# Apply: kubectl apply -f manifests/media/qbittorrent.yaml # Delete: kubectl delete -f manifests/media/qbittorrent.yaml # Description: qBittorrent deployment with Ingress at qbittorrent.home.arpa. apiVersion: v1 kind: Namespace metadata: name: downloads --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: qbittorrent-config namespace: downloads annotations: helm.sh/resource-policy: keep spec: accessModes: - ReadWriteOnce storageClassName: local-path resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: qbittorrent namespace: downloads spec: replicas: 1 selector: matchLabels: app: qbittorrent template: metadata: labels: app: qbittorrent spec: nodeSelector: node-role: storage containers: - name: gluetun image: qmcgaw/gluetun:latest securityContext: capabilities: add: - NET_ADMIN env: - name: VPN_SERVICE_PROVIDER value: private internet access - name: VPN_TYPE value: openvpn - name: SERVER_REGIONS value: Hong Kong - name: OPENVPN_USER valueFrom: secretKeyRef: name: pia-credentials key: OPENVPN_USER - name: OPENVPN_PASSWORD valueFrom: secretKeyRef: name: pia-credentials key: OPENVPN_PASSWORD - name: FIREWALL_OUTBOUND_SUBNETS value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24" volumeMounts: - name: tun mountPath: /dev/net/tun - name: qbittorrent image: lscr.io/linuxserver/qbittorrent:5.2.0 ports: - containerPort: 8080 env: - name: PUID value: "1000" - name: PGID value: "1000" - name: TZ value: "Asia/Tokyo" - name: WEBUI_PORT value: "8080" volumeMounts: - name: config mountPath: /config - name: torrents mountPath: /mnt/storage/torrents volumes: - name: tun hostPath: path: /dev/net/tun type: CharDevice - name: config persistentVolumeClaim: claimName: qbittorrent-config - name: torrents hostPath: path: /mnt/storage/torrents type: Directory --- apiVersion: v1 kind: Service metadata: name: qbittorrent namespace: downloads spec: selector: app: qbittorrent ports: - port: 80 targetPort: 8080 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: qbittorrent namespace: downloads annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: internal-ca-issuer spec: ingressClassName: traefik tls: - secretName: qbittorrent-tls hosts: - qbittorrent.home.arpa rules: - host: qbittorrent.home.arpa http: paths: - path: / pathType: Prefix backend: service: name: qbittorrent port: number: 80