr-pull-secret
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsUser: 1000
- supplementalGroups:
- - 568
- persistence:
- data:
- existingClaim: be-stream-downloader-data
- globalMounts:
- - path: /data
- type: persistentVolumeClaim
- media:
- globalMounts:
- - path: /media
- path: /mnt/DATA/mediapool/media
- server: ${SECRET_NFS_HOST}.${SECRET_DOMAIN}
- type: nfs
- wvd:
- defaultMode: 256
- globalMounts:
- - path: /wvd
- readOnly: true
- name: be-stream-downloader-wvd
- type: secret
- route:
- app:
- annotations:
- gethomepage.dev/description: VRT MAX + VTM GO downloader
- gethomepage.dev/enabled: 'true'
- gethomepage.dev/group: Media
- gethomepage.dev/href: https://bedl.${SECRET_DOMAIN}
- gethomepage.dev/name: BeStreamDL
- gethomepage.dev/weight: '60'
- hostnames:
- - bedl.${SECRET_DOMAIN}
- parentRefs:
- - name: main
- namespace: cilium
- sectionName: https
- rules:
- - backendRefs:
- - identifier: app
- port: http
- matches:
- - path:
- type: PathPrefix
- value: /
- service:
- app:
- controller: be-stream-downloader
- ports:
- http:
- port: 8000
-
--- cluster-talos/kubernetes/infrastructure/platform/renovate/app Kustomization: flux-system/renovate CronJob: renovate/renovate
+++ cluster-talos/kubernetes/infrastructure/platform/renovate/app Kustomization: flux-system/renovate CronJob: renovate/renovate
@@ -21,14 +21,13 @@
secretKeyRef:
key: RENOVATE_TOKEN
name: renovate-token
- name: RENOVATE_PLATFORM
value: github
- name: RENOVATE_REPOSITORIES
- value: '["Varashi/k8s", "Varashi/scaleplex", "Varashi/be-stream-downloader",
- "Varashi/gpu-node-vsphere-maintenance-controller"]'
+ value: '["Varashi/k8s", "Varashi/scaleplex", "Varashi/belgarr", "Varashi/gpu-node-vsphere-maintenance-controller"]'
- name: RENOVATE_GIT_AUTHOR
value: Renovate Bot <renovate@${SECRET_DOMAIN}>
- name: LOG_LEVEL
value: info
image: ghcr.io/renovatebot/renovate:43.186.3
name: renovate
--- cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr Namespace: flux-system/belgarr
+++ cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr Namespace: flux-system/belgarr
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ k10.kasten.io/backup: 'true'
+ k10.kasten.io/storage-class: vsphere
+ kustomize.toolkit.fluxcd.io/name: belgarr
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ pod-security.kubernetes.io/audit: baseline
+ pod-security.kubernetes.io/enforce: baseline
+ pod-security.kubernetes.io/warn: baseline
+ name: belgarr
+
--- cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr ExternalSecret: belgarr/belgarr-secrets
+++ cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr ExternalSecret: belgarr/belgarr-secrets
@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: belgarr
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: belgarr-secrets
+ namespace: belgarr
+spec:
+ data:
+ - remoteRef:
+ key: SECRET_PLEX_TOKEN
+ secretKey: PLEX_TOKEN
+ refreshInterval: 1h
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: bitwarden-secretsmanager
+ target:
+ creationPolicy: Owner
+ name: belgarr-secrets
+
--- cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr ExternalSecret: belgarr/belgarr-wvd
+++ cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr ExternalSecret: belgarr/belgarr-wvd
@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: belgarr
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: belgarr-wvd
+ namespace: belgarr
+spec:
+ data:
+ - remoteRef:
+ key: SECRET_BELG_WVD
+ secretKey: wvd
+ refreshInterval: 1h
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: bitwarden-secretsmanager
+ target:
+ creationPolicy: Owner
