default/plex/plex.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: plex
  namespace: default
spec:
  interval: 15m
  chart:
    spec:
      chart: app-template
      version: 1.5.1
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    image:
      repository: ghcr.io/onedr0p/plex
      tag: 1.41.4.9463-630c9f557 

    env:
      TZ: "America/New_York"
      PLEX_ADVERTISE_URL: https://10.0.6.53:32400,https://plex.eviljungle.com:443
      PLEX_NO_AUTH_NETWORKS: "172.17.0.0/16,10.0.2.0/24,10.0.7.0/24,10.0.3.0/24"
    envFrom:
      - secretRef:
          name: plex-secret

    service:
      main:
        type: LoadBalancer
        loadBalancerIP: 10.0.6.53
        externalTrafficPolicy: Local
        annotations:
          metallb.universe.tf/allow-shared-ip: plex
        ports:
          http:
            port: 32400

    ingress:
      main:
        enabled: true
        # ensure that external DNS (cloudflare) has an entry for this directed to the router
        # ensure that internal DNS for this zone (coredns) has an entry for this directed to nginx LB IP
        ingressClassName: nginx
        hosts:
          - host: &host plex.eviljungle.com
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host
      tailscale:
        enabled: true
        ingressClassName: nginx-tailscale
        hosts:
          - host: *host
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host

    podSecurityContext:
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 1000
      fsGroup: 1000
      fsGroupChangePolicy: OnRootMismatch
      supplementalGroups: [44, 109, 303, 10000]

    persistence:
      config:
        enabled: true
        storageClass: "rook-ceph-block"
        accessMode: ReadWriteOnce
        size: 55Gi
      # Separate PVC for cache to avoid backing up cache files
      cache:
        enabled: true
        storageClass: "rook-ceph-block"
        accessMode: ReadWriteOnce
        size: 55Gi
        mountPath: /config/Library/Application Support/Plex Media Server/Cache
      transcode:
        enabled: true
        type: emptyDir
      tmp:
        enabled: true
        type: emptyDir
        medium: Memory
      logs:
        enabled: true
        type: emptyDir
        mountPath: /config/Library/Application Support/Plex Media Server/Logs
      nfs-media-pvc:
        enabled: true
        existingClaim: nfs-media-pvc
        mountPath: /data
        readOnly: false

    nodeSelector:
      intel.feature.node.kubernetes.io/gpu: "true"

    resources:
      requests:
        gpu.intel.com/i915: 1
        cpu: 500m
        memory: 2000Mi
      limits:
        gpu.intel.com/i915: 1
        memory: 5000Mi