apiVersion: apps/v1 kind: Deployment metadata: name: slskd-main labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd helm.sh/chart: slskd-4.6.2 namespace: slskd spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst initContainers: - args: - -ec - | sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv6.conf.all.disable_ipv6=1 command: - /bin/sh image: busybox:1.37.0 imagePullPolicy: IfNotPresent name: init-sysctl resources: requests: cpu: 10m memory: 128Mi securityContext: privileged: true containers: - env: - name: VPN_SERVICE_PROVIDER value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: key: private-key name: slskd-wireguard-conf - name: UPDATER_PROTONVPN_EMAIL valueFrom: secretKeyRef: key: proton-email name: slskd-wireguard-conf - name: UPDATER_PROTONVPN_PASSWORD valueFrom: secretKeyRef: key: proton-password name: slskd-wireguard-conf - name: VPN_PORT_FORWARDING value: "on" - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 5030,50300 - name: DNS_UPSTREAM_RESOLVER_TYPE value: dot - name: HTTPPROXY value: "off" - name: SHADOWSOCKS value: "off" image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab imagePullPolicy: IfNotPresent lifecycle: postStart: exec: command: - /bin/sh - -c - (ip rule del table 51820; ip -6 rule del table 51820) || true livenessProbe: exec: command: - /gluetun-entrypoint - healthcheck failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 15 name: gluetun resources: limits: devic.es/tun: "1" requests: cpu: 10m devic.es/tun: "1" memory: 128Mi securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE privileged: true - env: - name: TZ value: US/Central - name: PUID value: "1000" - name: PGID value: "1000" - name: SLSKD_UMASK value: "0" image: slskd/slskd:0.24.5 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 100m memory: 512Mi volumeMounts: - mountPath: /mnt/store name: data - mountPath: /app/slskd.yml mountPropagation: None name: slskd-config readOnly: true subPath: slskd.yml volumes: - name: data persistentVolumeClaim: claimName: slskd-nfs-storage - name: slskd-config secret: secretName: slskd-config-secret --- apiVersion: apps/v1 kind: Deployment metadata: name: slskd-soularr labels: app.kubernetes.io/controller: soularr app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd helm.sh/chart: slskd-4.6.2 namespace: slskd spec: revisionHistoryLimit: 3 replicas: 0 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: soularr app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd template: metadata: labels: app.kubernetes.io/controller: soularr app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: TZ value: US/Central - name: PUID value: "1000" - name: PGID value: "1000" - name: SCRIPT_INTERVAL value: "300" image: mrusse08/soularr:latest@sha256:69bc29f2072d6256c30f94fb1a0bfe8034c197791a2103d87f15ef1761347ce9 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 256Mi volumeMounts: - mountPath: /mnt/store name: data - mountPath: /data/config.ini mountPropagation: None name: soularr-config readOnly: true subPath: config.ini volumes: - name: data persistentVolumeClaim: claimName: slskd-nfs-storage - name: soularr-config secret: secretName: soularr-config-secret --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: slskd-config-secret namespace: slskd labels: app.kubernetes.io/name: slskd-config-secret app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: slskd.yml remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/slskd/config metadataPolicy: None property: slskd.yml --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: slskd-wireguard-conf namespace: slskd labels: app.kubernetes.io/name: slskd-wireguard-conf app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: private-key remoteRef: conversionStrategy: Default decodingStrategy: None key: /protonvpn/conf/cl01tl metadataPolicy: None property: private-key - secretKey: proton-email remoteRef: conversionStrategy: Default decodingStrategy: None key: /protonvpn/conf/cl01tl metadataPolicy: None property: email - secretKey: proton-password remoteRef: conversionStrategy: Default decodingStrategy: None key: /protonvpn/conf/cl01tl metadataPolicy: None property: password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: soularr-config-secret namespace: slskd labels: app.kubernetes.io/name: soularr-config-secret app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: config.ini remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/slskd/soularr metadataPolicy: None property: config.ini --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: HTTPRoute metadata: name: slskd labels: app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd helm.sh/chart: slskd-4.6.2 namespace: slskd spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - "slskd.alexlebens.net" rules: - backendRefs: - group: "" kind: Service name: slskd namespace: slskd port: 5030 weight: 100 matches: - path: type: PathPrefix value: / --- apiVersion: v1 kind: Namespace metadata: name: slskd labels: app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged --- apiVersion: v1 kind: PersistentVolume metadata: name: slskd-nfs-storage namespace: slskd labels: app.kubernetes.io/name: slskd-nfs-storage app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadWriteMany nfs: path: /volume2/Storage server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: slskd-nfs-storage namespace: slskd labels: app.kubernetes.io/name: slskd-nfs-storage app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: volumeName: slskd-nfs-storage storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: v1 kind: Service metadata: name: slskd labels: app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd app.kubernetes.io/service: slskd helm.sh/chart: slskd-4.6.2 namespace: slskd spec: type: ClusterIP ports: - port: 5030 targetPort: 5030 protocol: TCP name: http selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: slskd labels: app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd helm.sh/chart: slskd-4.6.2 namespace: slskd spec: jobLabel: slskd namespaceSelector: matchNames: - slskd selector: matchLabels: app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd endpoints: - interval: 3m path: /metrics port: http scrapeTimeout: 1m