start using kustomize

.gitea/workflows/app-continuous-deploy.yml

@@ -12,6 +12,7 @@ on:
 
 jobs:
   deploy:
+
     runs-on: casa-vlan-cicd
     env:
       GITHUB_TEMP: ${{ runner.temp }}
@@ -35,8 +36,8 @@ jobs:
           kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
           kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }}
          
-      - name: Deploy Lms Server
+      - name: Deploy
         shell: bash
         run: |
-          kubectl apply -f ./deploy/lms-deploy.yaml
+          ./ops-scripts/apply-app.sh
             

README.md

@@ -6,36 +6,19 @@ Currently hosted on [kubernetes cluster - casa](https://git.limbosolutions.com/m
 
 **Table of Contents:**
 
-- [Namespace](#namespace)
+- [Music](#music)
-- [Deploy](#deploy)
-- [Continuous Deploy](#continuous-deploy)
-- [music](#music)
 - [Clients](#clients)
+- [Setup and Deploy](#setup-and-deploy)
+  - [App](#app)
+  - [Infra](#infra)
+  - [Continuous Deploy](#continuous-deploy)
 - [Links](#links)
 
-## Namespace
+## Music
 
-```bash { cwd=../ terminalRows=15 }
+Using the SeaweedFS CSI driver on the Casa Kubernetes cluster, connected to central storage on the Chimera Kubernetes cluster.
-kubectl create namespace lms
-```
 
-## Deploy
+ [Manifest deployed by app kustomization](./deploy/infra/music-pv.yaml).
-
-- [deployment](./deploy/lms-deploy.yaml)
-- [cicd-rbac](./deploy/cicd-rbac.yaml)
-- [music pv](/deploy/music-persistent-volume.yaml)
-
-## Continuous Deploy
-
-Weekly cron update.
-
-[Gitea Workflow](./.gitea/workflows/deploy.yml)
-
-## music
-
-using seaweedfs cs driver to my central data storage.
-
-For configuration check [persistent volume configuration](/deploy/music-persistent-volume.yaml).
 
 ## Clients
 
@@ -43,6 +26,26 @@ RaspberryPI client:
 
 - <https://git.limbosolutions.com/marcio.fernandes/pi.bluetooth.speaker>
 
+## Setup and Deploy
+
+### App
+
+``` bash
+./ops-scripts/apply-app.sh
+```
+
+### Infra
+
+``` bash
+./ops-scripts/apply-infra.sh
+```
+
+### Continuous Deploy
+
+Weekly cron update.
+
+[Gitea Workflow](./.gitea/workflows/deploy.yml)
+
 ## Links
 
 - Lyrion Music Server - Official

deploy/app/deployment.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: lyrionmusicserver
+  name: lyrionmusicserver
+  labels:
+    app: lyrionmusicserver
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lyrionmusicserver
+  template:
+    metadata:
+      labels:
+        app: lyrionmusicserver
+    spec:
+      nodeSelector:
+        role: worker-node
+      containers:
+        - name: lyrionmusicserver
+          image: lmscommunity/lyrionmusicserver
+          imagePullPolicy: Always
+          volumeMounts:
+            - mountPath: /config 
+              name: lyrionmusicserver
+            - mountPath: /music 
+              readOnly: true
+              name: music
+            - mountPath: /playlist 
+              name: playlists
+          ports:
+            - name: 9000-web
+              containerPort: 9000
+              protocol: TCP
+            - name: 9090-api
+              containerPort: 9090
+              protocol: TCP
+            - name: 3483-sqz-tcp 
+              containerPort: 3483
+              hostPort: 3483
+              protocol: TCP
+            - name: 3483-sqz-udp
+              containerPort: 3483
+              hostPort: 3483
+              protocol: UDP
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "400m"
+      
+      volumes:
+        - name: lyrionmusicserver
+          persistentVolumeClaim:
+            claimName: lyrionmusicserver
+        - name: music
+          persistentVolumeClaim: 
+            claimName:  storage-limbosolutions-com-media-music
+        - name: playlists
+          persistentVolumeClaim:
+            claimName: playlists

deploy/app/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+  - music-pvc.yaml
+  - lms-data-pvc.yaml
+  - playlists-pvc.yaml
+generatorOptions:
+  disableNameSuffixHash: true

deploy/app/lms-data-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lyrionmusicserver
+  namespace: lyrionmusicserver
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

deploy/app/music-pvc.yaml

@@ -0,0 +1,15 @@
+# check permissions on storage source
+# lms required o+rx on /music folder to scan
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: storage-limbosolutions-com-media-music
+  namespace: lyrionmusicserver
+spec:
+  storageClassName: "" # it must stay empty to work, dont know why storage-limbosolutions-com
+  volumeName: storage-limbosolutions-com-media-music
+  accessModes:
+  - ReadOnlyMany
+  resources:
+    requests:
+      storage: 128Gi

deploy/app/playlists-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: playlists
+  namespace: lyrionmusicserver
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 64Mi