+ name: belgarr-wvd
+ template:
+ data:
+ cdm.wvd: '{{ .wvd | b64dec }}'
+ type: Opaque
+
--- cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr ExternalSecret: belgarr/ghcr-pull-secret
+++ cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr ExternalSecret: belgarr/ghcr-pull-secret
@@ -0,0 +1,27 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: belgarr
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: ghcr-pull-secret
+ namespace: belgarr
+spec:
+ data:
+ - remoteRef:
+ key: SECRET_GHCR_PULL_TOKEN
+ secretKey: token
+ refreshInterval: 1h
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: bitwarden-secretsmanager
+ target:
+ creationPolicy: Owner
+ name: ghcr-pull-secret
+ template:
+ data:
+ .dockerconfigjson: |
+ {"auths":{"ghcr.io":{"auth":"{{ printf "Varashi:%s" .token | b64enc }}"}}}
+ type: kubernetes.io/dockerconfigjson
+
--- cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr PersistentVolumeClaim: belgarr/belgarr-data
+++ cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr PersistentVolumeClaim: belgarr/belgarr-data
@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: belgarr
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: belgarr-data
+ namespace: belgarr
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+ storageClassName: vsan
+ volumeName: pvc-b6adea0b-f241-4915-b9ed-02e68db3f38a
+
--- cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr HelmRelease: belgarr/belgarr
+++ cluster-talos/kubernetes/apps/media/belgarr/app Kustomization: flux-system/belgarr HelmRelease: belgarr/belgarr
@@ -0,0 +1,122 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: belgarr
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: belgarr
+ namespace: belgarr
+spec:
+ chart:
+ spec:
+ chart: app-template
+ interval: 30m
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+ version: 5.0.1
+ interval: 30m
+ values:
+ controllers:
+ belgarr:
+ containers:
+ app:
+ env:
+ BELG_GOPLAY_USE_REMOTE_CDM: '1'
+ DOWNLOADS_DIR: /media
+ MEDIA_LIBRARY_DEFAULT_MOVIE: Movies
+ MEDIA_LIBRARY_DEFAULT_SHOW: Series
+ PLEX_URL: http://plex.plex.svc:32400
+ envFrom:
+ - secretRef:
+ name: belgarr-secrets
+ image:
+ pullPolicy: IfNotPresent
+ repository: ghcr.io/varashi/belgarr
+ tag: v0.6.0@sha256:1ec166fffab53fb86ddf2767345263032fb3a974bdfc8e61d4de679e7fc6b6f7
+ probes:
+ liveness:
+ custom: true
+ enabled: true
+ spec:
+ httpGet:
+ path: /jobs
+ port: 8000
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ readiness:
+ custom: true
+ enabled: true
+ spec:
+ httpGet:
+ path: /jobs
+ port: 8000
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ defaultPodOptions:
+ imagePullSecrets:
+ - name: ghcr-pull-secret
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ supplementalGroups:
+ - 568
+ persistence:
+ data:
+ existingClaim: belgarr-data
+ globalMounts:
+ - path: /data
+ type: persistentVolumeClaim
+ media:
+ globalMounts:
+ - path: /media
+ path: /mnt/DATA/mediapool/media
+ server: ${SECRET_NFS_HOST}.${SECRET_DOMAIN}
+ type: nfs
+ wvd:
+ defaultMode: 256
+ globalMounts:
+ - path: /wvd
+ readOnly: true
+ name: belgarr-wvd
+ type: secret
+ route:
+ app:
+ annotations:
+ gethomepage.dev/description: VRT MAX + VTM GO downloader
+ gethomepage.dev/enabled: 'true'
+ gethomepage.dev/group: Media
+ gethomepage.dev/href: https://belgarr.${SECRET_DOMAIN}
+ gethomepage.dev/name: Belgarr
+ gethomepage.dev/weight: '60'
+ hostnames:
+ - belgarr.${SECRET_DOMAIN}
+ parentRefs:
+ - name: main
+ namespace: cilium
+ sectionName: https
+ rules:
+ - backendRefs:
+ - identifier: app
+ port: http
+ matches:
+ - path:
