--- # Namespace apiVersion: v1 kind: Namespace metadata: name: audiobookshelf-system --- # Service Account apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: audiobookshelf-system --- # PVC for config/metadata/backups apiVersion: v1 kind: PersistentVolumeClaim metadata: name: audiobookshelf-config namespace: audiobookshelf-system labels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 5Gi --- # Audiobookshelf Deployment apiVersion: apps/v1 kind: Deployment metadata: name: audiobookshelf namespace: audiobookshelf-system labels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf template: metadata: labels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf spec: containers: - name: audiobookshelf image: advplyr/audiobookshelf:2.32.1 imagePullPolicy: IfNotPresent env: - name: TZ value: Europe/Budapest ports: - name: http containerPort: 80 protocol: TCP resources: limits: cpu: "1" memory: 1Gi requests: cpu: 100m memory: 256Mi livenessProbe: httpGet: path: /healthcheck port: http initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /healthcheck port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 volumeMounts: - name: config mountPath: /config subPath: config - name: config mountPath: /metadata subPath: metadata - name: audiobooks mountPath: /audiobooks volumes: - name: config persistentVolumeClaim: claimName: audiobookshelf-config - name: audiobooks hostPath: path: /mnt/4_hdd/Audiobook type: Directory --- # Audiobookshelf Service apiVersion: v1 kind: Service metadata: name: audiobookshelf namespace: audiobookshelf-system labels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf spec: type: ClusterIP ports: - name: http port: 80 targetPort: http protocol: TCP selector: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf --- # Ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: audiobookshelf namespace: audiobookshelf-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: audiobookshelf.dooplex.hu,audiobookshelf.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/configuration-snippet: | set $geo_allowed 0; if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } if ($geoip2_country_code = "HU") { set $geo_allowed 1; } if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: app.kubernetes.io/instance: audiobookshelf app.kubernetes.io/name: audiobookshelf spec: ingressClassName: nginx-internal rules: - host: audiobookshelf.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: audiobookshelf port: number: 80 - host: audiobookshelf.home http: paths: - path: / pathType: Prefix backend: service: name: audiobookshelf port: number: 80 tls: - hosts: - audiobookshelf.dooplex.hu secretName: audiobookshelf-tls