remove deluge, add traefik dashboard auth + alerts

delugevpn-pvc.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: delugevpn-pvc
-  namespace: plex
-  labels:
-    app: delugevpn
-spec:
-  storageClassName: ceph-block-ssd
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 500Mi

delugevpn.yaml

@@ -1,82 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: delugevpn
-  namespace: plex
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: delugevpn
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: delugevpn
-      annotations:
-        backup.velero.io/backup-volumes-excludes: seedbox
-    spec:
-      containers:
-      - name: delugevpn
-        image: binhex/arch-delugevpn:2.1.1-6-05
-        ports:
-        - containerPort: 8112
-          name: http-web-svc
-        securityContext:
-          privileged: true
-        envFrom:
-        - secretRef:
-            name: delugevpn-secret
-        volumeMounts:
-        - mountPath: "/data"
-          name: seedbox
-        - mountPath: "/config"
-          name: config
-        resources:
-          requests:
-            memory: "0"
-          limits:
-            memory: "6Gi"
-      volumes:
-      - name: seedbox
-        persistentVolumeClaim:
-          claimName: seedbox-pvc
-      - name: config
-        persistentVolumeClaim:
-          claimName: delugevpn-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: delugevpn-service
-  namespace: plex
-spec:
-  selector:
-    app: delugevpn
-  type: ClusterIP
-  ports:
-  - name: delugevpn-web-port
-    protocol: TCP
-    port: 8112
-    targetPort: http-web-svc
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: delugevpn
-  namespace: plex
-spec:
-  entryPoints:
-  - websecure
-  routes:
-  - kind: Rule
-    match: Host(`delugevpn.lan.jibby.org`)
-    services:
-    - kind: Service
-      name: delugevpn-service
-      port: 8112
-    middlewares:
-    - name: lanonly
-      namespace: kube-system

jellyfin.yaml

@@ -25,7 +25,8 @@ spec:
     spec:
       containers:
       - name: jellyfin
-        image: jellyfin/jellyfin:latest
+        #image: jellyfin/jellyfin:latest
+        image: dfrgu/jellyfin-jemalloc:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 8096
@@ -69,7 +70,7 @@ spec:
           requests:
             memory: "0"
           limits:
-            memory: "2Gi"
+            memory: "4Gi"
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:

traefik/alerts.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  labels:
+    prometheus: traefik
+    role: alert-rules
+  name: prometheus-traefik-rules
+  namespace: kube-system
+spec:
+  groups:
+  - name: ./traefik.rules
+    rules:
+    - alert: Traefik5xxErr
+      expr: sum by (service) (increase(traefik_service_requests_total{code=~"5..",protocol="http"}[5m])) > 0
+

traefik/helmchartconfig.yaml

@@ -65,14 +65,14 @@ spec:
 
     ingressRoute:
       dashboard:
-        enabled: false
-        #enabled: true
-        #matchRule: Host(`traefik.lan.jibby.org`)
-        # TODO auth https://doc.traefik.io/traefik/middlewares/http/basicauth/
-        #entryPoints: ["websecure"]
-        #middlewares:
-        #- name: lanonly
-        #  namespace: kube-system
+        enabled: true
+        matchRule: Host(`traefik.lan.jibby.org`)
+        entryPoints: ["websecure"]
+        middlewares:
+        - name: lanonly
+          namespace: kube-system
+        - name: traefik-dash-auth
+          namespace: kube-system
 
     # Fix for acme.json file being changed to 660 from 600
     # This can manifest as the incredibly unhelpful "the router <router name> uses a non-existent resolver: <resolver name>"

traefik/middleware-traefikdash-auth.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-dash-auth
+  namespace: kube-system
+spec:
+  basicAuth:
+    secret: traefik-dash-secret