clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml

@@ -47,6 +47,63 @@ spec:
                       - slskd
               topologyKey: kubernetes.io/hostname
       initContainers:
+        - env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: private-key
+                  name: protonvpn-wireguard-conf
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
+            - name: FIREWALL_INPUT_PORTS
+              value: 8080,9022
+            - name: VPN_PORT_FORWARDING
+              value: "on"
+            - name: VPN_PORT_FORWARDING_UP_COMMAND
+              value: /bin/sh -c "/gluetun/update.sh {{PORT}}"
+            - name: PORT_FORWARD_ONLY
+              value: "on"
+            - name: BLOCK_MALICIOUS
+              value: "off"
+          image: ghcr.io/qdm12/gluetun:latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472
+          lifecycle:
+            postStart:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - (ip rule del table 51820; ip -6 rule del table 51820) || true
+          name: gluetun
+          readinessProbe:
+            exec:
+              command:
+                - /gluetun-entrypoint
+                - healthcheck
+            failureThreshold: 5
+            initialDelaySeconds: 30
+            periodSeconds: 30
+            successThreshold: 1
+            timeoutSeconds: 15
+          resources:
+            limits:
+              devic.es/tun: "1"
+            requests:
+              devic.es/tun: "1"
+          restartPolicy: Always
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+            privileged: true
+          volumeMounts:
+            - mountPath: /gluetun/update.sh
+              name: update-script
+              subPath: update.sh
         - args:
             - -ec
             - |
@@ -70,62 +127,6 @@ spec:
               value: INFO
           image: esanchezm/prometheus-qbittorrent-exporter:v1.6.0@sha256:482df65e7f39f2c0a65f32693e6d5f930edf7b244589a60e446ccc5ee6d17211
           name: exporter
-        - env:
-            - name: VPN_SERVICE_PROVIDER
-              value: protonvpn
-            - name: VPN_TYPE
-              value: wireguard
-            - name: WIREGUARD_PRIVATE_KEY
-              valueFrom:
-                secretKeyRef:
-                  key: private-key
-                  name: protonvpn-wireguard-conf
-            - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
-            - name: FIREWALL_INPUT_PORTS
-              value: 8080,9022
-            - name: VPN_PORT_FORWARDING
-              value: "on"
-            - name: VPN_PORT_FORWARDING_UP_COMMAND
-              value: /bin/sh -c "/gluetun/update.sh {{PORT}}"
-            - name: PORT_FORWARD_ONLY
-              value: "on"
-            - name: BLOCK_MALICIOUS
-              value: "off"
-          image: ghcr.io/qdm12/gluetun:latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472
-          lifecycle:
-            postStart:
-              exec:
-                command:
-                  - /bin/sh
-                  - -c
-                  - (ip rule del table 51820; ip -6 rule del table 51820) || true
-          livenessProbe:
-            exec:
-              command:
-                - /gluetun-entrypoint
-                - healthcheck
-            failureThreshold: 5
-            initialDelaySeconds: 30
-            periodSeconds: 30
-            successThreshold: 1
-            timeoutSeconds: 15
-          name: gluetun
-          resources:
-            limits:
-              devic.es/tun: "1"
-            requests:
-              devic.es/tun: "1"
-          securityContext:
-            capabilities:
-              add:
-                - NET_ADMIN
-                - SYS_MODULE
-            privileged: true
-          volumeMounts:
-            - mountPath: /gluetun/update.sh
-              name: update-script
-              subPath: update.sh
         - env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml

@@ -47,18 +47,6 @@ spec:
                       - qbittorrent
               topologyKey: kubernetes.io/hostname
       initContainers:
-        - args:
-            - -ec
-            - |
-              sysctl -w net.ipv4.ip_forward=1;
-              sysctl -w net.ipv6.conf.all.disable_ipv6=1
-          command:
-            - /bin/sh
-          image: busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
-          name: init-sysctl
-          securityContext:
-            privileged: true
-      containers:
         - env:
             - name: VPN_SERVICE_PROVIDER
               value: protonvpn
@@ -70,7 +58,7 @@ spec:
                   key: private-key
                   name: protonvpn-wireguard-conf
             - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
             - name: FIREWALL_INPUT_PORTS
               value: "5030"
             - name: BLOCK_MALICIOUS
@@ -83,7 +71,8 @@ spec:
                   - /bin/sh
                   - -c
                   - (ip rule del table 51820; ip -6 rule del table 51820) || true
-          livenessProbe:
+          name: gluetun
+          readinessProbe:
             exec:
               command:
                 - /gluetun-entrypoint
@@ -93,18 +82,30 @@ spec:
             periodSeconds: 30
             successThreshold: 1
             timeoutSeconds: 15
-          name: gluetun
           resources:
             limits:
               devic.es/tun: "1"
             requests:
               devic.es/tun: "1"
+          restartPolicy: Always
           securityContext:
             capabilities:
               add:
                 - NET_ADMIN
                 - SYS_MODULE
             privileged: true
+        - args:
+            - -ec
+            - |
+              sysctl -w net.ipv4.ip_forward=1;
+              sysctl -w net.ipv6.conf.all.disable_ipv6=1
+          command:
+            - /bin/sh
+          image: busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
+          name: init-sysctl
+          securityContext:
+            privileged: true
+      containers:
         - env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml

@@ -36,9 +36,7 @@ spec:
       hostNetwork: false
       hostPID: false
       dnsPolicy: ClusterFirst
-      containers:
+      initContainers:
-        - image: brainicism/bgutil-ytdlp-pot-provider:1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
-          name: bgutil
         - env:
             - name: VPN_SERVICE_PROVIDER
               value: protonvpn
@@ -50,11 +48,11 @@ spec:
                   key: private-key
                   name: protonvpn-wireguard-conf
             - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
             - name: FIREWALL_INPUT_PORTS
               value: "24000"
             - name: DNS_CACHING
-              value: "false"
+              value: "off"
           image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
           lifecycle:
             postStart:
@@ -63,28 +61,32 @@ spec:
                   - /bin/sh
                   - -c
                   - (ip rule del table 51820; ip -6 rule del table 51820) || true
-          livenessProbe:
+          name: gluetun
+          readinessProbe:
             exec:
               command:
                 - /gluetun-entrypoint
                 - healthcheck
             failureThreshold: 5
-            initialDelaySeconds: 30
+            initialDelaySeconds: 15
-            periodSeconds: 30
+            periodSeconds: 10
             successThreshold: 1
-            timeoutSeconds: 15
+            timeoutSeconds: 5
-          name: gluetun
           resources:
             limits:
               devic.es/tun: "1"
             requests:
               devic.es/tun: "1"
+          restartPolicy: Always
           securityContext:
             capabilities:
               add:
                 - NET_ADMIN
                 - SYS_MODULE
             privileged: true
+      containers:
+        - image: brainicism/bgutil-ytdlp-pot-provider:1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
+          name: bgutil
         - env:
             - name: TZ
               value: America/Chicago
@@ -109,10 +111,12 @@ spec:
                 name: tubearchivist-config
           image: bbilly1/tubearchivist:v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567
           livenessProbe:
+            exec:
+              command:
+                - curl
+                - -f
+                - http://localhost:24000/api/health/
             failureThreshold: 5
-            httpGet:
-              path: /api/health/
-              port: 24000
             initialDelaySeconds: 30
             periodSeconds: 30
             successThreshold: 1