+ type: PathPrefix
+ value: /
+ service:
+ app:
+ controller: belgarr
+ ports:
+ http:
+ port: 8000
+ |
|
--- HelmRelease: be-stream-downloader/be-stream-downloader ServiceAccount: be-stream-downloader/be-stream-downloader
+++ HelmRelease: be-stream-downloader/be-stream-downloader ServiceAccount: be-stream-downloader/be-stream-downloader
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: be-stream-downloader
- labels:
- app.kubernetes.io/instance: be-stream-downloader
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: be-stream-downloader
- namespace: be-stream-downloader
-
--- HelmRelease: be-stream-downloader/be-stream-downloader Service: be-stream-downloader/be-stream-downloader
+++ HelmRelease: be-stream-downloader/be-stream-downloader Service: be-stream-downloader/be-stream-downloader
@@ -1,23 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: be-stream-downloader
- labels:
- app.kubernetes.io/instance: be-stream-downloader
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: be-stream-downloader
- app.kubernetes.io/service: be-stream-downloader
- namespace: be-stream-downloader
-spec:
- type: ClusterIP
- ports:
- - port: 8000
- targetPort: 8000
- protocol: TCP
- name: http
- selector:
- app.kubernetes.io/controller: be-stream-downloader
- app.kubernetes.io/instance: be-stream-downloader
- app.kubernetes.io/name: be-stream-downloader
-
--- HelmRelease: be-stream-downloader/be-stream-downloader Deployment: be-stream-downloader/be-stream-downloader
+++ HelmRelease: be-stream-downloader/be-stream-downloader Deployment: be-stream-downloader/be-stream-downloader
@@ -1,101 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: be-stream-downloader
- labels:
- app.kubernetes.io/controller: be-stream-downloader
- app.kubernetes.io/instance: be-stream-downloader
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: be-stream-downloader
- namespace: be-stream-downloader
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app.kubernetes.io/controller: be-stream-downloader
- app.kubernetes.io/name: be-stream-downloader
- app.kubernetes.io/instance: be-stream-downloader
- template:
- metadata:
- labels:
- app.kubernetes.io/controller: be-stream-downloader
- app.kubernetes.io/instance: be-stream-downloader
- app.kubernetes.io/name: be-stream-downloader
- spec:
- enableServiceLinks: false
- serviceAccountName: be-stream-downloader
- automountServiceAccountToken: false
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsUser: 1000
- supplementalGroups:
- - 568
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- imagePullSecrets:
- - name: ghcr-pull-secret
- containers:
- - env:
- - name: BEDL_GOPLAY_USE_REMOTE_CDM
- value: '1'
- - name: DOWNLOADS_DIR
- value: /media
- - name: MEDIA_LIBRARY_DEFAULT_MOVIE
- value: Movies
- - name: MEDIA_LIBRARY_DEFAULT_SHOW
- value: Series
- - name: PLEX_URL
- value: http://plex.plex.svc:32400
- envFrom:
- - secretRef:
- name: be-stream-downloader-secrets
- image: ghcr.io/varashi/be-stream-downloader:v0.5.0@sha256:9a0159fc1f1458dea69def98f9ea3edbb139ada0ad1a367e7c251cbd018d1785
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /jobs
- port: 8000
- initialDelaySeconds: 15
- periodSeconds: 30
- name: app
- readinessProbe:
- httpGet:
- path: /jobs
- port: 8000
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: '2'
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 256Mi
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /media
- name: media
- - mountPath: /wvd
- name: wvd
- readOnly: true
- volumes:
- - name: data
- persistentVolumeClaim:
- claimName: be-stream-downloader-data
