From 2c96b41538dba5b0104418516dfaabde7961f7a0 Mon Sep 17 00:00:00 2001
From: Umbert Pensato Bosch <708948+umbertix@users.noreply.github.com>
Date: Mon, 29 Jan 2024 21:03:41 +0100
Subject: [PATCH] feat(charts): Add Jellyfin

---
 .github/workflows/integration-tests.yml       |  12 +-
 .gitignore                                    |   1 +
 README.md                                     | 372 ++++++++-------
 config/samples/charts_v1_k8smediaserver.yaml  |  25 +-
 helm-charts/k8s-mediaserver/Chart.yaml        |   4 +-
 .../templates/jellyfin-resources.yml          | 157 +++++++
 .../templates/storage-resources.yml           |  26 ++
 helm-charts/k8s-mediaserver/values.yaml       |  74 ++-
 k8s-mediaserver-operator.yml                  | 434 +++++++++---------
 k8s-mediaserver.yml                           |  44 +-
 10 files changed, 735 insertions(+), 414 deletions(-)
 create mode 100644 helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml

diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index 10e67e5..bf4d3de 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -80,9 +80,11 @@ jobs:
       - name: Edit hosts file and test apps
         run: |
           sudo echo "127.0.0.1   ${{ env.plex_ingress_host }} ${{ env.ingress_host }}" | sudo tee -a /etc/hosts
-          wget ${{ env.ingress_host }}/sonarr
-          wget ${{ env.ingress_host }}/radarr
-          wget ${{ env.ingress_host }}/sabnzbd
-          wget ${{ env.ingress_host }}/prowlarr
-          wget --retry-on-http-error=503,500 ${{ env.ingress_host }}/jackett
+          sudo echo "127.0.0.1   ${{ env.jellyfin_ingress_host }} ${{ env.ingress_host }}" | sudo tee -a /etc/hosts
+          wget --retry-on-http-error=503,500 ${{ env.ingress_host }}/sonarr
+          wget --retry-on-http-error=503,500 ${{ env.ingress_host }}/radarr
+          wget --retry-on-http-error=503,500 ${{ env.ingress_host }}/sabnzbd
+          wget --retry-on-http-error=503,500 ${{ env.ingress_host }}/prowlarr
+          wget --retry-on-http-error=503,500 ${{ env.ingress_host }}/jackett          
           curl ${{ env.plex_ingress_host }}
+          curl ${{ env.jellyfin_ingress_host }}
diff --git a/.gitignore b/.gitignore
index 0b4a3a0..52255f9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@ bin
 *.swo
 *~
 kubeserver.yml
+my-values.yaml
\ No newline at end of file
diff --git a/README.md b/README.md
index afb54d2..9d20d82 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,8 @@ based on:
 [Plex Media Server](https://www.plex.tv/ "Plex Media Server") - A complete and fully funtional mediaserver that allows
 you to render in a webUI your movies, TV Series, podcasts, video streams.
 
+[Jellyfin](https://jellyfin.org/ "JellyFin") - It is an alternative to the proprietary Emby and Plex, to provide media from a dedicated server to end-user devices via multiple apps
+
 [Sonarr](https://sonarr.tv/ "Sonarr") - A TV series and show tracker, that allows the integration with download managers
 for searching and retrieving TV Series, organizing them, schedule notifications when an episode comes up and much more.
 
@@ -19,7 +21,7 @@ for searching and retrieving TV Series, organizing them, schedule notifications
 [Jackett](https://github.com/Jackett/Jackett "Jackett") - An API interface that keeps easy your life interacting with
 trackers for torrents.
 
-[Prowlarr](https://github.com/Prowlarr/Prowlarr "Prowlarr") - An indexer manager/proxy built on the popular *arr .net/reactjs base stack to integrate with your various PVR apps. Prowlarr supports management of both Torrent Trackers and Usenet Indexers.
+[Prowlarr](https://github.com/Prowlarr/Prowlarr "Prowlarr") - An indexer manager/proxy built on the popular \*arr .net/reactjs base stack to integrate with your various PVR apps. Prowlarr supports management of both Torrent Trackers and Usenet Indexers.
 
 [Transmission](https://transmissionbt.com/ "Transmission") - A fast, easy and reliable torrent client.
 
@@ -39,7 +41,7 @@ and I wanted to experiment a bit both with helm and operators.
 It is quite simple to use, and very minimalistic, with customizations that are strictly related to usability and access,
 rather than complex customizations, even if, maybe in the future, we could add it!
 
-Each container has its *init container* in order to initialize configurations on the PV before starting the actual pod
+Each container has its _init container_ in order to initialize configurations on the PV before starting the actual pod
 and avoid to restart the pods.
 
 ## QuickStart
@@ -55,16 +57,19 @@ All you need is:
 1. First install the CRD and the operator:
 
 AMD/Intel:
+
 ```shell
 kubectl apply -f k8s-mediaserver-operator.yml
 ```
 
 ARM - Raspberry Pi:
+
 ```shell
 kubectl apply -f k8s-mediaserver-operator-arm64.yml
 ```
 
-2. Install the custom resource:
+2. Install the custom resource with the default values:
+
 ```shell
 kubectl apply -f k8s-mediaserver.yml
 ```
@@ -73,23 +78,36 @@ In seconds, you will be ready to use your applications!
 
 With default settings, your applications will run in these paths:
 
-| Service      | Link                                           |
-|--------------|------------------------------------------------|
-| Sonarr       | http://k8s-mediaserver.k8s.test/sonarr         |
-| Radarr       | http://k8s-mediaserver.k8s.test/radarr         |
-| Transmission | http://k8s-mediaserver.k8s.test/transmission   |
-| Jackett      | http://k8s-mediaserver.k8s.test/jackett        |
-| Prowlarr     | http://k8s-mediaserver.k8s.test/prowlarr       |
-| PLEX         | http://k8s-plex.k8s.test/                      |
+| Service      | Link                                         |
+| ------------ | -------------------------------------------- |
+| Sonarr       | http://k8s-mediaserver.k8s.test/sonarr       |
+| Radarr       | http://k8s-mediaserver.k8s.test/radarr       |
+| Transmission | http://k8s-mediaserver.k8s.test/transmission |
+| Jackett      | http://k8s-mediaserver.k8s.test/jackett      |
+| Prowlarr     | http://k8s-mediaserver.k8s.test/prowlarr     |
+| Jellyfin     | http://k8s-jelly.k8s.test/                   |
+| PLEX         | http://k8s-plex.k8s.test/                    |
 
+3. (Optional) Use custom values:
+
+If you want to use your custom setup for all the services:
+
+- Copy the default values files `cp ./helm-charts/k8s-mediaserver/values.yaml my-values.yaml`
+- Make all the changes you want in the new file `./helm-charts/k8s-mediaserver/my-values.yaml`
 
 With this value saved in the top level directory of this repo, running the below will add the resources to your cluster,
 under the helm release name `k8s-mediaserver`
 
