Remove pkcs configuration from plex chart

This commit is contained in:
Waqar Ahmed 2020-12-07 01:57:13 +05:00
parent 769b45d4a4
commit 0cf46c6400
6 changed files with 0 additions and 246 deletions

View File

@ -1,53 +0,0 @@
#!/usr/bin/with-contenv bash
# This file contains part of the official PLEX 40-plex-first-run
# Here: https://github.com/plexinc/pms-docker/blob/master/root/etc/cont-init.d/40-plex-first-run
# It should live in /etc/cont-init.d/
# If we are debugging, enable trace
if [ "${DEBUG,,}" = "true" ]; then
set -x
fi
function setPref {
local key="$1"
local value="$2"
count="$(xmlstarlet sel -t -v "count(/Preferences/@${key})" "${prefFile}")"
count=$(($count + 0))
if [[ $count > 0 ]]; then
xmlstarlet ed --inplace --update "/Preferences/@${key}" -v "${value}" "${prefFile}"
else
xmlstarlet ed --inplace --insert "/Preferences" --type attr -n "${key}" -v "${value}" "${prefFile}"
fi
}
home="$(echo ~plex)"
pmsApplicationSupportDir="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR:-${home}/Library/Application Support}"
prefFile="${pmsApplicationSupportDir}/Plex Media Server/Preferences.xml"
# If PKCSMANGLER__PFXINCONTAINERPATH is set, then assume we want to move the PFX Cert to that location
if [ ! -z "${PKCSMANGLER_PFXINCONTAINERPATH}" ]; then
# If it ends up a problem, we may need to set some kind of "don't replace existing PFX cert"
cp -f /shared/cert.pfx "${PKCSMANGLER_PFXINCONTAINERPATH}"
# If PKCSMANGLER__CUSTOMCERTDOMAIN is set, then assume we want to set the PLEX Preference customCertificatePath because we enabled setting PLEX Preferences
if [ ! -z "${PKCSMANGLER_CUSTOMCERTDOMAIN}" ]; then
setPref "customCertificatePath" "${PKCSMANGLER_PFXINCONTAINERPATH}"
fi
fi
# If PKCSMANGLER_PFXPASSWORD is set, then assume we want to set the PLEX Preference customCertificateKey
if [ ! -z "${PKCSMANGLER_PFXPASSWORD}" ]; then
setPref "customCertificateKey" "${PKCSMANGLER_PFXPASSWORD}"
fi
# If PKCSMANGLER__CUSTOMCERTDOMAIN is set, then assume we want to set the PLEX Preference customCertificateDomain
if [ ! -z "${PKCSMANGLER_CUSTOMCERTDOMAIN}" ]; then
PreferenceValue=${PKCSMANGLER_CUSTOMCERTDOMAIN#*=}
PreferenceKey=${PKCSMANGLER_CUSTOMCERTDOMAIN%=*}
setPref $PreferenceKey $PreferenceValue
fi
# touch /.firstRunComplete
# echo "Plex Media Server first run setup complete"
echo "PKCS Mangler run complete"

View File

@ -1,42 +0,0 @@
{{- if .Values.plexPreferences.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.plexPreferences.configmap.name }}
labels:
{{- include "plex.labels" . | nindent 4 }}
{{- if .Values.plexPreferences.configmap.labels }}
{{ toYaml .Values.plexPreferences.configmap.labels | indent 4 }}
{{- end }}
{{- with .Values.plexPreferences.configmap.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
data:
# At some point figure out how to use a value/Variable here to be able to specify
# a different file or something.
{{ (tpl (.Files.Glob "configs/41-plex-preferences").AsConfig . ) | indent 2 }}
{{- end -}}
{{- if .Values.certificate.pkcsMangler.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.certificate.pkcsMangler.configmap.name }}
labels:
{{- include "plex.labels" . | nindent 4 }}
{{- if .Values.certificate.pkcsMangler.configmap.labels }}
{{ toYaml .Values.certificate.pkcsMangler.configmap.labels | indent 4 }}
{{- end }}
{{- with .Values.certificate.pkcsMangler.configmap.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
data:
# At some point figure out how to use a value/Variable here to be able to specify
# a different file or something.
{{ (tpl (.Files.Glob "configs/42-pkcs-mangler").AsConfig . ) | indent 2 }}
{{- end -}}

