From 7dd68e6ef40e5f672b72bf2bb65c021abb16dce7 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 17 May 2026 16:09:08 -0500 Subject: [PATCH] feat: change to init sidecar --- clusters/cl01tl/helm/qbittorrent/values.yaml | 111 +++++++++--------- clusters/cl01tl/helm/slskd/values.yaml | 99 ++++++++-------- .../cl01tl/helm/tubearchivist/values.yaml | 109 ++++++++--------- 3 files changed, 162 insertions(+), 157 deletions(-) diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index e04bb5391..9af9c10f3 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -32,6 +32,62 @@ qbittorrent: - | sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv6.conf.all.disable_ipv6=1 + gluetun: + restartPolicy: Always + image: + repository: ghcr.io/qdm12/gluetun + tag: latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472 + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: protonvpn-wireguard-conf + key: private-key + - name: FIREWALL_OUTBOUND_SUBNETS + value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 + - name: FIREWALL_INPUT_PORTS + value: 8080,9022 + - name: VPN_PORT_FORWARDING + value: "on" + - name: VPN_PORT_FORWARDING_UP_COMMAND + value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORT}}" }}"' + - name: PORT_FORWARD_ONLY + value: "on" + - name: BLOCK_MALICIOUS + value: "off" + securityContext: + privileged: True + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + probes: + readiness: + enabled: true + custom: true + spec: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + devic.es/tun: "1" + requests: + devic.es/tun: "1" containers: qbittorrent: image: @@ -52,61 +108,6 @@ qbittorrent: requests: cpu: 500m memory: 1Gi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472 - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: protonvpn-wireguard-conf - key: private-key - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 - - name: FIREWALL_INPUT_PORTS - value: 8080,9022 - - name: VPN_PORT_FORWARDING - value: "on" - - name: VPN_PORT_FORWARDING_UP_COMMAND - value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORT}}" }}"' - - name: PORT_FORWARD_ONLY - value: "on" - - name: BLOCK_MALICIOUS - value: "off" - securityContext: - privileged: True - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /gluetun-entrypoint - - healthcheck - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 15 - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" exporter: image: repository: esanchezm/prometheus-qbittorrent-exporter diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index cae7619d4..d2c385d1c 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -33,6 +33,56 @@ slskd: - | sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv6.conf.all.disable_ipv6=1 + gluetun: + restartPolicy: Always + image: + repository: ghcr.io/qdm12/gluetun + tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: protonvpn-wireguard-conf + key: private-key + - name: FIREWALL_OUTBOUND_SUBNETS + value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 + - name: FIREWALL_INPUT_PORTS + value: 5030 + - name: BLOCK_MALICIOUS + value: "off" + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + probes: + readiness: + enabled: true + custom: true + spec: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + devic.es/tun: "1" + requests: + devic.es/tun: "1" containers: main: image: @@ -53,55 +103,6 @@ slskd: requests: cpu: 100m memory: 330Mi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: protonvpn-wireguard-conf - key: private-key - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 - - name: FIREWALL_INPUT_PORTS - value: 5030 - - name: BLOCK_MALICIOUS - value: "off" - securityContext: - privileged: true - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /gluetun-entrypoint - - healthcheck - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 15 - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" service: main: controller: main diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml index 640ddbb99..a28c673aa 100644 --- a/clusters/cl01tl/helm/tubearchivist/values.yaml +++ b/clusters/cl01tl/helm/tubearchivist/values.yaml @@ -9,6 +9,57 @@ tubearchivist: securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + initContainers: + gluetun: + restartPolicy: Always + image: + repository: ghcr.io/qdm12/gluetun + tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: protonvpn-wireguard-conf + key: private-key + - name: FIREWALL_OUTBOUND_SUBNETS + value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 + - name: FIREWALL_INPUT_PORTS + value: "24000" + - name: DNS_CACHING + value: "off" + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + probes: + readiness: + enabled: true + custom: true + spec: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + devic.es/tun: "1" + requests: + devic.es/tun: "1" containers: main: image: @@ -41,10 +92,11 @@ tubearchivist: enabled: true custom: true spec: - httpGet: - path: /api/health/ - port: 24000 - scheme: HTTPS + exec: + command: + - curl + - -f + - http://localhost:24000/api/health/ failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 30 @@ -58,55 +110,6 @@ tubearchivist: image: repository: brainicism/bgutil-ytdlp-pot-provider tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: protonvpn-wireguard-conf - key: private-key - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12 - - name: FIREWALL_INPUT_PORTS - value: 24000 - - name: DNS_CACHING - value: off - securityContext: - privileged: True - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /gluetun-entrypoint - - healthcheck - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 15 - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" metrics: type: deployment replicas: 1