--- # Source: slskd/templates/namespace.yaml apiVersion: v1 kind: Namespace metadata: name: slskd labels: app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged --- # Source: slskd/templates/persistent-volume.yaml apiVersion: v1 kind: PersistentVolume metadata: name: slskd-nfs-storage namespace: slskd labels: app.kubernetes.io/name: slskd-nfs-storage app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadWriteMany nfs: path: /volume2/Storage server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- # Source: slskd/templates/persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: slskd-nfs-storage namespace: slskd labels: app.kubernetes.io/name: slskd-nfs-storage app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: volumeName: slskd-nfs-storage storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- # Source: slskd/charts/slskd/templates/common.yaml apiVersion: v1 kind: Service metadata: name: slskd labels: app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd app.kubernetes.io/service: slskd helm.sh/chart: slskd-4.4.0 namespace: slskd spec: type: ClusterIP ports: - port: 5030 targetPort: 5030 protocol: TCP name: http selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd --- # Source: slskd/charts/slskd/templates/common.yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: slskd-main labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd helm.sh/chart: slskd-4.4.0 namespace: slskd spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst initContainers: - args: - -ec - | sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv6.conf.all.disable_ipv6=1 command: - /bin/sh image: busybox:1.37.0 imagePullPolicy: IfNotPresent name: init-sysctl resources: requests: cpu: 10m memory: 128Mi securityContext: privileged: true containers: - env: - name: VPN_SERVICE_PROVIDER value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: key: private-key name: slskd-wireguard-conf - name: VPN_PORT_FORWARDING value: "on" - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 5030,50300 - name: DOT value: "off" image: ghcr.io/qdm12/gluetun:v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 imagePullPolicy: IfNotPresent name: gluetun resources: limits: devic.es/tun: "1" requests: cpu: 10m devic.es/tun: "1" memory: 128Mi securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE privileged: true - env: - name: TZ value: US/Central - name: PUID value: "1000" - name: PGID value: "1000" - name: SLSKD_UMASK value: "0" image: slskd/slskd:0.24.0 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 100m memory: 512Mi volumeMounts: - mountPath: /mnt/store name: data - mountPath: /app/slskd.yml mountPropagation: None name: slskd-config readOnly: true subPath: slskd.yml volumes: - name: data persistentVolumeClaim: claimName: slskd-nfs-storage - name: slskd-config secret: secretName: slskd-config-secret --- # Source: slskd/charts/slskd/templates/common.yaml apiVersion: apps/v1 kind: Deployment metadata: name: slskd-soularr labels: app.kubernetes.io/controller: soularr app.kubernetes.io/instance: slskd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: slskd helm.sh/chart: slskd-4.4.0 namespace: slskd spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: soularr app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd template: metadata: labels: app.kubernetes.io/controller: soularr app.kubernetes.io/instance: slskd app.kubernetes.io/name: slskd spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: TZ value: US/Central - name: PUID value: "1000" - name: PGID value: "1000" - name: SCRIPT_INTERVAL value: "300" image: mrusse08/soularr:latest@sha256:71a0b9e5a522d76bb0ffdb6d720d681fde22417b3a5acc9ecae61c89d05d8afc imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 256Mi volumeMounts: - mountPath: /mnt/store name: data - mountPath: /data/config.ini mountPropagation: None name: soularr-config readOnly: true subPath: config.ini volumes: - name: data persistentVolumeClaim: claimName: slskd-nfs-storage - name: soularr-config secret: secretName: soularr-config-secret --- # Source: slskd/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: slskd-config-secret namespace: slskd labels: app.kubernetes.io/name: slskd-config-secret app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: slskd.yml remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/slskd/config metadataPolicy: None property: slskd.yml --- # Source: slskd/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: soularr-config-secret namespace: slskd labels: app.kubernetes.io/name: soularr-config-secret app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: config.ini remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/slskd/soularr metadataPolicy: None property: config.ini --- # Source: slskd/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: slskd-wireguard-conf namespace: slskd labels: app.kubernetes.io/name: slskd-wireguard-conf app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: private-key remoteRef: conversionStrategy: Default decodingStrategy: None key: /protonvpn/conf/cl01tl metadataPolicy: None property: private-key --- # Source: slskd/templates/http-route.yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: http-route-slskd namespace: slskd labels: app.kubernetes.io/name: http-route-slskd app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - slskd.alexlebens.net rules: - matches: - path: type: PathPrefix value: / backendRefs: - group: '' kind: Service name: slskd port: 5030 weight: 100 --- # Source: slskd/templates/service-monitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: slskd namespace: slskd labels: app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: selector: matchLabels: app.kubernetes.io/name: slskd app.kubernetes.io/instance: slskd endpoints: - port: http interval: 3m scrapeTimeout: 1m path: /metrics