Remove pkcs configuration from plex chart
This commit is contained in:
parent
769b45d4a4
commit
0cf46c6400
|
@ -1,53 +0,0 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
|
||||
# This file contains part of the official PLEX 40-plex-first-run
|
||||
# Here: https://github.com/plexinc/pms-docker/blob/master/root/etc/cont-init.d/40-plex-first-run
|
||||
# It should live in /etc/cont-init.d/
|
||||
|
||||
# If we are debugging, enable trace
|
||||
if [ "${DEBUG,,}" = "true" ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
function setPref {
|
||||
local key="$1"
|
||||
local value="$2"
|
||||
|
||||
count="$(xmlstarlet sel -t -v "count(/Preferences/@${key})" "${prefFile}")"
|
||||
count=$(($count + 0))
|
||||
if [[ $count > 0 ]]; then
|
||||
xmlstarlet ed --inplace --update "/Preferences/@${key}" -v "${value}" "${prefFile}"
|
||||
else
|
||||
xmlstarlet ed --inplace --insert "/Preferences" --type attr -n "${key}" -v "${value}" "${prefFile}"
|
||||
fi
|
||||
}
|
||||
|
||||
home="$(echo ~plex)"
|
||||
pmsApplicationSupportDir="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR:-${home}/Library/Application Support}"
|
||||
prefFile="${pmsApplicationSupportDir}/Plex Media Server/Preferences.xml"
|
||||
|
||||
# If PKCSMANGLER__PFXINCONTAINERPATH is set, then assume we want to move the PFX Cert to that location
|
||||
if [ ! -z "${PKCSMANGLER_PFXINCONTAINERPATH}" ]; then
|
||||
# If it ends up a problem, we may need to set some kind of "don't replace existing PFX cert"
|
||||
cp -f /shared/cert.pfx "${PKCSMANGLER_PFXINCONTAINERPATH}"
|
||||
# If PKCSMANGLER__CUSTOMCERTDOMAIN is set, then assume we want to set the PLEX Preference customCertificatePath because we enabled setting PLEX Preferences
|
||||
if [ ! -z "${PKCSMANGLER_CUSTOMCERTDOMAIN}" ]; then
|
||||
setPref "customCertificatePath" "${PKCSMANGLER_PFXINCONTAINERPATH}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# If PKCSMANGLER_PFXPASSWORD is set, then assume we want to set the PLEX Preference customCertificateKey
|
||||
if [ ! -z "${PKCSMANGLER_PFXPASSWORD}" ]; then
|
||||
setPref "customCertificateKey" "${PKCSMANGLER_PFXPASSWORD}"
|
||||
fi
|
||||
|
||||
# If PKCSMANGLER__CUSTOMCERTDOMAIN is set, then assume we want to set the PLEX Preference customCertificateDomain
|
||||
if [ ! -z "${PKCSMANGLER_CUSTOMCERTDOMAIN}" ]; then
|
||||
PreferenceValue=${PKCSMANGLER_CUSTOMCERTDOMAIN#*=}
|
||||
PreferenceKey=${PKCSMANGLER_CUSTOMCERTDOMAIN%=*}
|
||||
setPref $PreferenceKey $PreferenceValue
|
||||
fi
|
||||
|
||||
# touch /.firstRunComplete
|
||||
# echo "Plex Media Server first run setup complete"
|
||||
echo "PKCS Mangler run complete"
|
|
@ -1,42 +0,0 @@
|
|||
{{- if .Values.plexPreferences.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Values.plexPreferences.configmap.name }}
|
||||
labels:
|
||||
{{- include "plex.labels" . | nindent 4 }}
|
||||
{{- if .Values.plexPreferences.configmap.labels }}
|
||||
{{ toYaml .Values.plexPreferences.configmap.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.plexPreferences.configmap.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
data:
|
||||
# At some point figure out how to use a value/Variable here to be able to specify
|
||||
# a different file or something.
|
||||
{{ (tpl (.Files.Glob "configs/41-plex-preferences").AsConfig . ) | indent 2 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.certificate.pkcsMangler.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Values.certificate.pkcsMangler.configmap.name }}
|
||||
labels:
|
||||
{{- include "plex.labels" . | nindent 4 }}
|
||||
{{- if .Values.certificate.pkcsMangler.configmap.labels }}
|
||||
{{ toYaml .Values.certificate.pkcsMangler.configmap.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.pkcsMangler.configmap.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
data:
