feat(RomM): Deploy

Heavybullets8 · Feb 14, 2025 · b875ddd · b875ddd
1 parent 3aa277c
commit b875ddd
Show file tree

Hide file tree

Showing 6 changed files with 182 additions and 9 deletions.
diff --git a/kubernetes/apps/default/authelia/app/config/configuration.yaml b/kubernetes/apps/default/authelia/app/config/configuration.yaml
@@ -108,7 +108,7 @@ identity_providers:
     clients:
       - client_id: "{{ .GRAFANA_OAUTH_CLIENT_ID }}"
         client_secret: "{{ .GRAFANA_OAUTH_CLIENT_SECRET_ENC }}"
-        client_name: Grafana
+        client_name: "Grafana"
         public: false
         require_pkce: true
         pkce_challenge_method: "S256"
@@ -119,14 +119,14 @@ identity_providers:
         token_endpoint_auth_method: "client_secret_basic"
       - client_id: "{{ .IMMICH_OAUTH_CLIENT_ID }}"
         client_secret: "{{ .IMMICH_OAUTH_CLIENT_SECRET_ENC }}"
-        client_name: 'immich'
+        client_name: "immich"
         public: false
         redirect_uris:
-          - 'https://photos.${SECRET_DOMAIN}.com/auth/login'
-          - 'https://photos.${SECRET_DOMAIN}.com/user-settings'
-          - 'app.immich:///oauth-callback'
+          - "https://photos.${SECRET_DOMAIN}.com/auth/login"
+          - "https://photos.${SECRET_DOMAIN}.com/user-settings"
+          - "app.immich:///oauth-callback"
         scopes:
-          - 'openid'
-          - 'profile'
-          - 'email'
-        userinfo_signed_response_alg: 'none'
+          - "openid"
+          - "profile"
+          - "email"
+        userinfo_signed_response_alg: "none"
diff --git a/kubernetes/apps/game/kustomization.yaml b/kubernetes/apps/game/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
   - ./namespace.yaml
   - ../../templates/alerts
   # Flux-Kustomizations
+  - ./romm/ks.yaml
   - ./valheim/ks.yaml
 transformers:
   - |-

diff --git a/kubernetes/apps/game/romm/app/externalsecret.yaml b/kubernetes/apps/game/romm/app/externalsecret.yaml
@@ -0,0 +1,40 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: romm-secret
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: romm-secret
+    template:
+      engineVersion: v2
+      data:
+        DB_HOST: &dbHost postgres16-rw.database.svc.cluster.local
+        DB_PORT: "5432"
+        DB_USER: &dbUser "{{ .ROMM_POSTGRES_USER }}"
+        DB_PASSWD: &dbPass "{{ .ROMM_POSTGRES_PASS }}"
+        DB_NAME: &dbName romm
+
+        INIT_POSTGRES_DBNAME: *dbName
+        INIT_POSTGRES_HOST: *dbHost
+        INIT_POSTGRES_USER: *dbUser
+        INIT_POSTGRES_PASS: *dbPass
+        INIT_POSTGRES_SUPER_PASS: "{{ .CNPG_SUPER_PASS }}"
+  dataFrom:
+    - extract:
+        key: cloudnative-pg
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "CNPG_$1"
+
+    - extract:
+        key: romm
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "ROMM_$1"
diff --git a/kubernetes/apps/game/romm/app/helmrelease.yaml b/kubernetes/apps/game/romm/app/helmrelease.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app romm
+spec:
+  interval: 15m
+  chart:
+    spec:
+      interval: 15m
+      chart: app-template
+      version: 3.7.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+
+  values:
+    controllers:
+      romm:
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        initContainers:
+          init-db:
+            image:
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
+            envFrom: &envFrom
+              - secretRef:
+                  name: romm-secret
+
+        containers:
+          app:
+            image:
+              repository: ghcr.io/rommapp/romm
+              tag: 3.7.3
+            probes:
+              liveness: &probes
+                enabled: true
+              readiness: *probes
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+            env:
+              # General
+              TZ: ${TIMEZONE}
+              # Database
+              ROMM_DB_DRIVER: "postgresql"
+              # Redis
+              REDIS_HOST: dragonfly.database.svc.cluster.local
+              REDIS_DB: 3
+            envFrom: *envFrom
+            resources:
+              requests:
+                cpu: 10m
+                memory: 10M
+              limits:
+                memory: 10Gi
+
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: 8080
+
+    ingress:
+      app:
+        className: external
+        annotations:
+          external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: "https://auth.${SECRET_DOMAIN}/api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_DOMAIN}/?rm=$request_method"
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+        hosts:
+          - host: "romm.${SECRET_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+
+    persistence:
+      romm:
+        existingClaim: *app
diff --git a/kubernetes/apps/game/romm/app/kustomization.yaml b/kubernetes/apps/game/romm/app/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ./externalsecret.yaml
+  - ../../../../templates/gatus/external
+  - ../../../../templates/volsync
diff --git a/kubernetes/apps/game/romm/ks.yaml b/kubernetes/apps/game/romm/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app romm
+  namespace: flux-system
+spec:
+  targetNamespace: game
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cloudnative-pg-cluster
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/game/romm/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: false
+  interval: 30m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 20Gi