chore(qbittorrent): switch to using app-template:3.1.0

2024-04-20 16:16:46 -04:00 · 2024-04-20 16:16:46 -04:00 · 52e9a314af
commit 52e9a314af
parent 34eaa3b4fc
1 changed files with 86 additions and 68 deletions
--- a/cluster/apps/download/qbittorrent/helm-release.yaml
+++ b/cluster/apps/download/qbittorrent/helm-release.yaml
@ -8,118 +8,136 @@ spec:
  chart:
    spec:
      chart: app-template
-      version: 1.3.x
+      version: 3.1.0
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
-    image:
-      repository: lscr.io/linuxserver/qbittorrent
-      tag: "4.6.2"
+    controllers:
+      main:

-    sidecars:
-      gluetun:
-        image: qmcgaw/gluetun:v3.38
-        env:
-        - name: FIREWALL_INPUT_PORTS
-          value: "8080,17871" # 17871 is the prometheus exporter
-        envFrom:
-        - secretRef:
-            name: qbittorrent-secrets
-        securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
-        volumeMounts:
-        - name: gluetun-tmp
-          mountPath: /tmp/gluetun/
+        pod:
+          securityContext:
+            fsGroup: 10000
+            fsGroupChangePolicy: "OnRootMismatch"

-      port-manager:
-        image: git.seanomik.net/seanomik/gluetun-qbit-port-updater:v0.1.2
-        imagePullPolicy: Always
-        env:
-          PORT_UPD_QBITTORRENT_HOST: localhost
-          PORT_UPD_QBITTORRENT_PORT: "8080"
-          # safe to have in plain text since qbittorrent is exposed through authentik.
-          PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin
-          PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin
-          PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port
-        volumeMounts:
-        - name: gluetun-tmp
-          mountPath: /tmp/gluetun/
+        containers:
+          main:
+            image:
+              repository: ghcr.io/onedr0p/qbittorrent
+              tag: 4.6.2

-      metrics:
-        image: caseyscarborough/qbittorrent-exporter:v1.3.5
-        env:
-          QBITTORRENT_BASE_URL: "http://localhost:8080"
-          # safe to have in plain text since qbittorrent is exposed through authentik.
-          QBITTORRENT_LOGIN: *qbitLogin
-          QBITTORRENT_PASSWORD: *qbitPass
-        ports:
-        - name: metrics
-          containerPort: 17871
+            env:
+              QBITTORRENT__PORT: 8080

-    env:
-      TZ: America/New_York
-      PGID: "10000"
-      PUID: "10000"
-      WEBUI_PORT: "8080"
+            securityContext:
+              runAsGroup: 10000
+              runAsUser: 10000
+              fsGroup: 10000
+              fsGroupChangePolicy: "OnRootMismatch"
+
+          gluetun:
+            image:
+              repository: qmcgaw/gluetun
+              tag: v3.38
+            
+            env:
+              FIREWALL_INPUT_PORTS: "8080,17871" # 17871 is the prometheus exporter
+            
+            envFrom:
+            - secretRef:
+                name: qbittorrent-secrets
+
+            securityContext:
+              capabilities:
+                add:
+                - NET_ADMIN
+
+          port-manager:
+            image:
+              repository: git.seanomik.net/seanomik/gluetun-qbit-port-updater
+              tag: v0.1.2
+              pullPolicy: Always
+
+            env:
+              PORT_UPD_QBITTORRENT_HOST: localhost
+              PORT_UPD_QBITTORRENT_PORT: "8080"
+              # safe to have in plain text since qbittorrent is exposed through authentik.
+              PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin
+              PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin
+              PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port
+
+          metrics:
+            image:
+              repository: caseyscarborough/qbittorrent-exporter
+              tag: v1.3.5
+
+            env:
+              QBITTORRENT_BASE_URL: "http://localhost:8080"
+              # safe to have in plain text since qbittorrent is exposed through authentik.
+              QBITTORRENT_LOGIN: *qbitLogin
+              QBITTORRENT_PASSWORD: *qbitPass

    service:
-      main:
-        labels:
-          app: qbittorrent-service
+      app:
+        controller: main

        ports:
          http:
            port: 8080

          metrics:
-            enabled: true
            port: 17871
            protocol: HTTP

    ingress:
      main:
-        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+
        hosts:
        - host: &host "qbit.${SECRET_NEW_DOMAIN}"
          paths:
          - path: /
-            pathType: Prefix
+            service:
+              identifier: app
+              port: http
+        
        tls:
        - hosts:
          - *host

    persistence:
      storage:
-        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Media/Torrents
-        mountPath: /storage/Torrents
+        globalMounts:
+        - path: /storage/Torrents
+
      config:
-        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/qbittorrent
-        mountPath: /config
+        advancedMounts:
+          main: # controller name
+            main: # container name
+            - path: /config
+
      cookies:
-        enabled: true
        type: secret
        name: cookie-secret
-        mountPath: /etc/tokens
+        globalMounts:
+        - path: /etc/tokens
+
      gluetun-tmp:
-        enabled: true
        type: emptyDir
-      
-    resources:
-      requests:
-        cpu: 10m
-        memory: 250Mi
-      limits:
-        memory: 6000Mi
+        advancedMounts:
+          main: # controller name
+            gluetun: # container name
+              - path: /tmp/gluetun/
+            port-manager:
+              - path: /tmp/gluetun/
+                readOnly: true