-``` shell
+```shell
 helm install -f my-values.yaml k8s-mediaserver ./helm-charts/k8s-mediaserver/
 ```
 
+To make changes to the deploy
+
+```shell
+helm upgrade -f my-values.yaml k8s-mediaserver ./helm-charts/k8s-mediaserver/
+```
+
 This is equivalent to running `mount {SERVER-IP}:/mount/path/on/nfs/server ...` in each container, where `...` is
 different per resource, as defined in the templates directory (for each resource).
 In addition to the above, you should also edit your subpaths so that they when they are appended to your `path:`
@@ -103,9 +121,10 @@ letting some customization to fit the resource inside your cluster.
 ## General config
 
 | Config path                           | Meaning                                                                                                     | Default                                         |
-|---------------------------------------|-------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
+| ------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
 | general.ingress_host                  | The hostname to use in ingress definition, this will be the hostname where the applications will be exposed | k8s-mediaserver.k8s.test                        |
 | general.plex_ingress_host             | The hostname to use for **PLEX** as it must be exposed on a / dedicated path                                | k8s-plex.k8s.test                               |
+| general.jellyfin_ingress_host         | The hostname to use for **JellyFin** as it must be exposed on a / dedicated path                            | k8s-jelly.k8s.test                              |
 | general.image_tag                     | The name of the image tag (arm32v7-latest, arm64v8-latest, development)                                     | latest                                          |
 | general.pgid                          | The GID for the process                                                                                     | 1000                                            |
 | general.puid                          | The UID for the process                                                                                     | 1000                                            |
@@ -126,174 +145,196 @@ letting some customization to fit the resource inside your cluster.
 
 ### Plex
 
-| Config path                               | Meaning                                                                                                       | Default   | 
-|-------------------------------------------|---------------------------------------------------------------------------------------------------------------|-----------|
-| plex.enabled                              | Flag if you want to enable plex                                                                               | true      | 
-| plex.claim                                | **IMPORTANT** Token from your account, needed to claim the server                                             | CHANGEME  |
-| plex.replicaCount                         | Number of replicas serving plex                                                                               | 1         | 
-| plex.container.nodeSelector               | Node Selector for the Plex pods                                                                               | {}        |
-| plex.container.port                       | The port in use by the container                                                                              | 32400     | 
-| plex.container.image                      | The image used by the container                                                                               | docker.io/linuxserver/plex |
-| plex.container.tag                        | The tag used by the container                                                                                 | null      | 
-| plex.service.type                         | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                         | ClusterIP |
-| plex.service.port                         | The port assigned to the service                                                                              | 32400     |
-| plex.service.nodePort                     | In case of service.type NodePort, the nodePort to use                                                         | ""        |
-| plex.service.extraLBService               | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false     |
-| plex.service.extraLBService.annotations   | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer  | null      | 
-| plex.ingress.enabled                      | If true, creates the ingress resource for the application                                                     | true      |
-| plex.ingress.annotations                  | Additional field for annotations, if needed                                                                   | {}        |
-| plex.ingress.path                         | The path where the application is exposed                                                                     | /plex     |
-| plex.ingress.tls.enabled                  | If true, tls is enabled                                                                                       | false     |
-| plex.ingress.tls.secretName               | Name of the secret holding certificates for the secure ingress                                                | ""        |
-| plex.resources                            | Limits and Requests for the container                                                                         | {}        | 
-| plex.volume                               | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}        |
+| Config path                             | Meaning                                                                                                       | Default                    |
+| --------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------------- |
+| plex.enabled                            | Flag if you want to enable Plex                                                                               | true                       |
+| plex.claim                              | **IMPORTANT** Token from your account, needed to claim the server                                             | CHANGEME                   |
+| plex.replicaCount                       | Number of replicas serving Plex                                                                               | 1                          |
+| plex.container.nodeSelector             | Node Selector for the Plex pods                                                                               | {}                         |
+| plex.container.port                     | The port in use by the container                                                                              | 32400                      |
+| plex.container.image                    | The image used by the container                                                                               | docker.io/linuxserver/plex |
+| plex.container.tag                      | The tag used by the container                                                                                 | null                       |
+| plex.service.type                       | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                         | ClusterIP                  |
+| plex.service.port                       | The port assigned to the service                                                                              | 32400                      |
+| plex.service.nodePort                   | In case of service.type NodePort, the nodePort to use                                                         | ""                         |
+| plex.service.extraLBService             | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                      |
+| plex.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer  | null                       |
+| plex.ingress.enabled                    | If true, creates the ingress resource for the application                                                     | true                       |
+| plex.ingress.annotations                | Additional field for annotations, if needed                                                                   | {}                         |
+| plex.ingress.path                       | The path where the application is exposed                                                                     | /plex                      |
+| plex.ingress.tls.enabled                | If true, tls is enabled                                                                                       | false                      |
+| plex.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                | ""                         |
+| plex.resources                          | Limits and Requests for the container                                                                         | {}                         |
+| plex.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}                         |
+
+### Jellyfin
+
+| Config path                                 | Meaning                                                                                                           | Default                        |
+| ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| jellyfin.enabled                            | Flag if you want to enable Plex                                                                                   | true                           |
+| jellyfin.replicaCount                       | Number of replicas serving Plex                                                                                   | 1                              |
+| jellyfin.container.nodeSelector             | Node Selector for the Plex pods                                                                                   | {}                             |
+| jellyfin.container.port                     | The port in use by the container                                                                                  | 8096                           |
+| jellyfin.container.image                    | The image used by the container                                                                                   | docker.io/linuxserver/jellyfin |
+| jellyfin.container.tag                      | The tag used by the container                                                                                     | null                           |
+| jellyfin.service.type                       | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                             | ClusterIP                      |
+| jellyfin.service.port                       | The port assigned to the service                                                                                  | 8096                           |
+| jellyfin.service.nodePort                   | In case of service.type NodePort, the nodePort to use                                                             | ""                             |
+| jellyfin.service.extraLBService             | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)      | false                          |
+| jellyfin.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer      | null                           |
+| jellyfin.ingress.enabled                    | If true, creates the ingress resource for the application                                                         | true                           |
+| jellyfin.ingress.annotations                | Additional field for annotations, if needed                                                                       | {}                             |
+| jellyfin.ingress.path                       | The path where the application is exposed                                                                         | /jellyfin                      |
+| jellyfin.ingress.tls.enabled                | If true, tls is enabled                                                                                           | false                          |
+| jellyfin.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                    | ""                             |
+| jellyfin.resources                          | Limits and Requests for the container                                                                             | {}                             |
+| jellyfin.volume                             | If set, Jellyfin will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}                             |
 
 ### Sonarr
 
-| Config path                                 | Meaning                                                                                                        | Default   | 
-|---------------------------------------------|----------------------------------------------------------------------------------------------------------------|-----------|
-| sonarr.enabled                              | Flag if you want to enable sonarr                                                                              | true      | 
-| sonarr.container.nodeSelector               | Node Selector for the Sonarr pods                                                                              | {}        |
-| sonarr.container.port                       | The port in use by the container                                                                               | 8989      | 
-| sonarr.container.image                      | The image used by the container                                                                                | docker.io/linuxserver/sonarr |
-| sonarr.container.tag                        | The tag used by the container                                                                                  | null      | 
-| sonarr.service.type                         | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                          | ClusterIP |
-| sonarr.service.port                         | The port assigned to the service                                                                               | 8989      |
