feat: change to init sidecar

2026-05-17 16:09:08 -05:00
parent 83a57319d5
commit 7dd68e6ef4
3 changed files with 162 additions and 157 deletions
@@ -33,6 +33,56 @@ slskd:
            - |
              sysctl -w net.ipv4.ip_forward=1;
              sysctl -w net.ipv6.conf.all.disable_ipv6=1
+        gluetun:
+          restartPolicy: Always
+          image:
+            repository: ghcr.io/qdm12/gluetun
+            tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
+          lifecycle:
+            postStart:
+              exec:
+                command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
+          env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: protonvpn-wireguard-conf
+                  key: private-key
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
+            - name: FIREWALL_INPUT_PORTS
+              value: 5030
+            - name: BLOCK_MALICIOUS
+              value: "off"
+          securityContext:
+            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+          probes:
+            readiness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                    - /gluetun-entrypoint
+                    - healthcheck
+                failureThreshold: 5
+                initialDelaySeconds: 30
+                periodSeconds: 30
+                successThreshold: 1
+                timeoutSeconds: 15
+          resources:
+            limits:
+              devic.es/tun: "1"
+            requests:
+              devic.es/tun: "1"
      containers:
        main:
          image:
@@ -53,55 +103,6 @@ slskd:
            requests:
              cpu: 100m
              memory: 330Mi
-        gluetun:
-          image:
-            repository: ghcr.io/qdm12/gluetun
-            tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
-          lifecycle:
-            postStart:
-              exec:
-                command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
-          env:
-            - name: VPN_SERVICE_PROVIDER
-              value: protonvpn
-            - name: VPN_TYPE
-              value: wireguard
-            - name: WIREGUARD_PRIVATE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: protonvpn-wireguard-conf
-                  key: private-key
-            - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
-            - name: FIREWALL_INPUT_PORTS
-              value: 5030
-            - name: BLOCK_MALICIOUS
-              value: "off"
-          securityContext:
-            privileged: true
-            capabilities:
-              add:
-                - NET_ADMIN
-                - SYS_MODULE
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                exec:
-                  command:
-                    - /gluetun-entrypoint
-                    - healthcheck
-                failureThreshold: 5
-                initialDelaySeconds: 30
-                periodSeconds: 30
-                successThreshold: 1
-                timeoutSeconds: 15
-          resources:
-            limits:
-              devic.es/tun: "1"
-            requests:
-              devic.es/tun: "1"
  service:
    main:
      controller: main