|
||||
# At some point figure out how to use a value/Variable here to be able to specify
|
||||
# a different file or something.
|
||||
{{ (tpl (.Files.Glob "configs/42-pkcs-mangler").AsConfig . ) | indent 2 }}
|
||||
{{- end -}}
|
|
@ -257,24 +257,4 @@ spec:
|
|||
name: {{ .Values.plexPreferences.configmap.name }}
|
||||
defaultMode: {{ .Values.plexPreferences.volume.defaultMode }}
|
||||
{{- end }}
|
||||
{{- if .Values.certificate.pkcsMangler.enabled }}
|
||||
- name: {{ .Values.certificate.pkcsMangler.volume.name }}
|
||||
configMap:
|
||||
name: {{ .Values.certificate.pkcsMangler.configmap.name }}
|
||||
defaultMode: {{ .Values.certificate.pkcsMangler.volume.defaultMode }}
|
||||
- name: {{ .Values.certificate.pkcsMangler.certificateSecret.volume.name }}
|
||||
secret:
|
||||
secretName: {{ .Values.certificate.pkcsMangler.certificateSecret.name }}
|
||||
{{- end }}
|
||||
{{- if .Values.logging.promtail.enabled }}
|
||||
- name: promtail-config
|
||||
projected:
|
||||
defaultMode: 0444
|
||||
sources:
|
||||
- configMap:
|
||||
name: {{ template "plex.fullname" . }}-promtail
|
||||
items:
|
||||
- key: promtail.yaml
|
||||
path: promtail.yaml
|
||||
{{- end }}
|
||||
##### VOLUMES END #####
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
{{- if .Values.logging.promtail.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "plex.fullname" . }}-promtail
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "plex.name" . }}
|
||||
helm.sh/chart: {{ include "plex.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
data:
|
||||
promtail.yaml: |
|
||||
server:
|
||||
http_listen_port: 9080
|
||||
grpc_listen_port: 0
|
||||
positions:
|
||||
filename: /tmp/positions.yaml
|
||||
clients:
|
||||
- url: {{ .Values.logging.promtail.loki.url }}
|
||||
scrape_configs:
|
||||
- job_name: plex-logs
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost
|
||||
labels:
|
||||
job: plex-logs
|
||||
__path__: "/plex-logs/*.log"
|
||||
- job_name: plex-plugin-logs
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost
|
||||
labels:
|
||||
job: plex-plugin-logs
|
||||
__path__: "/plex-logs/PMS Plugin Logs/*.log"
|
||||
{{- end }}
|
|
@ -1,18 +0,0 @@
|
|||
{{- if .Values.certificate.pkcsMangler.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.certificate.pkcsMangler.pfxPassword.secretName }}
|
||||
labels:
|
||||
{{- include "plex.labels" . | nindent 4 }}
|
||||
{{- if .Values.certificate.pkcsMangler.pfxPassword.labels }}
|
||||
{{ toYaml .Values.certificate.pkcsMangler.pfxPassword.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.certificate.pkcsMangler.pfxPassword.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
{{ .Values.certificate.pkcsMangler.pfxPassword.passwordKey }}: {{ .Values.certificate.pkcsMangler.pfxPassword.value }}
|
||||
{{- end -}}
|
|
@ -220,61 +220,6 @@ persistence:
|
|||
# Access mode for this volume
|
||||
accessMode: ReadWriteOnce
|
||||
|
||||
# Certificate(s) in Plex
|
||||
certificate:
|
||||
# Assuming you have a kubernetes certificate secret (say from cert-manager) that has a tls.crt and tls.key but NO PFX!
|
||||
# pkcsMangler to the rescue. The pkcsMangler part will add the supplied pfxPassword to a kubernetes secret
|
||||
# This is so it's not in the clear in the YAML of the deployment in the kubernetes api.
|
||||
# We will then use an OpenSSL init container to create a pfx file using the supplied secret (only available in container)
|
||||
# Then we will use an init script (via configMap) to move the pfx file out of /shared (it's temporary storage) to
|
||||
# the location specified in pfxInContainerPath.
|
||||
pkcsMangler:
|
||||
enabled: false
|
||||
# The Image to use for pkcsMangler
|
||||
image:
|
||||
repository: tlsprint/openssl
|
||||
tag: 1.1.1f
|
||||
configmap:
|
||||
labels: {}
|
||||
annotations: {}
|
||||
# Right now you can't really change this, additionally the configmap data is
|
||||
# not configurable.
|
||||
name: 42-pkcs-mangler
|
||||
volume:
|
||||
name: 42-pkcs-mangler
|
||||
defaultMode: 493 # 0755 in octal permission notation
|
||||
# Using mountPath & SubPath allow you to volume mount a configMap AS A FILE
|
||||
# Unfortunately this also means that updates to the configMap are not automtically
|
||||
# propagated to the file contents. But it's better then replacing the entire
|
||||
# /etc/cont-init.d/ directory which is the "normal" behavior when doing volume
|
||||
# mounts.
|
||||
mountPath: /etc/cont-init.d/42-pkcs-mangler
|
||||
subPath: 42-pkcs-mangler
|
||||
setPlexPreferences:
|
||||
enabled: true # Set Plex Preferences related to Certificates
|
||||
customCertificateDomain: "" # If not empty, Set the Plex Preference customCertificateDomain
|
||||
# Use spec.certificate.pkcsMangler.pfxPassword.value to Set the Plex Preference customCertificateKey
|
||||
# Use spec.certificate.pkcsMangler.pfxInContainerPath to Set the Plex Preference customCertificatePath
|
||||
pfxPassword:
|
||||
value: "setpassword"
|
||||
# We wlll create a Kubernetes Secret for spec.certificate.pkcsMangler.pfxPassword.value
|
||||
# These are your options.
|
||||
secretName: "plex-media-server-pfx-password"
|
||||
passwordKey: "pfx-password"
|
||||
labels: {}
|
||||
annotations: {}
|
||||
pfxInContainerPath: "/config/plex.pfx" # This is full path in the container pkcsMangler will copy the pfx file to
|
||||
# This is the SSL Certificate Secret that will provide our crt and key file. If you used cert-manager to create
|
||||
# the certificate, these defaults should work for you. This Secret (and volume details) are only used by the
|
||||
# pkcsMangler Init Container.
|
||||
certificateSecret:
|
||||
name: ""
|
||||
keyName: "tls.key"
|
||||
crtName: "tls.crt"
|
||||
volume:
|
||||
name: plex-certs
|
||||
mountPath: /etc/plex-certs
|
||||
|
||||
# Probes configuration
|
||||
probes:
|
||||
liveness:
|
||||
|
@ -288,28 +233,6 @@ probes:
|
|||
failureThreshold: 30
|
||||
periodSeconds: 10
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
deploymentAnnotations: {}
|
||||
|
||||
proxy:
|
||||
# This allows to set a proxy environment variable, which PMS uses to fetch the token and assets like movie cover
|
||||
enabled: false
|
||||
|
|
Loading…
Reference in New Issue