refine snapcast deployment so piping between containers works

Reviewed-on: #700

apps/audiobookshelf/ingress.yaml

@@ -9,9 +9,20 @@ spec:
   routes:
   - match: Host(`audiobookshelf.kluster.moll.re`)
     kind: Rule
+    middlewares:
+    - name: buffering
     services:
     - name: audiobookshelf-web
       port: 80
 
   tls:
     certResolver: default-tls
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: buffering
+spec:
+  buffering:
+    maxRequestBodyBytes: 10000000000 # approx 10gb
+    memRequestBodyBytes: 1048576

apps/avahi-reflector/daemonset.yaml

@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: avahi-reflector
+spec:
+  selector:
+    matchLabels:
+      app: avahi-reflector
+  template:
+    metadata:
+      labels:
+        app: avahi-reflector
+    spec:
+      hostNetwork: true
+      containers:
+        - name: avahi-reflector
+          image: avahi-reflector
+          securityContext:
+            privileged: true   # required for raw sockets
+          env:
+            - name: REFLECTOR_ENABLE_REFLECTOR
+              value: "yes"
+            - name: SERVER_ALLOW_INTERFACES
+              # use all interfaces
+              value: ""

apps/avahi-reflector/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: avahi
+
+resources:
+  - namespace.yaml
+  - daemonset.yaml
+  # - configmap.yaml
+
+images:
+  - name: avahi-reflector
+    newName: flungo/avahi
+    newTag: latest

apps/avahi-reflector/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
+  labels:
+    pod-security.kubernetes.io/enforce: privileged

apps/files/kustomization.yaml

@@ -13,4 +13,4 @@ namespace: files
 images:
   - name: ocis
     newName: owncloud/ocis
-    newTag: "7.3.0"
+    newTag: "7.3.1"

apps/grafana/kustomization.yaml

@@ -17,5 +17,5 @@ helmCharts:
   - releaseName: grafana
     name: grafana
     repo: https://grafana.github.io/helm-charts
-    version: 10.1.5
+    version: 10.2.0
     valuesFile: grafana.values.yaml

apps/kitchenowl/ingress.yaml

@@ -26,5 +26,4 @@ spec:
   headers:
     customRequestHeaders:
       X-Forwarded-Proto: "https"
-      # enable websockets
       Upgrade: "websocket"

apps/musicassistant/deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: musicassistant
+spec:
+  selector:
+    matchLabels:
+      app: musicassistant
+  template:
+    metadata:
+      labels:
+        app: musicassistant
+    spec:
+      containers:
+      - name: musicassistant
+        image: musicassistant
+        resources:
+          limits:
+            memory: "2Gi"
+            cpu: "2"
+          requests:
+            memory: "128Mi"
+            cpu: "250m"
+        ports:
+        # ports required for musicassistant
+        - containerPort: 80
+        - containerPort: 443
+        - containerPort: 8097
+        - containerPort: 8095
+          # name: musicassistant-web
+        - containerPort: 1704
+        - containerPort: 1705
+
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        volumeMounts:
+        - name: data
+          mountPath: /data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: data

apps/musicassistant/ingress.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: musicassistant-ingressroute
+
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`musicassistant.kluster.moll.re`)
+    kind: Rule
+    services:
+    - name: musicassistant-web
+      port: musicassistant-web
+
+  tls:
+    certResolver: default-tls

apps/musicassistant/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: musicassistant
+
+resources:
+  - namespace.yaml
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+  # - ingress.yaml
+
+
+images:
+  - name: musicassistant
+    newName: ghcr.io/music-assistant/server
+    newTag: 2.6.0

apps/musicassistant/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/musicassistant/pvc.yaml