-| sonarr.service.nodePort                     | In case of service.type NodePort, the nodePort to use                                                          | ""        |
-| sonarr.service.extraLBService               | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)   | false     |
-| sonarr.service.extraLBService.annotations   | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer   | null      |
-| sonarr.ingress.enabled                      | If true, creates the ingress resource for the application                                                      | true      |
-| sonarr.ingress.annotations                  | Additional field for annotations, if needed                                                                    | {}        |
-| sonarr.ingress.path                         | The path where the application is exposed                                                                      | /sonarr   |
-| sonarr.ingress.tls.enabled                  | If true, tls is enabled                                                                                        | false     |
-| sonarr.ingress.tls.secretName               | Name of the secret holding certificates for the secure ingress                                                 | ""        | 
-| sonarr.resources                            | Limits and Requests for the container                                                                          | {}        |
-| sonarr.volume                               | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config  | {}        |
+| Config path                               | Meaning                                                                                                       | Default                      |
+| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------- |
+| sonarr.enabled                            | Flag if you want to enable Sonarr                                                                             | true                         |
+| sonarr.container.port                     | The port in use by the container                                                                              | 8989                         |
+| sonarr.container.nodeSelector             | Node Selector for the Sonarr pods                                                                             | {}                           |
+| sonarr.container.image                    | The image used by the container                                                                               | docker.io/linuxserver/sonarr |
+| sonarr.container.tag                      | The tag used by the container                                                                                 | null                         |
+| sonarr.service.type                       | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                         | ClusterIP                    |
+| sonarr.service.port                       | The port assigned to the service                                                                              | 8989                         |
+| sonarr.service.nodePort                   | In case of service.type NodePort, the nodePort to use                                                         | ""                           |
+| sonarr.service.extraLBService             | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                        |
+| sonarr.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer  | null                         |
+| sonarr.ingress.enabled                    | If true, creates the ingress resource for the application                                                     | true                         |
+| sonarr.ingress.annotations                | Additional field for annotations, if needed                                                                   | {}                           |
+| sonarr.ingress.path                       | The path where the application is exposed                                                                     | /sonarr                      |
+| sonarr.ingress.tls.enabled                | If true, tls is enabled                                                                                       | false                        |
+| sonarr.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                | ""                           |
+| sonarr.resources                          | Limits and Requests for the container                                                                         | {}                           |
+| sonarr.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}                           |
 
 ### Radarr
 
-| Config path                                 | Meaning                                                                                                        | Default   | 
-|---------------------------------------------|----------------------------------------------------------------------------------------------------------------|-----------|
-| radarr.enabled                              | Flag if you want to enable radarr                                                                              | true      | 
-| radarr.container.nodeSelector               | Node Selector for the Radarr pods                                                                              | {}        |
-| radarr.container.port                       | The port in use by the container                                                                               | 7878      | 
-| radarr.container.image                      | The image used by the container                                                                                | docker.io/linuxserver/radarr |
-| radarr.container.tag                        | The tag used by the container                                                                                  | null      |
-| radarr.service.type                         | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                          | ClusterIP |
-| radarr.service.port                         | The port assigned to the service                                                                               | 7878      |
-| radarr.service.nodePort                     | In case of service.type NodePort, the nodePort to use                                                          | ""        |
-| radarr.service.extraLBService               | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)   | false     |
-| radarr.service.extraLBService.annotations   | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer   | null      | 
-| radarr.ingress.enabled                      | If true, creates the ingress resource for the application                                                      | true      |
-| radarr.ingress.annotations                  | Additional field for annotations, if needed                                                                    | {}        |
-| radarr.ingress.path                         | The path where the application is exposed                                                                      | /radarr   |
-| radarr.ingress.tls.enabled                  | If true, tls is enabled                                                                                        | false     |
-| radarr.ingress.tls.secretName               | Name of the secret holding certificates for the secure ingress                                                 | ""        | 
-| radarr.resources                            | Limits and Requests for the container                                                                          | {}        |
-| radarr.volume                               | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config  | {}        |
+| Config path                               | Meaning                                                                                                       | Default                      |
+| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------- |
+| radarr.enabled                            | Flag if you want to enable Radarr                                                                             | true                         |
+| radarr.container.port                     | The port in use by the container                                                                              | 7878                         |
+| radarr.container.nodeSelector             | Node Selector for the Radarr pods                                                                             | {}                           |
+| radarr.container.image                    | The image used by the container                                                                               | docker.io/linuxserver/radarr |
+| radarr.container.tag                      | The tag used by the container                                                                                 | null                         |
+| radarr.service.type                       | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                         | ClusterIP                    |
+| radarr.service.port                       | The port assigned to the service                                                                              | 7878                         |
+| radarr.service.nodePort                   | In case of service.type NodePort, the nodePort to use                                                         | ""                           |
+| radarr.service.extraLBService             | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                        |
+| radarr.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer  | null                         |
+| radarr.ingress.enabled                    | If true, creates the ingress resource for the application                                                     | true                         |
+| radarr.ingress.annotations                | Additional field for annotations, if needed                                                                   | {}                           |
+| radarr.ingress.path                       | The path where the application is exposed                                                                     | /radarr                      |
+| radarr.ingress.tls.enabled                | If true, tls is enabled                                                                                       | false                        |
+| radarr.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                | ""                           |
+| radarr.resources                          | Limits and Requests for the container                                                                         | {}                           |
+| radarr.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}                           |
 
 ### Jackett
 
-| Config path                                 | Meaning                                                                                                         | Default   | 
-|---------------------------------------------|-----------------------------------------------------------------------------------------------------------------|-----------|
-| jackett.enabled                             | Flag if you want to enable jackett                                                                              | true      | 
-| jackett.container.nodeSelector              | Node Selector for the Jackett pods                                                                              | {}        |
-| jackett.container.port                      | The port in use by the container                                                                                | 9117      | 
-| jackett.container.image                     | The image used by the container                                                                                 | docker.io/linuxserver/jackett |
-| jackett.container.tag                       | The tag used by the container                                                                                   | null      |
-| jackett.service.type                        | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                           | ClusterIP |
-| jackett.service.port                        | The port assigned to the service                                                                                | 9117      |
-| jackett.service.nodePort                    | In case of service.type NodePort, the nodePort to use                                                           | ""        |
-| jackett.service.extraLBService              | If true, it creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false     | 
-| jackett.service.extraLBService.annotations  | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer    | null      |
-| jackett.ingress.enabled                     | If true, creates the ingress resource for the application                                                       | true      |
-| jackett.ingress.annotations                 | Additional field for annotations, if needed                                                                     | {}        |
-| jackett.ingress.path                        | The path where the application is exposed                                                                       | /jackett  |
-| jackett.ingress.tls.enabled                 | If true, tls is enabled                                                                                         | false     |
-| jackett.ingress.tls.secretName              | Name of the secret holding certificates for the secure ingress                                                  | ""        | 
-| jackett.resources                           | Limits and Requests for the container                                                                           | {}        |
-| jackett.volume                              | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config   | {}        |
