This repository contains recipes to easily deploy container-based applications with the openmediavault-k8s Kubernetes plugin.

The following rules should be observed in the recipes:

• Create a namespace for each application according the schema: <APPNAME>-app
• Traefik is used by the openmediavault-k8s plugin. So use IngressRoute over Ingress.
• For HTTPS ingresses use the TLS secret name host-selfsigned-cert if you want to use the auto-created self-signed certificate. Use host-imported-cert if you have configured an SSL certificate in the plugin settings that is managed via the openmediavault UI.
• The default entry points for IngressRoute are web (HTTP) and websecure (HTTPS).
• Make use of a NodePort service only if the application does not work behind a reverse proxy.
• Make use of the HelmChart resource if the application can be installed via Helm.

metadata.yaml

Architecture

Use this translation table for the architecture flag in the metadata.yaml file:

Architecture	Also known as
i386	i386
amd64	x86_64
armel	armv6l
armhf	armv7l
arm64	aarch64

Section

The section value in the metadata.yaml file is inspired by those that are used in Debian, e.g. graphics, net or utils. Get a full list here.

Domain Specific Language

The recipe editor of the openmediavault-k8s has a DSL (Domain Specific Language) that supports the user in getting specific information from their openmediavault host system in Kubernetes manifests.

The following functions are currently available:

• hostname() – Get the hostname of the host.
• domain() – Get the domain name of the host.
• fqdn() – Get the FQDN of the host.
• ipaddr(name=NULL) – Get the IPv4 address of the specified network interface. If not set, the IPv4 address of the interface of the first default route is used.
• ipaddr6(name=NULL) – Get the IPv6 address of the specified network interface. If not set, the IPv6 address of the interface of the first default route is used.
• uid(name) – Get the UID of the specified user.
• gid(name) – Get the GID of the specified group.
• sharedfolder_path(name) – Get the full path of the specified shared folder.
• conf_get(id, uuid=NULL) – Get the specified database configuration object.
• tz() – Get the time zone of the host.

The following filters are currently available:

• get(key, default=NULL) – Get the specified key, e.g. foo.bar.baz from a dictionary.

For the built-in features of the used template engine please have a look here:

• Basic knowledge
• Filters and functions

Examples:

apiVersion: apps/v1
kind: Deployment
...
spec:
  ...
  template:
    metadata:
      ...
    spec:
      containers:
        - securityContext:
            runAsNonRoot: true
            runAsUser: {{ uid('nobody') }}
            runAsGroup: {{ gid('nogroup') }}
          args:
            - "--port 3000"
            - "--base /wetty"
            - "--force-ssh"
            - "--ssh-port {{ conf_get('conf.service.ssh') | get('port') }}"
            - "--ssh-host {{ hostname() }}"
  ...

apiVersion: apps/v1
kind: Deployment
...
spec:
  ...
  template:
    metadata:
      ...
    spec:
      containers:
        ...
      volumes:
        - name: originals-volume
          hostPath:
            type: Directory
            path: {{ sharedfolder_path('images') }}
  ...

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: immich-websecure
  namespace: immich-app
  ...
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`immich.{{ ipaddr() }}.sslip.io`)
      kind: Rule
      services:
        - name: immich-server
          port: 3001