@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: data
+spec:
+  storageClassName: "nfs-client"
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

apps/musicassistant/service.yaml

@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: musicassistant
+spec:
+  selector:
+    app: musicassistant
+  ports:
+  - port: 80
+    targetPort: 80
+    name: required-first
+  - port: 443
+    targetPort: 443
+    name: required-second
+  - port: 8097
+    targetPort: 8097
+    name: required-third
+  - port: 8095
+    targetPort: 8095
+    name: required-fourth
+  - port: 1704
+    targetPort: 1704
+    name: required-fifth
+  - port: 1705
+    targetPort: 1705
+    name: required-sixth
+  type: LoadBalancer
+  loadBalancerIP: 192.168.3.5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: musicassistant-web
+spec:
+  selector:
+    app: musicassistant
+  ports:
+  - port: 8095
+    targetPort: 8095
+    name: musicassistant-web
+  type: ClusterIP

apps/snapcast/README.md

@@ -0,0 +1,7 @@
+### Credentials
+Since this tries to run in an isolated network we can't rely on autodiscover and the spotify client needs to be tied to an account.
+
+This is achieved by registering the client on startup via oauth. The logs show an url which should be copied to a local browser. The successfull redirect needs to be forwarded back to the client, hence run:
+```
+k port-forward deployments/snapcast 5588:5588
+```

apps/snapcast/deployment.yaml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: snapcast
+spec:
+  selector:
+    matchLabels:
+      app: snapcast
+  template:
+    metadata:
+      labels:
+        app: snapcast
+    spec:
+      containers:
+      - name: snapcast
+        image: snapcast
+        resources:
+          limits:
+            memory: "2Gi"
+            cpu: "2"
+          requests:
+            memory: "128Mi"
+            cpu: "250m"
+        ports:
+        # snapcast ports
+        - containerPort: 1704
+        - containerPort: 1705
+        # web interface
+        - containerPort: 1780
+        - containerPort: 1788
+        # avahi
+        - containerPort: 5353
+        # airplay
+        - containerPort: 3689
+        - containerPort: 5000
+        - containerPort: 6000
+        - containerPort: 6001
+        - containerPort: 6002
+        - containerPort: 6003
+        - containerPort: 6004
+        - containerPort: 6005
+        - containerPort: 6006
+        - containerPort: 6007
+        - containerPort: 6008
+        - containerPort: 6009
+        - containerPort: 7000
+        - containerPort: 319
+        - containerPort: 320
+
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        - name: AIRPLAY_CONFIG_ENABLED
+          value: "1"
+        - name: SPOTIFY_CONFIG_ENABLED
+          value: "0"
+        - name: PIPE_CONFIG_ENABLED
+          value: "1"
+        - name: PIPE_PATH
+          value: /mnt/pipe/spotipipe
+        - name: PIPE_SOURCE_NAME
+          value: "Librespot"
+        # - name: PIPE_MODE
+        #   value: "read"
+        - name: PIPE_EXTRA_ARGS
+          # see https://github.com/badaix/snapcast/issues/1248
+          value: "&sampleformat=44100:16:2"
+        volumeMounts:
+        - name: pipe
+          mountPath: /mnt/pipe
+
+
+      - name: librespot
+        image: librespot
+        resources:
+          limits:
+            memory: "2Gi"
+            cpu: "2"
+          requests:
+            memory: "128Mi"
+            cpu: "250m"
+        ports:
+        - containerPort: 5588 # default port for oauth callback
+        env:
+        - name: BACKEND
+          value: pipe
+        - name: DEVICE
+          value: /mnt/pipe/spotipipe
+        - name: DISABLE_DISCOVERY
+          value: Y
+        - name: AUTOPLAY
+          value: Y
+        # - name: VERBOSE
+        #   value: Y
+        # - name: PASSTHROUGH
+        #   value: Y
+        - name: ADDITIONAL_ARGUMENTS
+          value: "--enable-oauth --cache /cache"
+        volumeMounts:
+        - name: pipe
+          mountPath: /mnt/pipe
+        - name: credentials-cache
+          mountPath: /cache
+      volumes:
+      - name: pipe
+        emptyDir: {}
+      - name: credentials-cache
+        persistentVolumeClaim:
+          claimName: cache

apps/snapcast/kustomization.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: snapcast
+
+resources:
+  - namespace.yaml
+  - deployment.yaml
+  - service.yaml
+  - pvc.yaml
+  - snapcast-config.secret.yaml
+
+images:
+  - name: snapcast
+    newName: ghcr.io/firefrei/snapcast/server
+    newTag: latest
+  - name: librespot
+    newName: giof71/librespot
+    newTag: latest

apps/snapcast/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/snapcast/pvc.yaml