+| Config path                                | Meaning                                                                                                         | Default                       |
+| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ----------------------------- |
+| jackett.enabled                            | Flag if you want to enable Jackett                                                                              | true                          |
+| jackett.container.port                     | The port in use by the container                                                                                | 9117                          |
+| jackett.container.nodeSelector             | Node Selector for the Jackett pods                                                                              | {}                            |
+| jackett.container.image                    | The image used by the container                                                                                 | docker.io/linuxserver/jackett |
+| jackett.container.tag                      | The tag used by the container                                                                                   | null                          |
+| jackett.service.type                       | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                           | ClusterIP                     |
+| jackett.service.port                       | The port assigned to the service                                                                                | 9117                          |
+| jackett.service.nodePort                   | In case of service.type NodePort, the nodePort to use                                                           | ""                            |
+| jackett.service.extraLBService             | If true, it creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false                         |
+| jackett.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer    | null                          |
+| jackett.ingress.enabled                    | If true, creates the ingress resource for the application                                                       | true                          |
+| jackett.ingress.annotations                | Additional field for annotations, if needed                                                                     | {}                            |
+| jackett.ingress.path                       | The path where the application is exposed                                                                       | /jackett                      |
+| jackett.ingress.tls.enabled                | If true, tls is enabled                                                                                         | false                         |
+| jackett.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                  | ""                            |
+| jackett.resources                          | Limits and Requests for the container                                                                           | {}                            |
+| jackett.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config   | {}                            |
 
 ### Prowlarr
 
-| Config path                                   | Meaning                                                                                                         | Default   | 
-|-----------------------------------------------|-----------------------------------------------------------------------------------------------------------------|-----------|
-| prowlarr.enabled                              | Flag if you want to enable prowlarr                                                                             | true      | 
-| prowlarr.container.nodeSelector               | Node Selector for the Prowlarr pods                                                                             | {}        |
-| prowlarr.container.port                       | The port in use by the container                                                                                | 9117      | 
-| prowlarr.container.image                      | The image used by the container                                                                                 | docker.io/linuxserver/prowlarr |
-| prowlarr.container.tag                        | The tag used by the container                                                                                   | develop   |
-| prowlarr.service.type                         | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                           | ClusterIP |
-| prowlarr.service.port                         | The port assigned to the service                                                                                | 9117      |
-| prowlarr.service.nodePort                     | In case of service.type NodePort, the nodePort to use                                                           | ""        |
-| prowlarr.service.extraLBService               | If true, it creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false     |
-| prowlarr.service.extraLBService.annotations   | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer    | null      | 
-| prowlarr.ingress.enabled                      | If true, creates the ingress resource for the application                                                       | true      |
-| prowlarr.ingress.annotations                  | Additional field for annotations, if needed                                                                     | {}        |
-| prowlarr.ingress.path                         | The path where the application is exposed                                                                       | /prowlarr |
-| prowlarr.ingress.tls.enabled                  | If true, tls is enabled                                                                                         | false     |
-| prowlarr.ingress.tls.secretName               | Name of the secret holding certificates for the secure ingress                                                  | ""        | 
-| prowlarr.resources                            | Limits and Requests for the container                                                                           | {}        |
-| prowlarr.volume                               | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config   | {}        |
+| Config path                                 | Meaning                                                                                                         | Default                        |
+| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| prowlarr.enabled                            | Flag if you want to enable Prowlarr                                                                             | true                           |
+| prowlarr.container.port                     | The port in use by the container                                                                                | 9117                           |
+| prowlarr.container.nodeSelector             | Node Selector for the Prowlarr pods                                                                             | {}                             |
+| prowlarr.container.image                    | The image used by the container                                                                                 | docker.io/linuxserver/prowlarr |
+| prowlarr.container.tag                      | The tag used by the container                                                                                   | develop                        |
+| prowlarr.service.type                       | The kind of Service (ClusterIP/NodePort/LoadBalancer)                                                           | ClusterIP                      |
+| prowlarr.service.port                       | The port assigned to the service                                                                                | 9117                           |
+| prowlarr.service.nodePort                   | In case of service.type NodePort, the nodePort to use                                                           | ""                             |
+| prowlarr.service.extraLBService             | If true, it creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false                          |
+| prowlarr.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer    | null                           |
+| prowlarr.ingress.enabled                    | If true, creates the ingress resource for the application                                                       | true                           |
+| prowlarr.ingress.annotations                | Additional field for annotations, if needed                                                                     | {}                             |
+| prowlarr.ingress.path                       | The path where the application is exposed                                                                       | /prowlarr                      |
+| prowlarr.ingress.tls.enabled                | If true, tls is enabled                                                                                         | false                          |
+| prowlarr.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                  | ""                             |
+| prowlarr.resources                          | Limits and Requests for the container                                                                           | {}                             |
+| prowlarr.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config   | {}                             |
 
 ### Transmission
 
-| Config path                                       | Meaning                                                                                                        | Default       | 
-|---------------------------------------------------|----------------------------------------------------------------------------------------------------------------|---------------|
-| transmission.enabled                              | Flag if you want to enable transmission                                                                        | true          | 
-| transmission.container.nodeSelector               | Node Selector for the Transmission pods                                                                        | {}        |
-| transmission.container.port.utp                   | The port in use by the container                                                                               | 9091          | 
-| transmission.container.port.peer                  | The port in use by the container for peer connection                                                           | 51413         | 
-| transmission.container.image                      | The image used by the container                                                                                | docker.io/linuxserver/transmission |
-| transmission.container.tag                        | The tag used by the container                                                                                  | null          |
-| transmission.service.utp.type                     | The kind of Service (ClusterIP/NodePort/LoadBalancer) for transmission itself                                  | ClusterIP     |
-| transmission.service.utp.port                     | The port assigned to the service for transmission itself                                                       | 9091          |
-| transmission.service.utp.nodePort                 | In case of service.type NodePort, the nodePort to use for transmission itself                                  | ""            |
-| transmission.service.utp.extraLBService           | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)   | false         | 
-| transmission.service.peer.type                    | The kind of Service (ClusterIP/NodePort/LoadBalancer) for peer port                                            | ClusterIP     |
-| transmission.service.peer.port                    | The port assigned to the service for peer port                                                                 | 51413         |
-| transmission.service.peer.nodePort                | In case of service.type NodePort, the nodePort to use for peer port                                            | ""            |
-| transmission.service.peer.nodePortUDP             | In case of service.type NodePort, the nodePort to use for peer port UDP service                                | ""            |
-| transmission.service.peer.extraLBService          | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)   | false         |
-| transmission.service.extraLBService.annotations   | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer   | null          | 
-| transmission.ingress.enabled                      | If true, creates the ingress resource for the application                                                      | true          |
-| transmission.ingress.annotations                  | Additional field for annotations, if needed                                                                    | {}            |
-| transmission.ingress.path                         | The path where the application is exposed                                                                      | /transmission |
-| transmission.ingress.tls.enabled                  | If true, tls is enabled                                                                                        | false         |
-| transmission.ingress.tls.secretName               | Name of the secret holding certificates for the secure ingress                                                 | ""            |
-| transmission.config.auth.enabled                  | Enables authentication for transmission                                                                        | false         |
-| transmission.config.auth.username                 | Username for transmission                                                                                      | ""            |