View File

@ -257,24 +257,4 @@ spec:
name: {{ .Values.plexPreferences.configmap.name }}
defaultMode: {{ .Values.plexPreferences.volume.defaultMode }}
{{- end }}
{{- if .Values.certificate.pkcsMangler.enabled }}
- name: {{ .Values.certificate.pkcsMangler.volume.name }}
configMap:
name: {{ .Values.certificate.pkcsMangler.configmap.name }}
defaultMode: {{ .Values.certificate.pkcsMangler.volume.defaultMode }}
- name: {{ .Values.certificate.pkcsMangler.certificateSecret.volume.name }}
secret:
secretName: {{ .Values.certificate.pkcsMangler.certificateSecret.name }}
{{- end }}
{{- if .Values.logging.promtail.enabled }}
- name: promtail-config
projected:
defaultMode: 0444
sources:
- configMap:
name: {{ template "plex.fullname" . }}-promtail
items:
- key: promtail.yaml
path: promtail.yaml
{{- end }}
##### VOLUMES END #####

View File

@ -1,36 +0,0 @@
{{- if .Values.logging.promtail.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "plex.fullname" . }}-promtail
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "plex.name" . }}
helm.sh/chart: {{ include "plex.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
promtail.yaml: |
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: {{ .Values.logging.promtail.loki.url }}
scrape_configs:
- job_name: plex-logs
static_configs:
- targets:
- localhost
labels:
job: plex-logs
__path__: "/plex-logs/*.log"
- job_name: plex-plugin-logs
static_configs:
- targets:
- localhost
labels:
job: plex-plugin-logs
__path__: "/plex-logs/PMS Plugin Logs/*.log"
{{- end }}

View File

@ -1,18 +0,0 @@
{{- if .Values.certificate.pkcsMangler.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.certificate.pkcsMangler.pfxPassword.secretName }}
labels:
{{- include "plex.labels" . | nindent 4 }}
{{- if .Values.certificate.pkcsMangler.pfxPassword.labels }}
{{ toYaml .Values.certificate.pkcsMangler.pfxPassword.labels | indent 4 }}
{{- end }}
{{- with .Values.certificate.pkcsMangler.pfxPassword.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
type: Opaque
stringData:
{{ .Values.certificate.pkcsMangler.pfxPassword.passwordKey }}: {{ .Values.certificate.pkcsMangler.pfxPassword.value }}
{{- end -}}

View File

@ -220,61 +220,6 @@ persistence:
# Access mode for this volume
accessMode: ReadWriteOnce
# Certificate(s) in Plex
certificate:
# Assuming you have a kubernetes certificate secret (say from cert-manager) that has a tls.crt and tls.key but NO PFX!
# pkcsMangler to the rescue. The pkcsMangler part will add the supplied pfxPassword to a kubernetes secret
# This is so it's not in the clear in the YAML of the deployment in the kubernetes api.
# We will then use an OpenSSL init container to create a pfx file using the supplied secret (only available in container)
# Then we will use an init script (via configMap) to move the pfx file out of /shared (it's temporary storage) to
# the location specified in pfxInContainerPath.
pkcsMangler:
enabled: false
# The Image to use for pkcsMangler
image:
repository: tlsprint/openssl
tag: 1.1.1f
configmap:
labels: {}
annotations: {}
# Right now you can't really change this, additionally the configmap data is
# not configurable.
name: 42-pkcs-mangler
volume:
name: 42-pkcs-mangler
defaultMode: 493 # 0755 in octal permission notation
# Using mountPath & SubPath allow you to volume mount a configMap AS A FILE
# Unfortunately this also means that updates to the configMap are not automtically
# propagated to the file contents. But it's better then replacing the entire
# /etc/cont-init.d/ directory which is the "normal" behavior when doing volume
# mounts.
mountPath: /etc/cont-init.d/42-pkcs-mangler
subPath: 42-pkcs-mangler
setPlexPreferences:
enabled: true # Set Plex Preferences related to Certificates
customCertificateDomain: "" # If not empty, Set the Plex Preference customCertificateDomain
# Use spec.certificate.pkcsMangler.pfxPassword.value to Set the Plex Preference customCertificateKey
# Use spec.certificate.pkcsMangler.pfxInContainerPath to Set the Plex Preference customCertificatePath
pfxPassword:
value: "setpassword"
# We wlll create a Kubernetes Secret for spec.certificate.pkcsMangler.pfxPassword.value
# These are your options.
secretName: "plex-media-server-pfx-password"
passwordKey: "pfx-password"
labels: {}
annotations: {}
pfxInContainerPath: "/config/plex.pfx" # This is full path in the container pkcsMangler will copy the pfx file to
# This is the SSL Certificate Secret that will provide our crt and key file. If you used cert-manager to create
# the certificate, these defaults should work for you. This Secret (and volume details) are only used by the
# pkcsMangler Init Container.
certificateSecret:
name: ""
keyName: "tls.key"
crtName: "tls.crt"
volume:
name: plex-certs
mountPath: /etc/plex-certs
# Probes configuration
probes:
liveness:
@ -288,28 +233,6 @@ probes:
failureThreshold: 30
periodSeconds: 10
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
deploymentAnnotations: {}
proxy:
# This allows to set a proxy environment variable, which PMS uses to fetch the token and assets like movie cover
enabled: false