feat(k8s/jellyfin): add Jellyfin stack (deployment scaled to 0 for data migration)
Jellyfin media server with Intel GPU hardware transcoding, NFS media volume, and UDP discovery/DLNA ports. OIDC auth handled internally by Jellyfin (no Authelia middleware on ingress).
This commit is contained in:
47
kubernetes/app/jellyfin/networkpolicy.yaml
Normal file
47
kubernetes/app/jellyfin/networkpolicy.yaml
Normal file
@@ -0,0 +1,47 @@
|
||||
# Default deny all ingress in the jellyfin namespace
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: default-deny-ingress
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
---
|
||||
# Allow Traefik ingress controller to reach Jellyfin
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-ingress-controller
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: jellyfin
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: traefik
|
||||
---
|
||||
# Allow UDP discovery and DLNA from local network
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-udp-discovery
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: jellyfin
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- port: 7359
|
||||
protocol: UDP
|
||||
- port: 1900
|
||||
protocol: UDP
|
||||
Reference in New Issue
Block a user