chore: implement backups for qbittorrent
This commit is contained in:
parent
66b712c9c7
commit
aa38b5b826
GPG key ID:
FEC9E2FC15235964
10 changed files with 44 additions and 32 deletions
|
|
@ -3,7 +3,7 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
#- ./network_policy.yaml
|
#- ./network_policy.yaml
|
||||||
- ./qbittorrent
|
- ./qbittorrent/ks.yaml
|
||||||
- ./qbit-manage
|
- ./qbit-manage
|
||||||
- ./radarr/ks.yaml
|
- ./radarr/ks.yaml
|
||||||
- ./sonarr/ks.yaml
|
- ./sonarr/ks.yaml
|
||||||
|
|
|
||||||
|
|
@ -9,60 +9,51 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: app-template
|
||||||
version: 3.1.0
|
version: 3.5.1
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjws-charts
|
name: bjws-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
|
|
||||||
values:
|
values:
|
||||||
controllers:
|
controllers:
|
||||||
main:
|
main:
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 10000
|
fsGroup: 10000
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/qbittorrent
|
repository: ghcr.io/onedr0p/qbittorrent
|
||||||
tag: 4.6.6
|
tag: 4.6.6
|
||||||
|
|
||||||
env:
|
env:
|
||||||
QBITTORRENT__PORT: 8080
|
QBITTORRENT__PORT: &qbitPort 8080
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsGroup: 10000
|
runAsGroup: 10000
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
fsGroup: 10000
|
fsGroup: 10000
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
gluetun:
|
gluetun:
|
||||||
image:
|
image:
|
||||||
repository: qmcgaw/gluetun
|
repository: qmcgaw/gluetun
|
||||||
tag: latest
|
tag: latest
|
||||||
|
|
||||||
env:
|
env:
|
||||||
FIREWALL_INPUT_PORTS: "8080,17871" # 17871 is the prometheus exporter
|
FIREWALL_INPUT_PORTS: "8080,17871" # 17871 is the prometheus exporter
|
||||||
FIREWALL_VPN_INPUT_PORTS: "41500"
|
FIREWALL_VPN_INPUT_PORTS: "41500"
|
||||||
HEALTH_VPN_DURATION_INITIAL: "120s"
|
HEALTH_VPN_DURATION_INITIAL: "120s"
|
||||||
|
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: qbittorrent-secrets
|
name: qbittorrent-secrets
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
image:
|
image:
|
||||||
repository: caseyscarborough/qbittorrent-exporter
|
repository: caseyscarborough/qbittorrent-exporter
|
||||||
tag: v1.3.5
|
tag: v1.3.5
|
||||||
|
|
||||||
env:
|
env:
|
||||||
QBITTORRENT_BASE_URL: "http://localhost:8080"
|
QBITTORRENT_BASE_URL: "http://localhost:8080"
|
||||||
# safe to have in plain text since qbittorrent is exposed through authentik.
|
# safe to have in plain text since qbittorrent is exposed through authentik.
|
||||||
|
|
@ -72,11 +63,9 @@ spec:
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
controller: main
|
controller: main
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: 8080
|
port: *qbitPort
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
port: 17871
|
port: 17871
|
||||||
protocol: HTTP
|
protocol: HTTP
|
||||||
|
|
@ -85,10 +74,8 @@ spec:
|
||||||
app:
|
app:
|
||||||
enabled: true
|
enabled: true
|
||||||
serviceName: qbittorrent
|
serviceName: qbittorrent
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
release: kube-prometheus-stack
|
release: kube-prometheus-stack
|
||||||
|
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: metrics
|
- port: metrics
|
||||||
scheme: http
|
scheme: http
|
||||||
|
|
@ -102,18 +89,13 @@ spec:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "qbit.${SECRET_NEW_DOMAIN}"
|
- host: "qbit.${SECRET_NEW_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
identifier: app
|
identifier: app
|
||||||
port: http
|
port: http
|
||||||
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- *host
|
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
storage:
|
storage:
|
||||||
|
|
@ -121,21 +103,18 @@ spec:
|
||||||
hostPath: /mnt/MainPool/Media/Torrents
|
hostPath: /mnt/MainPool/Media/Torrents
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /storage/Torrents
|
- path: /storage/Torrents
|
||||||
|
|
||||||
config:
|
config:
|
||||||
type: hostPath
|
existingClaim: qbittorrent
|
||||||
hostPath: /mnt/MainPool/Kubernetes/qbittorrent
|
|
||||||
advancedMounts:
|
advancedMounts:
|
||||||
main: # controller name
|
main: # controller name
|
||||||
app: # container name
|
app: # container name
|
||||||
- path: /config
|
- path: /config
|
||||||
|
|
||||||
gluetun-tmp:
|
gluetun-tmp:
|
||||||
type: emptyDir
|
type: emptyDir
|
||||||
advancedMounts:
|
advancedMounts:
|
||||||
main: # controller name
|
main: # controller name
|
||||||
gluetun: # container name
|
gluetun: # container name
|
||||||
- path: /tmp/gluetun/
|
- path: /tmp/gluetun
|
||||||
port-manager:
|
port-manager:
|
||||||
- path: /tmp/gluetun/
|
- path: /tmp/gluetun
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
- ../../../../../common/templates/volsync
|
||||||
- ./qbittorrent-secrets.sops.yaml
|
- ./qbittorrent-secrets.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
#- ./qbittorrent-metrics.yaml
|
#- ./qbittorrent-metrics.yaml
|
||||||
32
kubernetes/main/apps/download/qbittorrent/ks.yaml
Normal file
32
kubernetes/main/apps/download/qbittorrent/ks.yaml
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app qbittorrent
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
timeout: 5m
|
||||||
|
interval: 10m
|
||||||
|
targetNamespace: download
|
||||||
|
path: ./kubernetes/main/apps/download/qbittorrent/app
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: home-cluster
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-gpg
|
||||||
|
dependsOn:
|
||||||
|
- name: openebs
|
||||||
|
- name: openebs-sc
|
||||||
|
- name: volsync
|
||||||
|
postBuild:
|
||||||
|
substituteFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: cluster-settings
|
||||||
|
- kind: Secret
|
||||||
|
name: cluster-secrets
|
||||||
|
substitute:
|
||||||
|
APP: *app
|
||||||
|
VOLSYNC_CAPACITY: 1Gi
|
||||||
Loading…
Reference in a new issue