alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

feat: change to init sidecar
lint-test-helm / lint-helm (pull_request) Successful in 29s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 49s
Details
render-manifests / render-manifests (pull_request) Successful in 1m20s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-05-17 16:09:08 -05:00
parent 83a57319d5
commit 7dd68e6ef4
3 changed files with 162 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files
clusters/cl01tl/helm/qbittorrent/values.yaml
+56 -55
View File
@@ -32,6 +32,62 @@ qbittorrent:
- | - |
sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv4.ip_forward=1;
sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.all.disable_ipv6=1
gluetun:
restartPolicy: Always
image:
repository: ghcr.io/qdm12/gluetun
tag: latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: protonvpn-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORT}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: BLOCK_MALICIOUS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
readiness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
containers: containers:
qbittorrent: qbittorrent:
image: image:
@@ -52,61 +108,6 @@ qbittorrent:
requests: requests:
cpu: 500m cpu: 500m
memory: 1Gi memory: 1Gi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: protonvpn-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORT}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: BLOCK_MALICIOUS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
exporter: exporter:
image: image:
repository: esanchezm/prometheus-qbittorrent-exporter repository: esanchezm/prometheus-qbittorrent-exporter
clusters/cl01tl/helm/slskd/values.yaml
+50 -49
View File
@@ -33,6 +33,56 @@ slskd:
- | - |
sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv4.ip_forward=1;
sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.all.disable_ipv6=1
gluetun:
restartPolicy: Always
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: protonvpn-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
- name: FIREWALL_INPUT_PORTS
value: 5030
- name: BLOCK_MALICIOUS
value: "off"
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
readiness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
containers: containers:
main: main:
image: image:
@@ -53,55 +103,6 @@ slskd:
requests: requests:
cpu: 100m cpu: 100m
memory: 330Mi memory: 330Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: protonvpn-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
- name: FIREWALL_INPUT_PORTS
value: 5030
- name: BLOCK_MALICIOUS
value: "off"
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
service: service:
main: main:
controller: main controller: main
clusters/cl01tl/helm/tubearchivist/values.yaml
+56 -53
View File
@@ -9,6 +9,57 @@ tubearchivist:
securityContext: securityContext:
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
initContainers:
gluetun:
restartPolicy: Always
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: protonvpn-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
- name: FIREWALL_INPUT_PORTS
value: "24000"
- name: DNS_CACHING
value: "off"
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
readiness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
containers: containers:
main: main:
image: image:
@@ -41,10 +92,11 @@ tubearchivist:
enabled: true enabled: true
custom: true custom: true
spec: spec:
httpGet: exec:
path: /api/health/ command:
port: 24000 - curl
scheme: HTTPS - -f
- http://localhost:24000/api/health/
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30
@@ -58,55 +110,6 @@ tubearchivist:
image: image:
repository: brainicism/bgutil-ytdlp-pot-provider repository: brainicism/bgutil-ytdlp-pot-provider
tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: protonvpn-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
- name: FIREWALL_INPUT_PORTS
value: 24000
- name: DNS_CACHING
value: off
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
metrics: metrics:
type: deployment type: deployment
replicas: 1 replicas: 1