homelab/manifests/media/qbittorrent.yaml

139 lines
3.4 KiB
YAML

# Apply: kubectl apply -f manifests/media/qbittorrent.yaml
# Delete: kubectl delete -f manifests/media/qbittorrent.yaml
# Description: qBittorrent deployment with Ingress at qbittorrent.home.arpa.
apiVersion: v1
kind: Namespace
metadata:
name: downloads
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
namespace: downloads
annotations:
helm.sh/resource-policy: keep
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbittorrent
namespace: downloads
spec:
replicas: 1
selector:
matchLabels:
app: qbittorrent
template:
metadata:
labels:
app: qbittorrent
spec:
nodeSelector:
node-role: storage
containers:
- name: gluetun
image: qmcgaw/gluetun:latest
securityContext:
capabilities:
add:
- NET_ADMIN
env:
- name: VPN_SERVICE_PROVIDER
value: private internet access
- name: VPN_TYPE
value: openvpn
- name: SERVER_REGIONS
value: Japan
- name: OPENVPN_USER
valueFrom:
secretKeyRef:
name: pia-credentials
key: OPENVPN_USER
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: pia-credentials
key: OPENVPN_PASSWORD
- name: FIREWALL_OUTBOUND_SUBNETS
value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24"
volumeMounts:
- name: tun
mountPath: /dev/net/tun
- name: qbittorrent
image: lscr.io/linuxserver/qbittorrent:5.2.0
ports:
- containerPort: 8080
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Tokyo"
- name: WEBUI_PORT
value: "8080"
volumeMounts:
- name: config
mountPath: /config
- name: torrents
mountPath: /mnt/storage/torrents
volumes:
- name: tun
hostPath:
path: /dev/net/tun
type: CharDevice
- name: config
persistentVolumeClaim:
claimName: qbittorrent-config
- name: torrents
hostPath:
path: /mnt/storage/torrents
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
namespace: downloads
spec:
selector:
app: qbittorrent
ports:
- port: 80
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: qbittorrent
namespace: downloads
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: internal-ca-issuer
spec:
ingressClassName: traefik
tls:
- secretName: qbittorrent-tls
hosts:
- qbittorrent.home.arpa
rules:
- host: qbittorrent.home.arpa
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: qbittorrent
port:
number: 80