apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: qbittorrent namespace: download spec: interval: 5m chart: spec: chart: app-template version: 1.3.x sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: image: repository: lscr.io/linuxserver/qbittorrent tag: "4.5.4" initContainers: copy-manage-config: image: alpine:3.18 command: - /bin/sh - -c - "ls /tmp/manage-ro && cp -a /tmp/manage-ro/. /tmp/manage-tmp/ && chmod -R 777 /tmp/manage-tmp && ls /tmp/manage-tmp" volumeMounts: - name: manage-ro mountPath: /tmp/manage-ro - name: manage-tmp mountPath: /tmp/manage-tmp sidecars: gluetun: image: qmcgaw/gluetun:v3.36 env: - name: FIREWALL_INPUT_PORTS value: "8080,17871" # 17871 is the prometheus exporter envFrom: - secretRef: name: qbittorrent-secrets securityContext: capabilities: add: - NET_ADMIN volumeMounts: - name: gluetun-tmp mountPath: /tmp/gluetun/ port-manager: image: git.seanomik.net/seanomik/gluetun-qbit-port-updater:v0.1.1 imagePullPolicy: Always env: PORT_UPD_QBITTORRENT_HOST: localhost PORT_UPD_QBITTORRENT_PORT: "8080" # safe to have in plain text since qbittorrent is exposed through authentik. PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port volumeMounts: - name: gluetun-tmp mountPath: /tmp/gluetun/ metrics: image: caseyscarborough/qbittorrent-exporter:v1.3.2 env: QBITTORRENT_BASE_URL: "http://localhost:8080" # safe to have in plain text since qbittorrent is exposed through authentik. QBITTORRENT_LOGIN: *qbitLogin QBITTORRENT_PASSWORD: *qbitPass ports: - name: metrics containerPort: 17871 manage: image: bobokun/qbit_manage:v4.0.6 env: QBT_STARTUP_DELAY: 45 # seconds QBT_SCHEDULE: 720 # 720min = 12hr volumeMounts: - name: manage-tmp mountPath: /config - name: storage mountPath: /storage/Torrents env: TZ: America/New_York PGID: "10000" PUID: "10000" WEBUI_PORT: "8080" service: main: labels: app: qbittorrent-service ports: http: port: 8080 metrics: enabled: true port: 17871 protocol: HTTP ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &host "qbit.${SECRET_NEW_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - *host secretName: wildcard-main-tls persistence: storage: enabled: true type: hostPath hostPath: /mnt/MainPool/Media/Torrents mountPath: /storage/Torrents config: enabled: true type: hostPath hostPath: /mnt/MainPool/Kubernetes/qbittorrent mountPath: /config cookies: enabled: true type: secret name: cookie-secret mountPath: /etc/tokens gluetun-tmp: enabled: true type: emptyDir # qbit-manage: # enabled: true # type: hostPath # hostPath: /mnt/MainPool/Kubernetes/qbit-manage # mountPath: /config-manage manage-tmp: enabled: true type: emptyDir manage-ro: enabled: true type: custom mountPath: /config-manage volumeSpec: configMap: name: qbit-manage items: - key: "config.yml" path: "config.yml" resources: requests: cpu: 10m memory: 250Mi limits: memory: 6000Mi