From 0cf46c640059dd147dcace7a725f96fe7b679cc7 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Date: Mon, 7 Dec 2020 01:57:13 +0500 Subject: [PATCH] Remove pkcs configuration from plex chart --- test/plex/2.1.0/configs/42-pkcs-mangler | 53 ------------- test/plex/2.1.0/templates/configmap.yaml | 42 ---------- test/plex/2.1.0/templates/deployment.yaml | 20 ----- .../2.1.0/templates/promtail-configmap.yaml | 36 --------- test/plex/2.1.0/templates/secrets.yaml | 18 ----- test/plex/2.1.0/values.yaml | 77 ------------------- 6 files changed, 246 deletions(-) delete mode 100644 test/plex/2.1.0/configs/42-pkcs-mangler delete mode 100644 test/plex/2.1.0/templates/configmap.yaml delete mode 100644 test/plex/2.1.0/templates/promtail-configmap.yaml delete mode 100644 test/plex/2.1.0/templates/secrets.yaml diff --git a/test/plex/2.1.0/configs/42-pkcs-mangler b/test/plex/2.1.0/configs/42-pkcs-mangler deleted file mode 100644 index 8a4fb1e2aa3..00000000000 --- a/test/plex/2.1.0/configs/42-pkcs-mangler +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -# This file contains part of the official PLEX 40-plex-first-run -# Here: https://github.com/plexinc/pms-docker/blob/master/root/etc/cont-init.d/40-plex-first-run -# It should live in /etc/cont-init.d/ - -# If we are debugging, enable trace -if [ "${DEBUG,,}" = "true" ]; then - set -x -fi - -function setPref { - local key="$1" - local value="$2" - - count="$(xmlstarlet sel -t -v "count(/Preferences/@${key})" "${prefFile}")" - count=$(($count + 0)) - if [[ $count > 0 ]]; then - xmlstarlet ed --inplace --update "/Preferences/@${key}" -v "${value}" "${prefFile}" - else - xmlstarlet ed --inplace --insert "/Preferences" --type attr -n "${key}" -v "${value}" "${prefFile}" - fi -} - -home="$(echo ~plex)" -pmsApplicationSupportDir="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR:-${home}/Library/Application Support}" -prefFile="${pmsApplicationSupportDir}/Plex Media Server/Preferences.xml" - -# If PKCSMANGLER__PFXINCONTAINERPATH is set, then assume we want to move the PFX Cert to that location -if [ ! -z "${PKCSMANGLER_PFXINCONTAINERPATH}" ]; then - # If it ends up a problem, we may need to set some kind of "don't replace existing PFX cert" - cp -f /shared/cert.pfx "${PKCSMANGLER_PFXINCONTAINERPATH}" - # If PKCSMANGLER__CUSTOMCERTDOMAIN is set, then assume we want to set the PLEX Preference customCertificatePath because we enabled setting PLEX Preferences - if [ ! -z "${PKCSMANGLER_CUSTOMCERTDOMAIN}" ]; then - setPref "customCertificatePath" "${PKCSMANGLER_PFXINCONTAINERPATH}" - fi -fi - -# If PKCSMANGLER_PFXPASSWORD is set, then assume we want to set the PLEX Preference customCertificateKey -if [ ! -z "${PKCSMANGLER_PFXPASSWORD}" ]; then - setPref "customCertificateKey" "${PKCSMANGLER_PFXPASSWORD}" -fi - -# If PKCSMANGLER__CUSTOMCERTDOMAIN is set, then assume we want to set the PLEX Preference customCertificateDomain -if [ ! -z "${PKCSMANGLER_CUSTOMCERTDOMAIN}" ]; then - PreferenceValue=${PKCSMANGLER_CUSTOMCERTDOMAIN#*=} - PreferenceKey=${PKCSMANGLER_CUSTOMCERTDOMAIN%=*} - setPref $PreferenceKey $PreferenceValue -fi - -# touch /.firstRunComplete -# echo "Plex Media Server first run setup complete" -echo "PKCS Mangler run complete" \ No newline at end of file diff --git a/test/plex/2.1.0/templates/configmap.yaml b/test/plex/2.1.0/templates/configmap.yaml deleted file mode 100644 index ff5b183c755..00000000000 --- a/test/plex/2.1.0/templates/configmap.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.plexPreferences.