infrastructure/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: qbittorrent-qui
  labels:
    app.kubernetes.io/controller: qui
    app.kubernetes.io/instance: qbittorrent
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: qbittorrent
    helm.sh/chart: qbittorrent-4.6.2
  namespace: qbittorrent
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/controller: qui
      app.kubernetes.io/name: qbittorrent
      app.kubernetes.io/instance: qbittorrent
  template:
    metadata:
      annotations:
        checksum/secrets: 545cc0ac43a8c257917ff35f6fed45976eaefcbaed5d63bbd60d3b932dc71794
      labels:
        app.kubernetes.io/controller: qui
        app.kubernetes.io/instance: qbittorrent
        app.kubernetes.io/name: qbittorrent
    spec:
      enableServiceLinks: false
      serviceAccountName: qbittorrent
      automountServiceAccountToken: true
      securityContext:
        fsGroup: 1000
        fsGroupChangePolicy: OnRootMismatch
      hostIPC: false
      hostNetwork: false
      hostPID: false
      dnsPolicy: ClusterFirst
      containers:
        - env:
            - name: QUI__METRICS_ENABLED
              value: "true"
            - name: QUI__METRICS_HOST
              value: 0.0.0.0
            - name: QUI__METRICS_PORT
              value: "9074"
            - name: QUI__OIDC_ENABLED
              value: "true"
            - name: QUI__OIDC_ISSUER
              value: https://auth.alexlebens.dev/application/o/qui/
            - name: QUI__OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  key: client
                  name: qui-oidc-authentik
            - name: QUI__OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  key: secret
                  name: qui-oidc-authentik
            - name: QUI__OIDC_REDIRECT_URL
              value: https://qui.alexlebens.net/api/auth/oidc/callback
            - name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN
              value: "false"
          image: ghcr.io/autobrr/qui:v1.17.0@sha256:fb3832e68f66b056e1b049d16c40732661e7b73999bc642d4b11469a3ebbabd3
          name: qui
          resources:
            requests:
              cpu: 10m
              memory: 70Mi
          volumeMounts:
            - mountPath: /config
              name: qui-config-data
      volumes:
        - name: qui-config-data
          persistentVolumeClaim:
            claimName: qbittorrent-qui-config-data