# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: qbittorrent namespace: download spec: interval: 5m chart: spec: chart: app-template version: 3.1.0 sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: controllers: main: pod: securityContext: fsGroup: 10000 fsGroupChangePolicy: "OnRootMismatch" containers: app: image: repository: ghcr.io/onedr0p/qbittorrent tag: 4.5.2 env: QBITTORRENT__PORT: 8080 securityContext: runAsGroup: 10000 runAsUser: 10000 fsGroup: 10000 fsGroupChangePolicy: "OnRootMismatch" gluetun: image: repository: qmcgaw/gluetun tag: latest env: FIREWALL_INPUT_PORTS: "8080,17871" # 17871 is the prometheus exporter HEALTH_VPN_DURATION_INITIAL: "120s" UPDATER_PERIOD: 24h UPDATER_VPN_SERVICE_PROVIDERS: protonvpn envFrom: - secretRef: name: qbittorrent-secrets securityContext: capabilities: add: - NET_ADMIN probes: liveness: enabled: true custom: true spec: exec: command: - /bin/sh - -c # if the vpn is connected, it should have internet - ping -c 1 google.com initialDelaySeconds: 30 periodSeconds: 60 failureThreshold: 3 timeoutSeconds: 10 port-manager: image: repository: git.seanomik.net/seanomik/gluetun-qbit-port-updater tag: v0.2.0 pullPolicy: Always env: PORT_UPD_QBITTORRENT_HOST: localhost PORT_UPD_QBITTORRENT_PORT: "8080" # safe to have in plain text since qbittorrent is exposed through authentik. PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port metrics: image: repository: caseyscarborough/qbittorrent-exporter tag: v1.3.5 env: QBITTORRENT_BASE_URL: "http://localhost:8080" # safe to have in plain text since qbittorrent is exposed through authentik. QBITTORRENT_LOGIN: *qbitLogin QBITTORRENT_PASSWORD: *qbitPass service: app: controller: main ports: http: port: 8080 metrics: port: 17871 protocol: HTTP serviceMonitor: app: enabled: true serviceName: qbittorrent labels: release: kube-prometheus-stack endpoints: - port: metrics scheme: http path: /metrics interval: 3m scrapeTimeout: 1m ingress: main: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &host "qbit.${SECRET_NEW_DOMAIN}" paths: - path: / service: identifier: app port: http tls: - hosts: - *host persistence: storage: type: hostPath hostPath: /mnt/MainPool/Media/Torrents globalMounts: - path: /storage/Torrents config: type: hostPath hostPath: /mnt/MainPool/Kubernetes/qbittorrent advancedMounts: main: # controller name app: # container name - path: /config cookies: type: secret name: cookie-secret globalMounts: - path: /etc/tokens gluetun-tmp: type: emptyDir advancedMounts: main: # controller name gluetun: # container name - path: /tmp/gluetun/ port-manager: - path: /tmp/gluetun/ readOnly: true