- - name: media
- nfs:
- path: /mnt/DATA/mediapool/media
- server: ${SECRET_NFS_HOST}.${SECRET_DOMAIN}
- - name: wvd
- secret:
- defaultMode: 256
- secretName: be-stream-downloader-wvd
-
--- HelmRelease: be-stream-downloader/be-stream-downloader HTTPRoute: be-stream-downloader/be-stream-downloader
+++ HelmRelease: be-stream-downloader/be-stream-downloader HTTPRoute: be-stream-downloader/be-stream-downloader
@@ -1,39 +0,0 @@
----
-apiVersion: gateway.networking.k8s.io/v1alpha2
-kind: HTTPRoute
-metadata:
- name: be-stream-downloader
- labels:
- app.kubernetes.io/instance: be-stream-downloader
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: be-stream-downloader
- annotations:
- gethomepage.dev/description: VRT MAX + VTM GO downloader
- gethomepage.dev/enabled: 'true'
- gethomepage.dev/group: Media
- gethomepage.dev/href: https://bedl.${SECRET_DOMAIN}
- gethomepage.dev/name: BeStreamDL
- gethomepage.dev/weight: '60'
- namespace: be-stream-downloader
-spec:
- parentRefs:
- - group: gateway.networking.k8s.io
- kind: Gateway
- name: main
- namespace: cilium
- sectionName: https
- hostnames:
- - bedl.${SECRET_DOMAIN}
- rules:
- - backendRefs:
- - group: ''
- kind: Service
- name: be-stream-downloader
- namespace: be-stream-downloader
- port: 8000
- weight: 1
- matches:
- - path:
- type: PathPrefix
- value: /
-
--- HelmRelease: belgarr/belgarr ServiceAccount: belgarr/belgarr
+++ HelmRelease: belgarr/belgarr ServiceAccount: belgarr/belgarr
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: belgarr
+ labels:
+ app.kubernetes.io/instance: belgarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: belgarr
+ namespace: belgarr
+
--- HelmRelease: belgarr/belgarr Service: belgarr/belgarr
+++ HelmRelease: belgarr/belgarr Service: belgarr/belgarr
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: belgarr
+ labels:
+ app.kubernetes.io/instance: belgarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: belgarr
+ app.kubernetes.io/service: belgarr
+ namespace: belgarr
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8000
+ targetPort: 8000
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/controller: belgarr
+ app.kubernetes.io/instance: belgarr
+ app.kubernetes.io/name: belgarr
+
--- HelmRelease: belgarr/belgarr Deployment: belgarr/belgarr
+++ HelmRelease: belgarr/belgarr Deployment: belgarr/belgarr
@@ -0,0 +1,101 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: belgarr
+ labels:
+ app.kubernetes.io/controller: belgarr
+ app.kubernetes.io/instance: belgarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: belgarr
+ namespace: belgarr
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ app.kubernetes.io/controller: belgarr
+ app.kubernetes.io/name: belgarr
+ app.kubernetes.io/instance: belgarr
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/controller: belgarr
+ app.kubernetes.io/instance: belgarr
+ app.kubernetes.io/name: belgarr
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: belgarr
+ automountServiceAccountToken: false
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ supplementalGroups:
+ - 568
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ imagePullSecrets:
+ - name: ghcr-pull-secret
+ containers:
+ - env:
+ - name: BELG_GOPLAY_USE_REMOTE_CDM
+ value: '1'
+ - name: DOWNLOADS_DIR
+ value: /media
+ - name: MEDIA_LIBRARY_DEFAULT_MOVIE
+ value: Movies
+ - name: MEDIA_LIBRARY_DEFAULT_SHOW
+ value: Series
+ - name: PLEX_URL
+ value: http://plex.plex.svc:32400
+ envFrom:
+ - secretRef:
+ name: belgarr-secrets
+ image: ghcr.io/varashi/belgarr:v0.6.0@sha256:1ec166fffab53fb86ddf2767345263032fb3a974bdfc8e61d4de679e7fc6b6f7