deploy/app/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lyrionmusicserver
+  namespace: lyrionmusicserver
+  labels:
+    app: lyrionmusicserver
+spec:
+  selector:
+    app: lyrionmusicserver
+  ports:
+    - name: 9000-web
+      protocol: TCP
+      port: 9000       
+      targetPort: 9000
+  type: ClusterIP        
+ 

deploy/infra/cd-rbac.yaml

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   namespace: lyrionmusicserver
-  name: ci-cd
+  name: ci-cd # change name to continuous-deploy
 rules:
 - apiGroups: [""]
   resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
@@ -10,17 +10,12 @@ rules:
 - apiGroups: ["apps"]
   resources: ["deployments", "statefulsets"]
   verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
-- apiGroups: ["networking.k8s.io"]
+
-  resources: ["ingresses"]
-  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
-- apiGroups: ["traefik.io"]
-  resources: ["ingressroutes"]
-  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name:  ci-cd
+  name:  ci-cd #change name to continuous-deploy
   namespace: lyrionmusicserver
 subjects:
 - kind: ServiceAccount

deploy/infra/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: lyrionmusicserver
+  namespace: lyrionmusicserver
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`lms.casa.limbosolutions.com`)
+      kind: Rule
+      services:
+        - name: lyrionmusicserver
+          port: 9000
+  tls:
+    secretName: casa-limbosolutions-com-tls

deploy/infra/kustomization.yaml

@@ -0,0 +1,8 @@
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - cd-rbac.yaml
+  - music-pv.yaml
+  - ingress.yaml
+generatorOptions:
+  disableNameSuffixHash: true

deploy/infra/music-pv.yaml

@@ -9,7 +9,7 @@ spec:
     storage: 128Gi
   csi:
     driver: storage-limbosolutions-com-seaweedfs-csi
-    volumeHandle: media-music-storage-limbosolutions-com
+    volumeHandle: storage-limbosolutions-com-media-music
     volumeAttributes:
       collection: media.music
       path: /buckets/media.music

deploy/infra/namespace.yaml

@@ -0,0 +1,7 @@
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: lyrionmusicserver
+  labels:
+    name: lyrionmusicserver

deploy/lms-deploy.yaml

@@ -1,147 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: lyrionmusicserver
-  namespace: lyrionmusicserver
-  labels:
-    app: lyrionmusicserver
-spec:
-  selector:
-    app: lyrionmusicserver
-  ports:
-    - name: 9000-web
-      protocol: TCP
-      port: 9000       
-      targetPort: 9000
-  type: ClusterIP        
- 
-
----
-
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: lyrionmusicserver
-  namespace: lyrionmusicserver
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`lms.casa.limbosolutions.com`)
-      kind: Rule
-      services:
-        - name: lyrionmusicserver
-          port: 9000
-  tls:
-    secretName: casa-limbosolutions-com-tls
----
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: lyrionmusicserver
-  name: lyrionmusicserver
-  labels:
-    app: lyrionmusicserver
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: lyrionmusicserver
-  template:
-    metadata:
-      labels:
-        app: lyrionmusicserver
-    spec:
-      nodeSelector:
-        role: worker-node
-      containers:
-        - name: lyrionmusicserver
-          image: lmscommunity/lyrionmusicserver
-          imagePullPolicy: Always
-          volumeMounts:
-            - mountPath: /config 
-              name: lyrionmusicserver
-            - mountPath: /music 
-              readOnly: true
-              name: music
-            - mountPath: /playlist 
-              name: playlists
-          ports:
-            - name: 9000-web
-              containerPort: 9000
-              protocol: TCP
-            - name: 9090-api
-              containerPort: 9090
-              protocol: TCP
-            - name: 3483-sqz-tcp 
-              containerPort: 3483
-              hostPort: 3483
-              protocol: TCP
-            - name: 3483-sqz-udp
-              containerPort: 3483
-              hostPort: 3483
-              protocol: UDP
-          resources:
-            requests:
-              memory: "256Mi"
-              cpu: "100m"
-            limits:
-              memory: "512Mi"
-              cpu: "400m"
-      
-      volumes:
-        - name: lyrionmusicserver
-          persistentVolumeClaim:
-            claimName: lyrionmusicserver
-        - name: music
-          persistentVolumeClaim: 
-            claimName:  media-music-storage-limbosolutions-com
-        - name: playlists
-          persistentVolumeClaim:
-            claimName: playlists
----
-
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: lyrionmusicserver
-  namespace: lyrionmusicserver
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
-
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: playlists
-  namespace: lyrionmusicserver
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 64Mi
----
-
-
-# check permissions on storage source
-# lms required o+rx on /music folder to scan
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: media-music-storage-limbosolutions-com
-  namespace: lyrionmusicserver
-spec:
-  storageClassName: "" # it must stay empty to work, dont know why storage-limbosolutions-com
-  volumeName: storage-limbosolutions-com-media-music
-  accessModes:
-  - ReadOnlyMany
-  resources:
-    requests:
-      storage: 128Gi
-

ops-scripts/apply-app.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+echo "Executing app deploy."
+
+kubectl kustomize deploy/app | kubectl apply -f -

ops-scripts/apply-infra.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+echo "Executing infra deploy."
+
+kubectl kustomize deploy/infra | kubectl apply -f -