@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: cache
+spec:
+  storageClassName: "nfs-client"
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

apps/snapcast/service.yaml

@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: snapcast
+spec:
+  selector:
+    app: snapcast
+  ports:
+  - name: snapcast
+    port: 1704
+    targetPort: 1704
+    protocol: TCP
+  - name: snapcast-ctl
+    port: 1705
+    targetPort: 1705
+    protocol: TCP
+  - name: web
+    port: 1780
+    targetPort: 1780
+    protocol: TCP
+  - name: web-alt
+    port: 1788
+    targetPort: 1788
+    protocol: TCP
+  # - name: airplay-3689
+  #   port: 3689
+  #   targetPort: 3689
+  #   protocol: TCP
+  # - name: airplay-5000
+  #   port: 5000
+  #   targetPort: 5000
+  #   protocol: TCP
+  # - name: airplay-6000
+  #   port: 6000
+  #   targetPort: 6000
+  #   protocol: TCP
+  # - name: airplay-6001
+  #   port: 6001
+  #   targetPort: 6001
+  #   protocol: TCP
+  # - name: airplay-6002
+  #   port: 6002
+  #   targetPort: 6002
+  #   protocol: TCP
+  # - name: airplay-6003
+  #   port: 6003
+  #   targetPort: 6003
+  #   protocol: TCP
+  # - name: airplay-6004
+  #   port: 6004
+  #   targetPort: 6004
+  #   protocol: TCP
+  # - name: airplay-6005
+  #   port: 6005
+  #   targetPort: 6005
+  #   protocol: TCP
+  # - name: airplay-6006
+  #   port: 6006
+  #   targetPort: 6006
+  #   protocol: TCP
+  # - name: airplay-6007
+  #   port: 6007
+  #   targetPort: 6007
+  #   protocol: TCP
+  # - name: airplay-6008
+  #   port: 6008
+  #   targetPort: 6008
+  #   protocol: TCP
+  # - name: airplay-6009
+  #   port: 6009
+  #   targetPort: 6009
+  #   protocol: TCP
+  # - name: airplay-7000
+  #   port: 7000
+  #   targetPort: 7000
+  #   protocol: TCP
+  # - name: airplay-319
+  #   port: 319
+  #   targetPort: 319
+  #   protocol: UDP
+  # - name: airplay-320
+  #   port: 320
+  #   targetPort: 320
+  #   protocol: UDP
+  type: LoadBalancer
+  loadBalancerIP: 192.168.3.5

infrastructure/external-dns/kustomization.yaml

@@ -11,4 +11,4 @@ resources:
 images:
   - name: dns
     newName: git.kluster.moll.re/remoll/dns
-    newTag: 0.0.2-build.109
+    newTag: 0.0.2-build.113

infrastructure/monitoring/kustomization.yaml

@@ -29,5 +29,5 @@ helmCharts:
   - name: prometheus-node-exporter
     releaseName: prometheus-node-exporter
     repo: https://prometheus-community.github.io/helm-charts
-    version: 4.49.1
+    version: 4.49.2
     valuesFile: prometheus-node-exporter.values.yaml

infrastructure/traefik-system/configmap.yaml

@@ -66,6 +66,11 @@ data:
         [entryPoints.websecure.forwardedHeaders]
           insecure = true
           # forward ip headers no matter where they come from
+        [entryPoints.websecure.transport.respondingTimeouts]
+          readTimeout  = "0"
+          # writeTimeout = "300s"
+          # idleTimeout  = "180s"
+
 
       [entryPoints.metrics]
         address = ":9100"