-| transmission.config.auth.password                 | Password for transmission                                                                                      | ""            | 
-| transmission.resources                            | Limits and Requests for the container                                                                          | {}            |
-| transmission.volume                               | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config  | {}            |
+| Config path                                     | Meaning                                                                                                       | Default                            |
+| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
+| transmission.enabled                            | Flag if you want to enable Transmission                                                                       | true                               |
+| transmission.container.port.utp                 | The port in use by the container                                                                              | 9091                               |
+| transmission.container.nodeSelector             | Node Selector for the Transmission pods                                                                       | {}                                 |
+| transmission.container.port.peer                | The port in use by the container for peer connection                                                          | 51413                              |
+| transmission.container.image                    | The image used by the container                                                                               | docker.io/linuxserver/transmission |
+| transmission.container.tag                      | The tag used by the container                                                                                 | null                               |
+| transmission.service.utp.type                   | The kind of Service (ClusterIP/NodePort/LoadBalancer) for Transmission itself                                 | ClusterIP                          |
+| transmission.service.utp.port                   | The port assigned to the service for Transmission itself                                                      | 9091                               |
+| transmission.service.utp.nodePort               | In case of service.type NodePort, the nodePort to use for Transmission itself                                 | ""                                 |
+| transmission.service.utp.extraLBService         | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                              |
+| transmission.service.peer.type                  | The kind of Service (ClusterIP/NodePort/LoadBalancer) for peer port                                           | ClusterIP                          |
+| transmission.service.peer.port                  | The port assigned to the service for peer port                                                                | 51413                              |
+| transmission.service.peer.nodePort              | In case of service.type NodePort, the nodePort to use for peer port                                           | ""                                 |
+| transmission.service.peer.nodePortUDP           | In case of service.type NodePort, the nodePort to use for peer port UDP service                               | ""                                 |
+| transmission.service.peer.extraLBService        | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                              |
+| transmission.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer  | null                               |
+| transmission.ingress.enabled                    | If true, creates the ingress resource for the application                                                     | true                               |
+| transmission.ingress.annotations                | Additional field for annotations, if needed                                                                   | {}                                 |
+| transmission.ingress.path                       | The path where the application is exposed                                                                     | /transmission                      |
+| transmission.ingress.tls.enabled                | If true, tls is enabled                                                                                       | false                              |
+| transmission.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                | ""                                 |
+| transmission.config.auth.enabled                | Enables authentication for Transmission                                                                       | false                              |
+| transmission.config.auth.username               | Username for Transmission                                                                                     | ""                                 |
+| transmission.config.auth.password               | Password for Transmission                                                                                     | ""                                 |
+| transmission.resources                          | Limits and Requests for the container                                                                         | {}                                 |
+| transmission.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}                                 |
 
 ### Sabnzbd
 
-| Config path                                 | Meaning                                                                                                        | Default   | 
-|---------------------------------------------|----------------------------------------------------------------------------------------------------------------|-----------|
-| sabnzbd.enabled                             | Flag if you want to enable sabnzbd                                                                             | true      | 
-| sabnzbd.container.nodeSelector              | Node Selector for the Sabnzbd pods                                                                             | {}        |
-| sabnzbd.container.port.http                 | The port in use by the container                                                                               | 8080      | 
-| sabnzbd.container.port.https                | The port in use by the container for peer connection                                                           | 9090      | 
-| sabnzbd.container.image                     | The image used by the container                                                                                | docker.io/linuxserver/sabnzbd |
-| sabnzbd.container.tag                       | The tag used by the container                                                                                  | null      |
-| sabnzbd.service.http.type                   | The kind of Service (ClusterIP/NodePort/LoadBalancer) for sabnzbd itself                                       | ClusterIP |
-| sabnzbd.service.http.port                   | The port assigned to the service for sabnzbd itself                                                            | 9091      |
-| sabnzbd.service.http.nodePort               | In case of service.type NodePort, the nodePort to use for sabnzbd itself                                       | ""        |
-| sabnzbd.service.http.extraLBService         | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)   | false     | 
-| sabnzbd.service.https.type                  | The kind of Service (ClusterIP/NodePort/LoadBalancer) for https port                                           | ClusterIP |
-| sabnzbd.service.https.port                  | The port assigned to the service for peer port                                                                 | 51413     |
-| sabnzbd.service.https.nodePort              | In case of service.type NodePort, the nodePort to use for https port                                           | ""        |
-| sabnzbd.service.https.extraLBService        | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)   | false     |
-| sabnzbd.service.extraLBService.annotations  | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer   | null      | 
-| sabnzbd.ingress.enabled                     | If true, creates the ingress resource for the application                                                      | true      |
-| sabnzbd.ingress.annotations                 | Additional field for annotations, if needed                                                                    | {}        |
-| sabnzbd.ingress.path                        | The path where the application is exposed                                                                      | /sabnzbd  |
-| sabnzbd.ingress.tls.enabled                 | If true, tls is enabled                                                                                        | false     |
-| sabnzbd.ingress.tls.secretName              | Name of the secret holding certificates for the secure ingress                                                 | ""        | 
-| sabnzbd.resources                           | Limits and Requests for the container                                                                          | {}        |
-| sabnzbd.volume                              | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config  | {}        |
-
+| Config path                                | Meaning                                                                                                       | Default                       |
+| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------------------- |
+| sabnzbd.enabled                            | Flag if you want to enable Sabnzbd                                                                            | true                          |
+| sabnzbd.container.nodeSelector             | Node Selector for the Sabnzbd pods                                                                            | {}                            |
+| sabnzbd.container.port.http                | The port in use by the container                                                                              | 8080                          |
+| sabnzbd.container.port.https               | The port in use by the container for peer connection                                                          | 9090                          |
+| sabnzbd.container.image                    | The image used by the container                                                                               | docker.io/linuxserver/sabnzbd |
+| sabnzbd.container.tag                      | The tag used by the container                                                                                 | null                          |
+| sabnzbd.service.http.type                  | The kind of Service (ClusterIP/NodePort/LoadBalancer) for Sabnzbd itself                                      | ClusterIP                     |
+| sabnzbd.service.http.port                  | The port assigned to the service for Sabnzbd itself                                                           | 9091                          |
+| sabnzbd.service.http.nodePort              | In case of service.type NodePort, the nodePort to use for Sabnzbd itself                                      | ""                            |
+| sabnzbd.service.http.extraLBService        | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                         |
+| sabnzbd.service.https.type                 | The kind of Service (ClusterIP/NodePort/LoadBalancer) for https port                                          | ClusterIP                     |
+| sabnzbd.service.https.port                 | The port assigned to the service for peer port                                                                | 51413                         |
+| sabnzbd.service.https.nodePort             | In case of service.type NodePort, the nodePort to use for https port                                          | ""                            |
+| sabnzbd.service.https.extraLBService       | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB)  | false                         |
+| sabnzbd.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer  | null                          |
+| sabnzbd.ingress.enabled                    | If true, creates the ingress resource for the application                                                     | true                          |
+| sabnzbd.ingress.annotations                | Additional field for annotations, if needed                                                                   | {}                            |
+| sabnzbd.ingress.path                       | The path where the application is exposed                                                                     | /sabnzbd                      |
+| sabnzbd.ingress.tls.enabled                | If true, tls is enabled                                                                                       | false                         |
+| sabnzbd.ingress.tls.secretName             | Name of the secret holding certificates for the secure ingress                                                | ""                            |
+| sabnzbd.resources                          | Limits and Requests for the container                                                                         | {}                            |
+| sabnzbd.volume                             | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {}                            |
 
 ## Helpful use-cases
 
@@ -305,13 +346,13 @@ is not accessible by all nodes, pods will not enter ready state when scheduled o
 To add an NFS volume to each resource, edit the K8SMediaServer CR to match below snipttet. You should change the `server:`
 and `path:` values to match your NFS.
 
-``` yaml
+```yaml
 general:
   storage:
     customVolume: true
     volumes:
       nfs:
-        server: {SERVER-IP}
+        server: { SERVER-IP }
         path: /mount/path/on/nfs/server/
 ```
 
