apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: qbittorrent namespace: download spec: interval: 5m chart: spec: chart: app-template version: 1.3.x sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: image: repository: ghcr.io/onedr0p/qbittorrent tag: rolling # Metrics sidecar sidecars: gluetun: image: qmcgaw/gluetun:latest env: - name: FIREWALL value: "off" - name: DOT value: "off" envFrom: - secretRef: name: qbittorrent-secrets securityContext: capabilities: add: - NET_ADMIN runAsNonRoot: true runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch metrics: image: caseyscarborough/qbittorrent-exporter:latest env: - name: QBITTORRENT_BASE_URL value: "http://localhost:8080" ports: - name: metrics containerPort: 17871 env: TZ: America/New_York QBITTORRENT__PORT: "8080" service: main: labels: app: qbittorrent-service ports: http: port: 8080 metrics: enabled: true port: 17871 protocol: HTTP ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &host "qbit.${SECRET_NEW_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - *host secretName: wildcard-main-tls persistence: storage: enabled: true type: hostPath hostPath: /mnt/MainPool/Media/Torrents mountPath: /storage/Torrents config: enabled: true type: hostPath hostPath: /mnt/MainPool/Kubernetes/qbittorrent mountPath: /config podSecurityContext: runAsNonRoot: true runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch # resources: # requests: # cpu: 2m # memory: 150Mi # limits: # memory: 500Mi