xtreamui
Nginx Ingress 
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm -n ingress-nginx install ingress-nginx ingress-nginx/ingress-nginx --create-namespace
kubectl get svc -n ingress-nginx
LetsEncrypt
export CERTRELEASE=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/v//')
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v${CERTRELEASE}/cert-manager.yaml
prodissuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: dropbasket1@gmail.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
kubectl apply -f prodissuer.yaml
Longhorn
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: install-packages
spec:
selector:
matchLabels:
name: install-packages
template:
metadata:
labels:
name: install-packages
spec:
containers:
- name: install-packages
image: ubuntu
securityContext:
privileged: true
command: ["/bin/sh", "-c"]
args: ["apt update && apt install -y open-iscsi nfs-common jq"]
kubectl apply -f provisioning-longhorn.yaml
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml
USER=longhorn; PASSWORD=sOFsqilmu2; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
kubectl -n longhorn-system create secret generic basic-auth --from-file=auth
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: longhorn-system
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
spec:
ingressClassName: nginx
tls:
- hosts:
- long.trastero.org
secretName: ssl-cert-longhorn
rules:
- host: long.trastero.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn-frontend
port:
number: 80
kubectl apply -f longhorn-ingress.yaml
kubectl delete -f provisioning-longhorn.yaml
xtreamui
apiVersion: v1
kind: Namespace
metadata:
name: xtreamui
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
namespace: xtreamui
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: xtreamcodes-data-pvc
namespace: xtreamui
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tmp-pvc
namespace: xtreamui
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
apiVersion: apps/v1
kind: Deployment
metadata:
name: xui-deployment
namespace: xtreamui
spec:
replicas: 1
selector:
matchLabels:
app: xui
template:
metadata:
labels:
app: xui
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- xui
topologyKey: "kubernetes.io/hostname"
initContainers:
- name: init-xui
image: theraw/xtreamui-on-docker:xtream-ui-beta2
command: ["/bin/sh", "-c"]
args:
- >
if [ "$(ls -A /mnt/mysql | grep -v lost+found)" ]; then
echo "MySQL directory is not empty, skipping copy.";
else
echo "Copying MySQL data...";
cp -a /var/lib/mysql/. /mnt/mysql/;
fi;
if [ "$(ls -A /mnt/xtreamcodes | grep -v lost+found)" ]; then
echo "Xtream Codes directory is not empty, skipping copy.";
else
echo "Copying Xtream Codes data...";
cp -a /home/xtreamcodes/. /mnt/xtreamcodes/;
fi;
volumeMounts:
- name: mysql-volume
mountPath: /mnt/mysql
- name: xtreamcodes-data-volume
mountPath: /mnt/xtreamcodes
containers:
- name: xui
image: theraw/xtreamui-on-docker:xtream-ui-beta2
command: ["supervisord", "--nodaemon", "--configuration", "/etc/supervisor/supervisord.conf"]
ports:
- containerPort: 25462
- containerPort: 25461
- containerPort: 25463
- containerPort: 25464
- containerPort: 25465
- containerPort: 25500
securityContext:
privileged: true
resources:
limits:
memory: "1Gi"
requests:
memory: "1Gi"
volumeMounts:
- name: mysql-volume
mountPath: /var/lib/mysql
- name: xtreamcodes-data-volume
mountPath: /home/xtreamcodes
- name: tmp-volume
mountPath: /tmp
securityContext:
runAsUser: 0
hostIPC: true
volumes:
- name: mysql-volume
persistentVolumeClaim:
claimName: mysql-pvc
- name: xtreamcodes-data-volume
persistentVolumeClaim:
claimName: xtreamcodes-data-pvc
- name: tmp-volume
persistentVolumeClaim:
claimName: tmp-pvc
apiVersion: v1
kind: Service
metadata:
name: xui-service
namespace: xtreamui
spec:
type: ClusterIP
selector:
app: xui
ports:
- name: port25500
port: 25500
targetPort: 25500
protocol: TCP
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: xui-ingress
namespace: xtreamui
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- xtreamui.trastero.org
secretName: ssl-cert-xtreamui
rules:
- host: xtreamui.trastero.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xui-service
port:
number: 25500