@@ -341,4 +382,3 @@ This project is intended as an exercise, and absolutely for fun.
 This is not intended to promote piracy.
 
 Also feel free to contribute and extend it!
-
diff --git a/config/samples/charts_v1_k8smediaserver.yaml b/config/samples/charts_v1_k8smediaserver.yaml
index 1d73557..0d6d138 100644
--- a/config/samples/charts_v1_k8smediaserver.yaml
+++ b/config/samples/charts_v1_k8smediaserver.yaml
@@ -18,7 +18,7 @@ spec:
     pgid: 1000
     # Persistent storage selections and pathing
     storage:
-      customVolume: false  # set to true if not using a PVC (must provide volume below)
+      customVolume: false # set to true if not using a PVC (must provide volume below)
       pvcName: mediaserver-pvc
       size: 5Gi
       pvcStorageClass: ""
@@ -73,6 +73,27 @@ spec:
       port: 32400
       type: ClusterIP
     volume: {}
+  jellyfin:
+    container:
+      image: docker.io/linuxserver/jellyfin
+      nodeSelector: {}
+      port: 8096
+    enabled: false
+    ingress:
+      annotations: {}
+      enabled: true
+      tls:
+        enabled: false
+        secretName: ""
+    replicaCount: 1
+    resources: {}
+    service:
+      extraLBAnnotations: {}
+      extraLBService: false
+      nodePort: null
+      port: 8096
+      type: ClusterIP
+    volume: {}
   prowlarr:
     container:
       image: docker.io/linuxserver/prowlarr
@@ -203,5 +224,3 @@ spec:
         port: 9091
         type: ClusterIP
     volume: {}
-
-
diff --git a/helm-charts/k8s-mediaserver/Chart.yaml b/helm-charts/k8s-mediaserver/Chart.yaml
index b459472..aeee050 100644
--- a/helm-charts/k8s-mediaserver/Chart.yaml
+++ b/helm-charts/k8s-mediaserver/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.9.2
+appVersion: 0.10.0
 description: A Helm chart for Kubernetes mediaserver
 name: k8s-mediaserver
 type: application
-version: 0.9.2
+version: 0.10.0
diff --git a/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml b/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml
new file mode 100644
index 0000000..e0ab68d
--- /dev/null
+++ b/helm-charts/k8s-mediaserver/templates/jellyfin-resources.yml
@@ -0,0 +1,157 @@
+{{ if .Values.jellyfin.enabled }}
+---
+### CONFIGMAP
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jellyfin-config
+data:
+  PGID: "{{ .Values.general.pgid }}"
+  PUID: "{{ .Values.general.puid }}"  
+---
+### DEPLOYMENT
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin
+  labels:
+    {{- include "k8s-mediaserver.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.jellyfin.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "k8s-mediaserver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "k8s-mediaserver.selectorLabels" . | nindent 8 }}
+        app: jellyfin
+    spec:
+      volumes:
+        {{- if not .Values.general.storage.customVolume }}
+        - name: mediaserver-volume
+          persistentVolumeClaim:
+            claimName: {{ .Values.general.storage.pvcName }}
+        {{- else }}
+        - name: mediaserver-volume
+          {{- toYaml .Values.general.storage.volumes | nindent 10 }}
+        {{- end }}
+        {{- if .Values.jellyfin.volume }}
+        - name: {{ .Values.jellyfin.volume.name }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.jellyfin.volume.name }}
+        {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          envFrom:
+            - configMapRef:
+                name: jellyfin-config
+          image: "{{ .Values.jellyfin.container.image }}:{{ .Values.jellyfin.container.tag | default .Values.general.image_tag }}"
+          imagePullPolicy: Always
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.jellyfin.container.port }}
+            initialDelaySeconds: 20
+            periodSeconds: 15
+          ports:
+            - name: jellyfin-port
+              containerPort: {{ .Values.jellyfin.container.port }}
+              protocol: TCP
+          volumeMounts:
+          {{- if .Values.jellyfin.volume }}
+            - name: {{ .Values.jellyfin.volume.name }}
+              mountPath: /config
+          {{- else }}
+            - name: mediaserver-volume
+              mountPath: /config
+              subPath: "{{ .Values.general.storage.subPaths.config }}/jellyfin"
+          {{- end }}
+            - name: mediaserver-volume
+              mountPath: /movies
+              subPath: "{{ .Values.general.storage.subPaths.movies }}"
+            - name: mediaserver-volume
+              mountPath: /tv
+              subPath: "{{ .Values.general.storage.subPaths.tv }}"
+          {{- with .Values.jellyfin.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.general.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+---
+### SERVICE
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin
+  labels:
+    {{- include "k8s-mediaserver.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.jellyfin.service.type }}
+  ports:
+    - port: {{ .Values.jellyfin.service.port }}
+      targetPort: {{ .Values.jellyfin.container.port }}
+      protocol: TCP
+      name: jellyfin-port
+{{ if eq .Values.jellyfin.service.type "NodePort" }}
+      nodePort: {{ .Values.jellyfin.service.nodePort }}
+{{ end }}
+  selector:
+    app: jellyfin
+
+---
+{{ if .Values.jellyfin.service.extraLBService }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-lb
+  annotations:
+    {{- include .Values.jellyfin.service.extraLBService.annotations . | nindent 4 }}
+  labels:
+    {{- include "k8s-mediaserver.labels" . | nindent 4 }}
+spec:
+  type: LoadBalancer
+  ports:
+    - port: {{ .Values.jellyfin.service.port }}
+      targetPort: {{ .Values.jellyfin.container.port }}
+      protocol: TCP
+      name: jellyfin-port
+  selector:
+    app: jellyfin
+{{ end }}
+---
+### INGRESS
+{{ if .Values.jellyfin.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyfin
+  labels:
+    {{- include "k8s-mediaserver.labels" . | nindent 4 }}
+  {{- with .Values.jellyfin.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.jellyfin.ingress.tls.enabled }}
+  tls:
+    - hosts:
+        - {{ .Values.general.jellyfin_ingress_host | quote }}
+      secretName: {{ .Values.jellyfin.ingress.tls.secretName }}
+{{ end }}
+  ingressClassName: {{ .Values.general.ingress.ingressClassName }}
+  rules:
+    - host: {{ .Values.general.jellyfin_ingress_host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: jellyfin
+                port:
+                  number: {{ .Values.jellyfin.service.port }}
+{{ end }}
+{{ end }}
diff --git a/helm-charts/k8s-mediaserver/templates/storage-resources.yml b/helm-charts/k8s-mediaserver/templates/storage-resources.yml
index 143077b..7da41b2 100644
--- a/helm-charts/k8s-mediaserver/templates/storage-resources.yml
+++ b/helm-charts/k8s-mediaserver/templates/storage-resources.yml
@@ -90,6 +90,32 @@ spec:
   {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- with .Values.jellyfin.volume }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .name }}
+  {{ with .annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{ with .labels }}
+  labels:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  accessModes:
+    - {{ .accessModes }}
+  resources:
+    requests:
+      storage: {{ .storage }}
+  storageClassName: {{ .storageClassName }}
+  {{ with .selector }}
+  selector:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
 {{- with .Values.jackett.volume }}
 ---
 apiVersion: v1
diff --git a/helm-charts/k8s-mediaserver/values.yaml b/helm-charts/k8s-mediaserver/values.yaml
index 3d591e2..2056019 100644
--- a/helm-charts/k8s-mediaserver/values.yaml
+++ b/helm-charts/k8s-mediaserver/values.yaml
@@ -5,15 +5,16 @@
 general:
   ingress_host: k8s-mediaserver.k8s.test
   plex_ingress_host: k8s-plex.k8s.test
+  jellyfin_ingress_host: k8s-jelly.k8s.test
   image_tag: latest
   podDistribution: cluster # can be "spread" or "cluster"
   #UID to run the process with
   puid: 1000
-  #GID to run the process with
+  # GID to run the process with
   pgid: 1000
-  #Persistent storage selections and pathing
+  # Persistent storage selections and pathing
   storage:
-    customVolume: false  #set to true if not using a PVC (must provide volume below)
+    customVolume: false # set to true if not using a PVC (must provide volume below)
     pvcName: mediaserver-pvc
     accessMode: ""
     size: 5Gi
@@ -55,15 +56,15 @@ sonarr:
       secretName: ""
   resources: {}
   volume: {}
-    #name: pvc-sonarr-config
-    #storageClassName: longhorn
-    #annotations:
-    #  my-annotation/test: my-value
-    #labels:
-    #  my-label/test: my-other-value
-    #accessModes: ReadWriteOnce
-    #storage: 5Gi
-    #selector: {}
+  # name: pvc-sonarr-config
+  # storageClassName: longhorn
+  # annotations:
+  #   my-annotation/test: my-value
+  # labels:
+  #   my-label/test: my-other-value
+  # accessModes: ReadWriteOnce
+  # storage: 5Gi
+  # selector: {}
 
