diff --git a/clusters/cl01tl/manifests/prowlarr/Deployment-prowlarr.yaml b/clusters/cl01tl/manifests/prowlarr/Deployment-prowlarr.yaml index 5f2c05081..05055c0a0 100644 --- a/clusters/cl01tl/manifests/prowlarr/Deployment-prowlarr.yaml +++ b/clusters/cl01tl/manifests/prowlarr/Deployment-prowlarr.yaml @@ -30,15 +30,8 @@ spec: serviceAccountName: default automountServiceAccountToken: true securityContext: - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 hostIPC: false hostNetwork: false hostPID: false @@ -46,14 +39,13 @@ spec: containers: - env: - name: TZ - value: US/Central - image: ghcr.io/linuxserver/prowlarr:2.3.0@sha256:9ef5d8bf832edcacb6082f9262cb36087854e78eb7b1c3e1d4375056055b2d82 - imagePullPolicy: IfNotPresent + value: America/Chicago + image: ghcr.io/linuxserver/prowlarr:2.3.5.5327-ls141@sha256:35f48abb3e976fcf077fae756866c582e4a90f8b24810ae4067b3558f7cdbbdf name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 200Mi volumeMounts: - mountPath: /config name: config diff --git a/clusters/cl01tl/manifests/prowlarr/HTTPRoute-prowlarr.yaml b/clusters/cl01tl/manifests/prowlarr/HTTPRoute-prowlarr.yaml index 5b5e58abe..112120dc7 100644 --- a/clusters/cl01tl/manifests/prowlarr/HTTPRoute-prowlarr.yaml +++ b/clusters/cl01tl/manifests/prowlarr/HTTPRoute-prowlarr.yaml @@ -23,7 +23,7 @@ spec: name: prowlarr namespace: prowlarr port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/prowlarr/PersistentVolumeClaim-prowlarr-config.yaml b/clusters/cl01tl/manifests/prowlarr/PersistentVolumeClaim-prowlarr-config.yaml index fa6316da2..7885d52c8 100644 --- a/clusters/cl01tl/manifests/prowlarr/PersistentVolumeClaim-prowlarr-config.yaml +++ b/clusters/cl01tl/manifests/prowlarr/PersistentVolumeClaim-prowlarr-config.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: prowlarr helm.sh/chart: prowlarr-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: prowlarr spec: accessModes: diff --git a/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-external.yaml b/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-external.yaml index d4fd57c4b..ff20b4279 100644 --- a/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-external.yaml @@ -24,15 +24,8 @@ spec: weekly: 4 yearly: 1 moverSecurityContext: - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-local.yaml index 525e9632a..610f9e627 100644 --- a/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-local.yaml +++ b/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-local.yaml @@ -24,15 +24,8 @@ spec: weekly: 4 yearly: 1 moverSecurityContext: - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-remote.yaml index f58ae4345..c77c7cb31 100644 --- a/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-remote.yaml +++ b/clusters/cl01tl/manifests/prowlarr/ReplicationSource-prowlarr-config-backup-source-remote.yaml @@ -24,15 +24,8 @@ spec: weekly: 4 yearly: 1 moverSecurityContext: - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/qbittorrent/ConfigMap-qbit-manage-config.yaml b/clusters/cl01tl/manifests/qbittorrent/ConfigMap-qbit-manage-config.yaml index 895af30f2..26018a1bb 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ConfigMap-qbit-manage-config.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ConfigMap-qbit-manage-config.yaml @@ -153,16 +153,16 @@ data: - '**/*_unpackerred' max_orphaned_files_to_delete: 50 - # apprise: - # api_url: http://localhost:8000/notify - # notify_url: "" - # - # webhooks: - # error: apprise - # run_start: apprise - # run_end: apprise - # function: - # rem_orphaned: apprise - # cleanup_dirs: apprise - # tag_tracker_error: - # share_limits: + apprise: + api_url: http://localhost:8000 + notify_url: http://apprise:8000 + + webhooks: + error: apprise + run_start: apprise + run_end: apprise + function: + rem_orphaned: apprise + cleanup_dirs: apprise + tag_tracker_error: apprise + share_limits: apprise diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml index bfd1a96de..535ab98ed 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml @@ -29,6 +29,11 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 hostIPC: false hostNetwork: false hostPID: false @@ -51,13 +56,8 @@ spec: sysctl -w net.ipv6.conf.all.disable_ipv6=1 command: - /bin/sh - image: busybox:1.37.0 - imagePullPolicy: IfNotPresent + image: busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e name: init-sysctl - resources: - requests: - cpu: 10m - memory: 128Mi securityContext: privileged: true containers: @@ -70,13 +70,8 @@ spec: value: "9022" - name: EXPORTER_LOG_LEVEL value: INFO - image: esanchezm/prometheus-qbittorrent-exporter:v1.6.0 - imagePullPolicy: IfNotPresent + image: esanchezm/prometheus-qbittorrent-exporter:v1.6.0@sha256:482df65e7f39f2c0a65f32693e6d5f930edf7b244589a60e446ccc5ee6d17211 name: exporter - resources: - requests: - cpu: 10m - memory: 64Mi - env: - name: VPN_SERVICE_PROVIDER value: airvpn @@ -115,7 +110,6 @@ spec: - name: SHADOWSOCKS value: "off" image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - imagePullPolicy: IfNotPresent lifecycle: postStart: exec: @@ -138,9 +132,7 @@ spec: limits: devic.es/tun: "1" requests: - cpu: 10m devic.es/tun: "1" - memory: 64Mi securityContext: capabilities: add: @@ -153,7 +145,7 @@ spec: subPath: update.sh - env: - name: TZ - value: US/Central + value: America/Chicago - name: PUID value: "1000" - name: PGID @@ -162,8 +154,7 @@ spec: value: "002" - name: WEBUI_PORT value: "8080" - image: ghcr.io/linuxserver/qbittorrent:5.1.4@sha256:855e5f4805ac218f406a5ae989a62a77e03f7e5f70128335b7970550a58c96e1 - imagePullPolicy: IfNotPresent + image: ghcr.io/linuxserver/qbittorrent:5.1.4-r2-ls448@sha256:a89108b1bf43de072a35a59a3ee41b97b564538faae5cbb3f6c803aa7f5fd9f7 name: qbittorrent resources: requests: diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml index 67d62d154..dbbae31b4 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml @@ -41,13 +41,8 @@ spec: - -ec - | cp /config/config.yml /app/config/config.yml - image: busybox:1.37.0 - imagePullPolicy: IfNotPresent + image: busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e name: init-copy-config - resources: - requests: - cpu: 10m - memory: 128Mi volumeMounts: - mountPath: /config/config.yml mountPropagation: None @@ -59,7 +54,7 @@ spec: containers: - env: - name: TZ - value: US/Central + value: America/Chicago - name: PGID value: "1000" - name: PUID @@ -75,16 +70,11 @@ spec: secretKeyRef: key: ntfy-url name: qbittorrent-qbit-manage-config - image: caronc/apprise:v1.3.3 - imagePullPolicy: IfNotPresent + image: ghcr.io/caronc/apprise:v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 name: apprise-api - resources: - requests: - cpu: 10m - memory: 128Mi - env: - name: TZ - value: US/Central + value: America/Chicago - name: QBT_SCHEDULE value: 0 * * * * - name: QBT_STARTUP_DELAY @@ -95,13 +85,13 @@ spec: value: /app/var/activity.log - name: QBT_LOG_LEVEL value: INFO - image: ghcr.io/stuffanthings/qbit_manage:v4.7.0 + image: ghcr.io/stuffanthings/qbit_manage:v4.7.0@sha256:8786f2efc6fb8e26281f09bf6c5d0004e2d2420fd4781af0aed123ae01558e21 imagePullPolicy: IfNotPresent name: qbit-manage resources: requests: cpu: 10m - memory: 64Mi + memory: 280Mi volumeMounts: - mountPath: /qbittorrent/qBittorrent name: config-data diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml index 81d6bf353..b40064a9a 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml @@ -29,6 +29,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false @@ -59,13 +62,12 @@ spec: value: https://qui.alexlebens.net/api/auth/oidc/callback - name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN value: "false" - image: ghcr.io/autobrr/qui:v1.15.0 - imagePullPolicy: IfNotPresent + image: ghcr.io/autobrr/qui:v1.15.0@sha256:da33f8c850f7d6f1bfaee26b9553b21411e872639d54193906fa2cec51af1d0f name: qui resources: requests: cpu: 10m - memory: 128Mi + memory: 70Mi volumeMounts: - mountPath: /config name: qui-config-data diff --git a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-qbit-manage-config.yaml b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-qbit-manage-config.yaml index f358fd1a5..373b9a8ff 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-qbit-manage-config.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-qbit-manage-config.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: ntfy-url remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/qbittorrent/qbit-manage - metadataPolicy: None property: ntfy-url diff --git a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml index abdd30499..409d35ce3 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml @@ -14,29 +14,17 @@ spec: data: - secretKey: private-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: private-key - secretKey: preshared-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: preshared-key - secretKey: addresses remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: addresses - secretKey: input-ports remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: input-ports diff --git a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qui-oidc-secret.yaml b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qui-oidc-secret.yaml index 050d80361..0e25b1b0d 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qui-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qui-oidc-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/qui - metadataPolicy: None property: secret - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/qui - metadataPolicy: None property: client diff --git a/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-main.yaml b/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-main.yaml index b25146cf3..5ccc8c469 100644 --- a/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-main.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-main.yaml @@ -23,7 +23,7 @@ spec: name: qbittorrent namespace: qbittorrent port: 8080 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-qui.yaml b/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-qui.yaml index 535dd7b09..3f9d46717 100644 --- a/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-qui.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/HTTPRoute-qbittorrent-qui.yaml @@ -23,7 +23,7 @@ spec: name: qbittorrent-qui namespace: qbittorrent port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-config-data.yaml b/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-config-data.yaml index df63a3a90..b96c1554c 100644 --- a/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-config-data.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-config-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: qbittorrent helm.sh/chart: qbittorrent-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: qbittorrent spec: accessModes: diff --git a/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qbit-manage-config-data.yaml b/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qbit-manage-config-data.yaml index a1ffdddff..1d51ef162 100644 --- a/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qbit-manage-config-data.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qbit-manage-config-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: qbittorrent helm.sh/chart: qbittorrent-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: qbittorrent spec: accessModes: diff --git a/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qui-config-data.yaml b/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qui-config-data.yaml index b9d59bcdc..48a7d4550 100644 --- a/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qui-config-data.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/PersistentVolumeClaim-qbittorrent-qui-config-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: qbittorrent helm.sh/chart: qbittorrent-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: qbittorrent spec: accessModes: