diff --git a/contrib/k8s/README.md b/contrib/k8s/README.md new file mode 100644 index 00000000..8ec52703 --- /dev/null +++ b/contrib/k8s/README.md @@ -0,0 +1,11 @@ +# Kubernetes + +A couple things to keep in mind with this manifest: + +1. This creates a namespace called `navidrome`. Adjust this as needed. +1. This manifest was created on [K3s](https://github.com/k3s-io/k3s), which uses its own storage provisioner called [local-path-provisioner](https://github.com/rancher/local-path-provisioner). Be sure to change the `storageClassName` of the `PersistentVolumeClaim` as needed. +1. The `PersistentVolumeClaim` sets up a 2Gi volume for Navidrome's database. Adjust this as needed. +1. Be sure to change the `image` tag from `ghcr.io/navidrome/navidrome:0.49.3` to whatever the newest version is. +1. This assumes your music is mounted on the host using `hostPath` at `/path/to/your/music/on/the/host`. Adjust this as needed. +1. The `Ingress` is already configured for `cert-manager` to obtain a Let's Encrypt TLS certificate and uses Traefik for routing. Adjust this as needed. +1. The `Ingress` presents the service at `navidrome.${SECRET_INTERNAL_DOMAIN_NAME}`, which needs to already be setup in DNS. diff --git a/contrib/k8s/manifest.yml b/contrib/k8s/manifest.yml new file mode 100644 index 00000000..fe963616 --- /dev/null +++ b/contrib/k8s/manifest.yml @@ -0,0 +1,111 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: navidrome +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: navidrome-data-pvc + namespace: navidrome + annotations: + volumeType: local +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + storageClassName: local-path +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: navidrome-deployment + namespace: navidrome +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: navidrome + template: + metadata: + labels: + app: navidrome + spec: + containers: + - name: navidrome + image: ghcr.io/navidrome/navidrome:0.49.3 + ports: + - containerPort: 4533 + env: + - name: ND_SCANSCHEDULE + value: "12h" + - name: ND_SESSIONTIMEOUT + value: "24h" + - name: ND_LOGLEVEL + value: "info" + - name: ND_ENABLETRANSCODINGCONFIG + value: "false" + - name: ND_TRANSCODINGCACHESIZE + value: "512MB" + - name: ND_ENABLESTARRATING + value: "false" + - name: ND_ENABLEFAVOURITES + value: "false" + volumeMounts: + - name: data + mountPath: /data + - name: music + mountPath: /music + readOnly: true + volumes: + - name: data + persistentVolumeClaim: + claimName: navidrome-data-pvc + - name: music + hostPath: + path: /path/to/your/music/on/the/host + type: Directory +--- +apiVersion: v1 +kind: Service +metadata: + name: navidrome-service + namespace: navidrome +spec: + type: ClusterIP + ports: + - name: http + targetPort: 4533 + port: 4533 + protocol: TCP + selector: + app: navidrome +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: navidrome-ingress + namespace: navidrome + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: navidrome.${SECRET_INTERNAL_DOMAIN_NAME} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: navidrome-service + port: + number: 4533 + tls: + - hosts: + - navidrome.${SECRET_INTERNAL_DOMAIN_NAME} + secretName: navidrome-tls