 radarr:
   enabled: true
@@ -87,13 +88,13 @@ radarr:
       secretName: ""
   resources: {}
   volume: {}
-    #name: pvc-radarr-config
-    #storageClassName: longhorn
-    #annotations: {}
-    #labels: {}
-    #accessModes: ReadWriteOnce
-    #storage: 5Gi
-    #selector: {}
+  # name: pvc-radarr-config
+  # storageClassName: longhorn
+  # annotations: {}
+  # labels: {}
+  # accessModes: ReadWriteOnce
+  # storage: 5Gi
+  # selector: {}
 
 jackett:
   enabled: true
@@ -279,3 +280,38 @@ plex:
   #  accessModes: ReadWriteOnce
   #  storage: 5Gi
   #  selector: {}
+
+jellyfin:
+  enabled: false
+  replicaCount: 1
+  container:
+    image: docker.io/linuxserver/jellyfin
+    nodeSelector: {}
+    port: 8096
+  service:
+    type: ClusterIP
+    port: 8096
+    nodePort:
+    # Defines an additional LB service, requires cloud provider service or MetalLB
+    extraLBService: false
+  ingress:
+    enabled: true
+    annotations: {}
+    tls:
+      enabled: false
+      secretName: ""
+  resources: {}
+  #  limits:
+  #    cpu: 100m
+  #    memory: 100Mi
+  #  requests:
+  #    cpu: 100m
+  #    memory: 100Mi
+  volume: {}
+  #  name: pvc-jellyfin-config
+  #  storageClassName: longhorn
+  #  annotations: {}
+  #  labels: {}
+  #  accessModes: ReadWriteOnce
+  #  storage: 5Gi
+  #  selector: {}
diff --git a/k8s-mediaserver-operator.yml b/k8s-mediaserver-operator.yml
index 90d5e0f..56caa43 100644
--- a/k8s-mediaserver-operator.yml
+++ b/k8s-mediaserver-operator.yml
@@ -24,36 +24,38 @@ spec:
     singular: k8smediaserver
   scope: Namespaced
   versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: K8SMediaserver is the Schema for the k8smediaservers API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Spec defines the desired state of K8SMediaserver
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            description: Status defines the observed state of K8SMediaserver
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
+    - name: v1
+      schema:
+        openAPIV3Schema:
+          description: K8SMediaserver is the Schema for the k8smediaservers API
+          properties:
+            apiVersion:
+              description:
+                "APIVersion defines the versioned schema of this representation
+                of an object. Servers should convert recognized schemas to the latest
+                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+              type: string
+            kind:
+              description:
+                "Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: Spec defines the desired state of K8SMediaserver
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+            status:
+              description: Status defines the observed state of K8SMediaserver
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -81,103 +83,103 @@ metadata:
   name: k8s-mediaserver-operator-leader-election-role
   namespace: k8s-mediaserver-operator-system
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: k8s-mediaserver-operator-manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-- apiGroups:
-  - charts.kubealex.com
-  resources:
-  - k8smediaservers
-  - k8smediaservers/status
-  - k8smediaservers/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - services
-  - services/finalizers
-  - endpoints
-  - persistentvolumeclaims
-  - events
-  - configmaps
-  - secrets
-  verbs:
-  - '*'
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - daemonsets
-  - replicasets
-  - statefulsets
-  verbs:
-  - '*'
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  verbs:
-  - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - "*"
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+  - apiGroups:
+      - charts.kubealex.com
+    resources:
+      - k8smediaservers
+      - k8smediaservers/status
+      - k8smediaservers/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - services
+      - services/finalizers
+      - endpoints
+      - persistentvolumeclaims
+      - events
+      - configmaps
+      - secrets
+    verbs:
+      - "*"
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - daemonsets
+      - replicasets
+      - statefulsets
+    verbs:
+      - "*"
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - "*"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -191,10 +193,10 @@ metadata:
     app.kubernetes.io/part-of: k8s-mediaserver-operator
   name: k8s-mediaserver-operator-metrics-reader
 rules:
-- nonResourceURLs:
-  - /metrics
-  verbs:
-  - get
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -208,18 +210,18 @@ metadata:
     app.kubernetes.io/part-of: k8s-mediaserver-operator
   name: k8s-mediaserver-operator-proxy-role
 rules:
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -238,9 +240,9 @@ roleRef:
   kind: Role
   name: k8s-mediaserver-operator-leader-election-role
 subjects:
-- kind: ServiceAccount
-  name: k8s-mediaserver-operator-controller-manager
-  namespace: k8s-mediaserver-operator-system
+  - kind: ServiceAccount
+    name: k8s-mediaserver-operator-controller-manager