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.plexPreferences.configmap.name }} - labels: - {{- include "plex.labels" . | nindent 4 }} -{{- if .Values.plexPreferences.configmap.labels }} -{{ toYaml .Values.plexPreferences.configmap.labels | indent 4 }} -{{- end }} -{{- with .Values.plexPreferences.configmap.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - -data: -# At some point figure out how to use a value/Variable here to be able to specify -# a different file or something. -{{ (tpl (.Files.Glob "configs/41-plex-preferences").AsConfig . ) | indent 2 }} -{{- end -}} - -{{- if .Values.certificate.pkcsMangler.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.certificate.pkcsMangler.configmap.name }} - labels: - {{- include "plex.labels" . | nindent 4 }} -{{- if .Values.certificate.pkcsMangler.configmap.labels }} -{{ toYaml .Values.certificate.pkcsMangler.configmap.labels | indent 4 }} -{{- end }} -{{- with .Values.certificate.pkcsMangler.configmap.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - -data: -# At some point figure out how to use a value/Variable here to be able to specify -# a different file or something. -{{ (tpl (.Files.Glob "configs/42-pkcs-mangler").AsConfig . ) | indent 2 }} -{{- end -}} \ No newline at end of file diff --git a/test/plex/2.1.0/templates/deployment.yaml b/test/plex/2.1.0/templates/deployment.yaml index dc12830f552..3e5c29a4f8e 100644 --- a/test/plex/2.1.0/templates/deployment.yaml +++ b/test/plex/2.1.0/templates/deployment.yaml @@ -257,24 +257,4 @@ spec: name: {{ .Values.plexPreferences.configmap.name }} defaultMode: {{ .Values.plexPreferences.volume.defaultMode }} {{- end }} - {{- if .Values.certificate.pkcsMangler.enabled }} - - name: {{ .Values.certificate.pkcsMangler.volume.name }} - configMap: - name: {{ .Values.certificate.pkcsMangler.configmap.name }} - defaultMode: {{ .Values.certificate.pkcsMangler.volume.defaultMode }} - - name: {{ .Values.certificate.pkcsMangler.certificateSecret.volume.name }} - secret: - secretName: {{ .Values.certificate.pkcsMangler.certificateSecret.name }} - {{- end }} - {{- if .Values.logging.promtail.enabled }} - - name: promtail-config - projected: - defaultMode: 0444 - sources: - - configMap: - name: {{ template "plex.fullname" . }}-promtail - items: - - key: promtail.yaml - path: promtail.yaml - {{- end }} ##### VOLUMES END ##### diff --git a/test/plex/2.1.0/templates/promtail-configmap.yaml b/test/plex/2.1.0/templates/promtail-configmap.yaml deleted file mode 100644 index c64e102bcfa..00000000000 --- a/test/plex/2.1.0/templates/promtail-configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.logging.promtail.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "plex.fullname" . }}-promtail - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "plex.name" . }} - helm.sh/chart: {{ include "plex.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - promtail.yaml: | - server: - http_listen_port: 9080 - grpc_listen_port: 0 - positions: - filename: /tmp/positions.yaml - clients: - - url: {{ .Values.logging.promtail.loki.url }} - scrape_configs: - - job_name: plex-logs - static_configs: - - targets: - - localhost - labels: - job: plex-logs - __path__: "/plex-logs/*.log" - - job_name: plex-plugin-logs - static_configs: - - targets: - - localhost - labels: - job: plex-plugin-logs - __path__: "/plex-logs/PMS Plugin Logs/*.log" -{{- end }} diff --git a/test/plex/2.1.0/templates/secrets.yaml b/test/plex/2.1.0/templates/secrets.yaml deleted file mode 100644 index 6f838fcde54..00000000000 --- a/test/plex/2.1.0/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.certificate.pkcsMangler.