diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml index 0fb3b4e89..f56f303ea 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml @@ -47,6 +47,63 @@ spec: - slskd topologyKey: kubernetes.io/hostname initContainers: + - env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: private-key + name: protonvpn-wireguard-conf + - name: FIREWALL_OUTBOUND_SUBNETS + value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 + - name: FIREWALL_INPUT_PORTS + value: 8080,9022 + - name: VPN_PORT_FORWARDING + value: "on" + - name: VPN_PORT_FORWARDING_UP_COMMAND + value: /bin/sh -c "/gluetun/update.sh {{PORT}}" + - name: PORT_FORWARD_ONLY + value: "on" + - name: BLOCK_MALICIOUS + value: "off" + image: ghcr.io/qdm12/gluetun:latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472 + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - (ip rule del table 51820; ip -6 rule del table 51820) || true + name: gluetun + readinessProbe: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + devic.es/tun: "1" + requests: + devic.es/tun: "1" + restartPolicy: Always + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + privileged: true + volumeMounts: + - mountPath: /gluetun/update.sh + name: update-script + subPath: update.sh - args: - -ec - | @@ -70,62 +127,6 @@ spec: value: INFO image: esanchezm/prometheus-qbittorrent-exporter:v1.6.0@sha256:482df65e7f39f2c0a65f32693e6d5f930edf7b244589a60e446ccc5ee6d17211 name: exporter - - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - key: private-key - name: protonvpn-wireguard-conf - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 - - name: FIREWALL_INPUT_PORTS - value: 8080,9022 - - name: VPN_PORT_FORWARDING - value: "on" - - name: VPN_PORT_FORWARDING_UP_COMMAND - value: /bin/sh -c "/gluetun/update.sh {{PORT}}" - - name: PORT_FORWARD_ONLY - value: "on" - - name: BLOCK_MALICIOUS - value: "off" - image: ghcr.io/qdm12/gluetun:latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472 - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - (ip rule del table 51820; ip -6 rule del table 51820) || true - livenessProbe: - exec: - command: - - /gluetun-entrypoint - - healthcheck - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 15 - name: gluetun - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - securityContext: - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - privileged: true - volumeMounts: - - mountPath: /gluetun/update.sh - name: update-script - subPath: update.sh - env: - name: TZ value: America/Chicago diff --git a/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml b/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml index e6a9b6acc..aad2add98 100644 --- a/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml +++ b/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml @@ -47,18 +47,6 @@ spec: - qbittorrent topologyKey: kubernetes.io/hostname initContainers: - - args: - - -ec - - | - sysctl -w net.ipv4.ip_forward=1; - sysctl -w net.ipv6.conf.all.disable_ipv6=1 - command: - - /bin/sh - image: busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e - name: init-sysctl - securityContext: - privileged: true - containers: - env: - name: VPN_SERVICE_PROVIDER value: protonvpn @@ -70,7 +58,7 @@ spec: key: private-key name: protonvpn-wireguard-conf - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 + value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 - name: FIREWALL_INPUT_PORTS value: "5030" - name: BLOCK_MALICIOUS @@ -83,7 +71,8 @@ spec: - /bin/sh - -c - (ip rule del table 51820; ip -6 rule del table 51820) || true - livenessProbe: + name: gluetun + readinessProbe: exec: command: - /gluetun-entrypoint @@ -93,18 +82,30 @@ spec: periodSeconds: 30 successThreshold: 1 timeoutSeconds: 15 - name: gluetun resources: limits: devic.es/tun: "1" requests: devic.es/tun: "1" + restartPolicy: Always securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE privileged: true + - args: + - -ec + - | + sysctl -w net.ipv4.ip_forward=1; + sysctl -w net.ipv6.conf.all.disable_ipv6=1 + command: + - /bin/sh + image: busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e + name: init-sysctl + securityContext: + privileged: true + containers: - env: - name: TZ value: America/Chicago diff --git a/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml b/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml index 25e6da5cf..06619bc53 100644 --- a/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml @@ -36,9 +36,7 @@ spec: hostNetwork: false hostPID: false dnsPolicy: ClusterFirst - containers: - - image: brainicism/bgutil-ytdlp-pot-provider:1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b - name: bgutil + initContainers: - env: - name: VPN_SERVICE_PROVIDER value: protonvpn @@ -50,11 +48,11 @@ spec: key: private-key name: protonvpn-wireguard-conf - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 + value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 - name: FIREWALL_INPUT_PORTS value: "24000" - name: DNS_CACHING - value: "false" + value: "off" image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab lifecycle: postStart: @@ -63,28 +61,32 @@ spec: - /bin/sh - -c - (ip rule del table 51820; ip -6 rule del table 51820) || true - livenessProbe: + name: gluetun + readinessProbe: exec: command: - /gluetun-entrypoint - healthcheck failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 + initialDelaySeconds: 15 + periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 15 - name: gluetun + timeoutSeconds: 5 resources: limits: devic.es/tun: "1" requests: devic.es/tun: "1" + restartPolicy: Always securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE privileged: true + containers: + - image: brainicism/bgutil-ytdlp-pot-provider:1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b + name: bgutil - env: - name: TZ value: America/Chicago @@ -109,11 +111,12 @@ spec: name: tubearchivist-config image: bbilly1/tubearchivist:v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567 livenessProbe: + exec: + command: + - curl + - -f + - http://localhost:24000/api/health/ failureThreshold: 5 - httpGet: - path: /api/health/ - port: 24000 - scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1