+    namespace: k8s-mediaserver-operator-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -258,9 +260,9 @@ roleRef:
   kind: ClusterRole
   name: k8s-mediaserver-operator-manager-role
 subjects:
-- kind: ServiceAccount
-  name: k8s-mediaserver-operator-controller-manager
-  namespace: k8s-mediaserver-operator-system
+  - kind: ServiceAccount
+    name: k8s-mediaserver-operator-controller-manager
+    namespace: k8s-mediaserver-operator-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -278,9 +280,9 @@ roleRef:
   kind: ClusterRole
   name: k8s-mediaserver-operator-proxy-role
 subjects:
-- kind: ServiceAccount
-  name: k8s-mediaserver-operator-controller-manager
-  namespace: k8s-mediaserver-operator-system
+  - kind: ServiceAccount
+    name: k8s-mediaserver-operator-controller-manager
+    namespace: k8s-mediaserver-operator-system
 ---
 apiVersion: v1
 kind: Service
@@ -297,10 +299,10 @@ metadata:
   namespace: k8s-mediaserver-operator-system
 spec:
   ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: https
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: https
   selector:
     control-plane: controller-manager
 ---
@@ -333,73 +335,73 @@ spec:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
-            - matchExpressions:
-              - key: kubernetes.io/arch
-                operator: In
-                values:
-                - amd64
-                - arm64
-                - ppc64le
-                - s390x
-              - key: kubernetes.io/os
-                operator: In
-                values:
-                - linux
+              - matchExpressions:
+                  - key: kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+                      - arm64
+                      - ppc64le
+                      - s390x
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
       containers:
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-      - args:
-        - --health-probe-bind-address=:8081
-        - --metrics-bind-address=127.0.0.1:8080
-        - --leader-elect
-        - --leader-election-id=k8s-mediaserver-operator
-        image: quay.io/kubealex/k8s-mediaserver-operator:v0.9.2
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        name: manager
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=http://127.0.0.1:8080/
+            - --logtostderr=true
+            - --v=0
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+          name: kube-rbac-proxy
+          ports:
+            - containerPort: 8443
+              name: https
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+            requests:
+              cpu: 5m
+              memory: 64Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+        - args:
+            - --health-probe-bind-address=:8081
+            - --metrics-bind-address=127.0.0.1:8080
+            - --leader-elect
+            - --leader-election-id=k8s-mediaserver-operator
+          image: quay.io/kubealex/k8s-mediaserver-operator:v0.9.2
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          name: manager
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
       securityContext:
         runAsNonRoot: true
       serviceAccountName: k8s-mediaserver-operator-controller-manager
diff --git a/k8s-mediaserver.yml b/k8s-mediaserver.yml
index 1305a5c..b585264 100644
--- a/k8s-mediaserver.yml
+++ b/k8s-mediaserver.yml
@@ -16,7 +16,7 @@ spec:
     pgid: 1000
     #Persistent storage selections and pathing
     storage:
-      customVolume: false  #set to true if not using a PVC (must provide volume below)
+      customVolume: false #set to true if not using a PVC (must provide volume below)
       accessMode: ""
       pvcName: mediaserver-pvc
       size: 5Gi
@@ -57,7 +57,8 @@ spec:
         enabled: false
         secretName: ""
     resources: {}
-    volume: {}
+    volume:
+      {}
       #name: pvc-sonarr-config
       #storageClassName: longhorn
       #annotations:
@@ -89,7 +90,8 @@ spec:
         enabled: false
         secretName: ""
     resources: {}
-    volume: {}
+    volume:
+      {}
       #name: pvc-radarr-config
       #storageClassName: longhorn
       #annotations: {}
@@ -282,3 +284,39 @@ spec:
     #  accessModes: ReadWriteOnce
     #  storage: 5Gi
     #  selector: {}
+
+  jellyfin:
+    enabled: false
+    replicaCount: 1
+    container:
+      image: docker.io/linuxserver/jellyfin
+      nodeSelector: {}
+      port: 8096
+    service:
+      type: ClusterIP
+      port: 8096
+      nodePort:
+      # Defines an additional LB service, requires cloud provider service or MetalLB
+      extraLBService: false
+      extraLBAnnotations: {}
+    ingress:
+      enabled: true
+      annotations: {}
+      tls:
+        enabled: false
+        secretName: ""
+    resources: {}
+    #  limits:
+    #    cpu: 100m
+    #    memory: 100Mi
+    #  requests:
+    #    cpu: 100m
+    #    memory: 100Mi
+    volume: {}
+    #  name: pvc-plex-config
+    #  storageClassName: longhorn
+    #  annotations: {}
+    #  labels: {}
+    #  accessModes: ReadWriteOnce
+    #  storage: 5Gi
+    #  selector: {}