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.certificate.pkcsMangler.pfxPassword.secretName }} - labels: - {{- include "plex.labels" . | nindent 4 }} -{{- if .Values.certificate.pkcsMangler.pfxPassword.labels }} -{{ toYaml .Values.certificate.pkcsMangler.pfxPassword.labels | indent 4 }} -{{- end }} -{{- with .Values.certificate.pkcsMangler.pfxPassword.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -type: Opaque -stringData: - {{ .Values.certificate.pkcsMangler.pfxPassword.passwordKey }}: {{ .Values.certificate.pkcsMangler.pfxPassword.value }} -{{- end -}} \ No newline at end of file diff --git a/test/plex/2.1.0/values.yaml b/test/plex/2.1.0/values.yaml index dc0b05b92f3..d73d2db23c8 100644 --- a/test/plex/2.1.0/values.yaml +++ b/test/plex/2.1.0/values.yaml @@ -220,61 +220,6 @@ persistence: # Access mode for this volume accessMode: ReadWriteOnce -# Certificate(s) in Plex -certificate: - # Assuming you have a kubernetes certificate secret (say from cert-manager) that has a tls.crt and tls.key but NO PFX! - # pkcsMangler to the rescue. The pkcsMangler part will add the supplied pfxPassword to a kubernetes secret - # This is so it's not in the clear in the YAML of the deployment in the kubernetes api. - # We will then use an OpenSSL init container to create a pfx file using the supplied secret (only available in container) - # Then we will use an init script (via configMap) to move the pfx file out of /shared (it's temporary storage) to - # the location specified in pfxInContainerPath. - pkcsMangler: - enabled: false - # The Image to use for pkcsMangler - image: - repository: tlsprint/openssl - tag: 1.1.1f - configmap: - labels: {} - annotations: {} - # Right now you can't really change this, additionally the configmap data is - # not configurable. - name: 42-pkcs-mangler - volume: - name: 42-pkcs-mangler - defaultMode: 493 # 0755 in octal permission notation - # Using mountPath & SubPath allow you to volume mount a configMap AS A FILE - # Unfortunately this also means that updates to the configMap are not automtically - # propagated to the file contents. But it's better then replacing the entire - # /etc/cont-init.d/ directory which is the "normal" behavior when doing volume - # mounts. - mountPath: /etc/cont-init.d/42-pkcs-mangler - subPath: 42-pkcs-mangler - setPlexPreferences: - enabled: true # Set Plex Preferences related to Certificates - customCertificateDomain: "" # If not empty, Set the Plex Preference customCertificateDomain - # Use spec.certificate.pkcsMangler.pfxPassword.value to Set the Plex Preference customCertificateKey - # Use spec.certificate.pkcsMangler.pfxInContainerPath to Set the Plex Preference customCertificatePath - pfxPassword: - value: "setpassword" - # We wlll create a Kubernetes Secret for spec.certificate.pkcsMangler.pfxPassword.value - # These are your options. - secretName: "plex-media-server-pfx-password" - passwordKey: "pfx-password" - labels: {} - annotations: {} - pfxInContainerPath: "/config/plex.pfx" # This is full path in the container pkcsMangler will copy the pfx file to - # This is the SSL Certificate Secret that will provide our crt and key file. If you used cert-manager to create - # the certificate, these defaults should work for you. This Secret (and volume details) are only used by the - # pkcsMangler Init Container. - certificateSecret: - name: "" - keyName: "tls.key" - crtName: "tls.crt" - volume: - name: plex-certs - mountPath: /etc/plex-certs - # Probes configuration probes: liveness: @@ -288,28 +233,6 @@ probes: failureThreshold: 30 periodSeconds: 10 -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -podAnnotations: {} - -deploymentAnnotations: {} - proxy: # This allows to set a proxy environment variable, which PMS uses to fetch the token and assets like movie cover enabled: false