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /jobs
+ port: 8000
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ name: app
+ readinessProbe:
+ httpGet:
+ path: /jobs
+ port: 8000
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /media
+ name: media
+ - mountPath: /wvd
+ name: wvd
+ readOnly: true
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: belgarr-data
+ - name: media
+ nfs:
+ path: /mnt/DATA/mediapool/media
+ server: ${SECRET_NFS_HOST}.${SECRET_DOMAIN}
+ - name: wvd
+ secret:
+ defaultMode: 256
+ secretName: belgarr-wvd
+
--- HelmRelease: belgarr/belgarr HTTPRoute: belgarr/belgarr
+++ HelmRelease: belgarr/belgarr HTTPRoute: belgarr/belgarr
@@ -0,0 +1,39 @@
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: HTTPRoute
+metadata:
+ name: belgarr
+ labels:
+ app.kubernetes.io/instance: belgarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: belgarr
+ annotations:
+ gethomepage.dev/description: VRT MAX + VTM GO downloader
+ gethomepage.dev/enabled: 'true'
+ gethomepage.dev/group: Media
+ gethomepage.dev/href: https://belgarr.${SECRET_DOMAIN}
+ gethomepage.dev/name: Belgarr
+ gethomepage.dev/weight: '60'
+ namespace: belgarr
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: main
+ namespace: cilium
+ sectionName: https
+ hostnames:
+ - belgarr.${SECRET_DOMAIN}
+ rules:
+ - backendRefs:
+ - group: ''
+ kind: Service
+ name: belgarr
+ namespace: belgarr
+ port: 8000
+ weight: 1
+ matches:
+ - path:
+ type: PathPrefix
+ value: /
+ |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (9)
💤 Files with no reviewable changes (1)
📝 WalkthroughWalkthroughKubernetes manifests updated to migrate media application deployment from be-stream-downloader to belgarr. Namespace, storage, secrets, HelmRelease container image/routing/persistence, Flux Kustomization references, and Renovate repository monitoring all switched to target belgarr with preserved PVC binding. ChangesBe-stream-downloader to Belgarr Migration
🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GitOps half of the
be-stream-downloader→belgarrrename. Source repo + GHCR image already migrated (Varashi/be-stream-downloader→Varashi/belgarr, imageghcr.io/varashi/belgarr:v0.6.0@sha256:1ec166ff…).Scope
git mv apps/media/be-stream-downloader → belgarrbelgarrbedl.${SECRET_DOMAIN}→belgarr.${SECRET_DOMAIN}(internal AD DNS only, external-dns picks it up; oldbedlrecord drops on next sync)BEDL_*→BELG_*SECRET_BEDL_WVD→SECRET_BELG_WVD(same UUID/value)v0.5.0→v0.6.0Varashi/belgarrPV rebind (data preserved)
PVC
belgarr-datacarriesvolumeName: pvc-b6adea0b-f241-4915-b9ed-02e68db3f38ato bind the existing PV. Pre-merge cluster prep already done:kubectl scale deploy/be-stream-downloader --replicas=0flux suspend hr be-stream-downloader -n be-stream-downloaderkubectl delete pvc be-stream-downloader-data -n be-stream-downloader(PV → Released,reclaimPolicy=Retain)kubectl patch pv … -p '{"spec":{"claimRef":null}}'(PV → Available)This preserves the camoufox profile (VTM GO device-trust cookie → no 2FA re-prompt) and all four provider token caches.
Post-merge cleanup (manual, runbook)
belgarr.${SECRET_DOMAIN}, VTM GO login skips 2FAkubectl patch pv … -p '{"spec":{"persistentVolumeReclaimPolicy":"Delete"}}'(restore reclaim)kubectl delete ns be-stream-downloader(sweep orphan suspended HR + ES + secrets — Kustomization for old ks.yaml is pruned by parent, butprune: falseon the inner ks leaves them behind)Test plan
flux build kustomization apps --path apps/media/belgarrif needed)belgarr/belgarr-dataafter mergeSummary by CodeRabbit