qbittorrent: controllers: main: type: deployment replicas: 1 strategy: Recreate pod: securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - slskd topologyKey: kubernetes.io/hostname initContainers: init-sysctl: image: repository: busybox tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e securityContext: privileged: True command: - /bin/sh args: - -ec - | sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv6.conf.all.disable_ipv6=1 containers: qbittorrent: image: repository: ghcr.io/linuxserver/qbittorrent tag: 5.1.4-r2-ls448@sha256:a89108b1bf43de072a35a59a3ee41b97b564538faae5cbb3f6c803aa7f5fd9f7 env: - name: TZ value: America/Chicago - name: PUID value: 1000 - name: PGID value: 1000 - name: UMASK_SET value: "002" - name: WEBUI_PORT value: 8080 resources: requests: cpu: 500m memory: 1Gi gluetun: image: repository: ghcr.io/qdm12/gluetun tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab lifecycle: postStart: exec: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: name: qbittorrent-wireguard-conf key: private-key - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: name: qbittorrent-wireguard-conf key: preshared-key - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: name: qbittorrent-wireguard-conf key: addresses - name: FIREWALL_VPN_INPUT_PORTS valueFrom: secretKeyRef: name: qbittorrent-wireguard-conf key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 8080,9022 - name: DNS_UPSTREAM_RESOLVER_TYPE value: dot - name: BLOCK_MALICIOUS value: "off" - name: HTTPPROXY value: "off" - name: SHADOWSOCKS value: "off" securityContext: privileged: True capabilities: add: - NET_ADMIN - SYS_MODULE probes: liveness: enabled: true custom: true spec: exec: command: - /gluetun-entrypoint - healthcheck failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 15 resources: limits: devic.es/tun: "1" requests: devic.es/tun: "1" exporter: image: repository: esanchezm/prometheus-qbittorrent-exporter tag: v1.6.0@sha256:482df65e7f39f2c0a65f32693e6d5f930edf7b244589a60e446ccc5ee6d17211 env: - name: QBITTORRENT_HOST value: localhost - name: QBITTORRENT_PORT value: "8080" - name: EXPORTER_PORT value: "9022" - name: EXPORTER_LOG_LEVEL value: INFO qbit-manage: type: deployment annotations: reloader.stakater.com/auto: "true" replicas: 1 strategy: Recreate initContainers: init-copy-config: image: repository: busybox tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e command: - /bin/sh - -ec - | cp /config/config.yml /app/config/config.yml containers: qbit-manage: image: repository: ghcr.io/stuffanthings/qbit_manage tag: v4.7.0@sha256:8786f2efc6fb8e26281f09bf6c5d0004e2d2420fd4781af0aed123ae01558e21 pullPolicy: IfNotPresent env: - name: TZ value: America/Chicago - name: QBT_SCHEDULE value: 0 * * * * - name: QBT_STARTUP_DELAY value: 360 - name: QBT_CONFIG_DIR value: /app/config/ - name: QBT_LOGFILE value: /app/var/activity.log - name: QBT_LOG_LEVEL value: INFO resources: requests: cpu: 10m memory: 280Mi apprise-api: image: repository: ghcr.io/caronc/apprise tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 env: - name: TZ value: America/Chicago - name: PGID value: 1000 - name: PUID value: 1000 - name: APPRISE_STORAGE_MODE value: memory - name: APPRISE_STATEFUL_MODE value: disabled - name: APPRISE_WORKER_COUNT value: 1 - name: APPRISE_STATELESS_URLS valueFrom: secretKeyRef: name: qbittorrent-qbit-manage-config key: ntfy-url qui: type: deployment replicas: 1 strategy: Recreate pod: securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch containers: qui: image: repository: ghcr.io/autobrr/qui tag: v1.15.0@sha256:da33f8c850f7d6f1bfaee26b9553b21411e872639d54193906fa2cec51af1d0f env: - name: QUI__METRICS_ENABLED value: true - name: QUI__METRICS_HOST value: 0.0.0.0 - name: QUI__METRICS_PORT value: 9074 - name: QUI__OIDC_ENABLED value: true - name: QUI__OIDC_ISSUER value: https://auth.alexlebens.dev/application/o/qui/ - name: QUI__OIDC_CLIENT_ID valueFrom: secretKeyRef: name: qui-oidc-secret key: client - name: QUI__OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: qui-oidc-secret key: secret - name: QUI__OIDC_REDIRECT_URL value: https://qui.alexlebens.net/api/auth/oidc/callback - name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN value: false resources: requests: cpu: 10m memory: 70Mi service: main: controller: main forceRename: qbittorrent ports: http: port: 8080 targetPort: 8080 health: port: 9999 targetPort: 9999 metrics: port: 9022 targetPort: 9022 qbit-manage: controller: qbit-manage ports: apprise: port: 80 targetPort: 8181 qui: controller: qui ports: http: port: 80 targetPort: 7476 metrics: port: 9074 targetPort: 9074 serviceMonitor: main: selector: matchLabels: app.kubernetes.io/name: qbittorrent app.kubernetes.io/instance: qbittorrent serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' endpoints: - port: metrics interval: 30s scrapeTimeout: 15s path: /metrics apprise: selector: matchLabels: app.kubernetes.io/name: qbittorrent-apprise app.kubernetes.io/instance: qbittorrent-apprise serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' endpoints: - port: apprise interval: 30s scrapeTimeout: 15s path: /metrics qui: selector: matchLabels: app.kubernetes.io/name: qbittorrent-qui app.kubernetes.io/instance: qbittorrent-qui serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' endpoints: - port: metrics interval: 30s scrapeTimeout: 15s path: /metrics route: main: kind: HTTPRoute parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - qbittorrent.alexlebens.net rules: - backendRefs: - name: qbittorrent port: 8080 matches: - path: type: PathPrefix value: / qui: kind: HTTPRoute parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - qui.alexlebens.net rules: - backendRefs: - name: qbittorrent-qui port: 80 matches: - path: type: PathPrefix value: / persistence: update-script: enabled: true type: configMap name: glutun-update-script defaultMode: 0755 advancedMounts: main: gluetun: - path: /gluetun/update.sh subPath: update.sh qbit-manage-config: enabled: true type: configMap name: qbit-manage-config advancedMounts: qbit-manage: init-copy-config: - path: /config/config.yml readOnly: true mountPropagation: None subPath: config.yml qbit-manage: - path: /config/config.yml readOnly: true mountPropagation: None subPath: config.yml config-data: forceRename: qbittorrent-config-data storageClass: ceph-filesystem accessMode: ReadWriteMany size: 1Gi advancedMounts: main: qbittorrent: - path: /config/qBittorrent readOnly: false qbit-manage: qbit-manage: - path: /qbittorrent/qBittorrent readOnly: false qbit-manage-config-data: forceRename: qbittorrent-qbit-manage-config-data storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi advancedMounts: qbit-manage: init-copy-config: - path: /app/config readOnly: false qbit-manage: - path: /app/config readOnly: false qui-config-data: forceRename: qbittorrent-qui-config-data storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi advancedMounts: qui: qui: - path: /config readOnly: false qbit-manage-config-var: type: emptyDir advancedMounts: qbit-manage: qbit-manage: - path: /app/var readOnly: false storage: type: persistentVolumeClaim existingClaim: qbittorrent-nfs-storage advancedMounts: main: qbittorrent: - path: /mnt/store readOnly: false qbit-manage: qbit-manage: - path: /mnt/store readOnly: false volsync-target-config: pvcTarget: qbittorrent-config-data moverSecurityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch local: enabled: true schedule: 58 8 * * * restic: copyMethod: Snapshot storageClassName: ceph-filesystem volumeSnapshotClassName: ceph-filesystem-snapshot remote: enabled: true schedule: 58 9 * * * restic: copyMethod: Snapshot storageClassName: ceph-filesystem volumeSnapshotClassName: ceph-filesystem-snapshot external: enabled: true schedule: 58 10 * * * restic: copyMethod: Snapshot storageClassName: ceph-filesystem volumeSnapshotClassName: ceph-filesystem-snapshot volsync-target-qbit-manage-config: pvcTarget: qbittorrent-qbit-manage-config-data local: enabled: true schedule: 0 11 * * * remote: enabled: true schedule: 0 12 * * * external: enabled: true schedule: 0 13 * * * volsync-target-qui-config: pvcTarget: qbittorrent-qui-config-data local: enabled: true schedule: 2 11 * * * remote: enabled: true schedule: 2 12 * * * external: enabled: true schedule: 2 13 * * *