From 32f645f51feec052b50460edc7040cd5d4597912 Mon Sep 17 00:00:00 2001
From: Matt Reeves <admin@mafyuh.io>
Date: Tue, 18 Feb 2025 22:19:44 -0500
Subject: [PATCH] update qbitty, sonarr,sab
---
.../production/arr/prowlarr/deployment.yaml | 53 -------
.../production/arr/prowlarr/helmrelease.yaml | 123 +++++++++++++++
.../apps/production/arr/prowlarr/ingress.yaml | 22 ---
.../arr/prowlarr/kustomization.yaml | 4 +-
.../apps/production/arr/prowlarr/service.yaml | 13 --
.../production/arr/qbitty/deployment.yaml | 99 ------------
.../production/arr/qbitty/helmrelease.yaml | 143 ++++++++++++++++++
.../apps/production/arr/qbitty/ingress.yaml | 22 ---
.../production/arr/qbitty/kustomization.yaml | 4 +-
.../apps/production/arr/qbitty/service.yaml | 13 --
.../production/arr/sabnzbd/helmrelease.yaml | 27 +++-
.../production/arr/sonarr/helmrelease.yaml | 5 +
12 files changed, 293 insertions(+), 235 deletions(-)
delete mode 100644 kubernetes/apps/production/arr/prowlarr/deployment.yaml
create mode 100644 kubernetes/apps/production/arr/prowlarr/helmrelease.yaml
delete mode 100644 kubernetes/apps/production/arr/prowlarr/ingress.yaml
delete mode 100644 kubernetes/apps/production/arr/prowlarr/service.yaml
delete mode 100644 kubernetes/apps/production/arr/qbitty/deployment.yaml
create mode 100644 kubernetes/apps/production/arr/qbitty/helmrelease.yaml
delete mode 100644 kubernetes/apps/production/arr/qbitty/ingress.yaml
delete mode 100644 kubernetes/apps/production/arr/qbitty/service.yaml
diff --git a/kubernetes/apps/production/arr/prowlarr/deployment.yaml b/kubernetes/apps/production/arr/prowlarr/deployment.yaml
deleted file mode 100644
index 14c5a16..0000000
--- a/kubernetes/apps/production/arr/prowlarr/deployment.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: prowlarr
- namespace: arr
- labels:
- app: prowlarr
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: prowlarr
- template:
- metadata:
- labels:
- app: prowlarr
- spec:
- securityContext:
- runAsUser: 65534
- runAsGroup: 65534
- fsGroup: 65534
- fsGroupChangePolicy: OnRootMismatch
- containers:
- - name: prowlarr
- image: ghcr.io/onedr0p/prowlarr:rolling@sha256:7234ae8ca5b14153baddf42257cc2ddc928695ce604d11a9616b635eca0e43e7
- imagePullPolicy: IfNotPresent
- resources:
- requests:
- memory: 512Mi
- cpu: 150m
- limits:
- memory: 2Gi
- cpu: 500m
- volumeMounts:
- - mountPath: /config
- name: prowlarr-config
- volumes:
- - name: prowlarr-config
- persistentVolumeClaim:
- claimName: prowlarr-config
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: prowlarr-config
- namespace: arr
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: longhorn
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/prowlarr/helmrelease.yaml b/kubernetes/apps/production/arr/prowlarr/helmrelease.yaml
new file mode 100644
index 0000000..651d332
--- /dev/null
+++ b/kubernetes/apps/production/arr/prowlarr/helmrelease.yaml
@@ -0,0 +1,123 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: &app prowlarr
+ namespace: arr
+spec:
+ interval: 15m
+ chart:
+ spec:
+ chart: app-template
+ version: 3.7.1
+ interval: 30m
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+
+ install:
+ remediation:
+ retries: 3
+ upgrade:
+ remediation:
+ retries: 3
+
+ values:
+ global:
+ fullnameOverride: *app
+ namespace: arr
+
+ controllers:
+ prowlarr:
+ enabled: true
+ type: statefulset
+ annotations:
+ reloader.stakater.com/auto: "true"
+
+ replicas: 1
+
+ statefulset:
+ volumeClaimTemplates:
+ - name: prowlarr-config
+ accessMode: ReadWriteOnce
+ size: 3Gi
+ storageClass: longhorn
+ globalMounts:
+ - path: /config
+
+ pod:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: &group 1000
+ fsGroup: *group
+ fsGroupChangePolicy: "OnRootMismatch"
+ dnsPolicy: None
+ dnsConfig:
+ nameservers:
+ - 1.1.1.1
+ - 8.8.8.8
+
+ containers:
+ app:
+ image:
+ repository: ghcr.io/onedr0p/prowlarr
+ tag: 1.30.2.4939
+ pullPolicy: IfNotPresent
+ env:
+ TZ: "${TZ}"
+ PROWLARR__INSTANCE_NAME: *app
+ PROWLARR__PORT: &port 7878
+ PROWLARR__APPLICATION_URL: "https://prowlarr.${LOCAL_DOMAIN}"
+ PROWLARR__THEME: dark
+ PROWLARR__LOG_LEVEL: info
+
+ probes:
+ liveness:
+ enabled: false
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+
+ resources:
+ requests:
+ cpu: 50m
+ memory: 150Mi
+ limits:
+ memory: 512Mi
+
+ service:
+ app:
+ primary: true
+ controller: prowlarr
+ ports:
+ http:
+ port: *port
+
+ ingress:
+ internal:
+ enabled: true
+ className: nginx
+ hosts:
+ - host: "prowlarr.${LOCAL_DOMAIN}"
+ paths:
+ - path: /
+ pathType: Prefix
+ service:
+ identifier: app
+ port: http
+ tls:
+ - hosts:
+ - "prowlarr.${LOCAL_DOMAIN}"
+ secretName: local-mafyuh-dev-production-tls
+
+ persistence:
+ data:
+ enabled: true
+ type: nfs
+ server: "${NAS_IP}"
+ path: /mnt/thePool/thePoolShare
+ globalMounts:
+ - path: /data
diff --git a/kubernetes/apps/production/arr/prowlarr/ingress.yaml b/kubernetes/apps/production/arr/prowlarr/ingress.yaml
deleted file mode 100644
index b926573..0000000
--- a/kubernetes/apps/production/arr/prowlarr/ingress.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: prowlarr
- namespace: arr
-spec:
- ingressClassName: nginx
- rules:
- - host: "prowlarr.local.mafyuh.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: headless-prowlarr
- port:
- number: 9696
- tls:
- - hosts:
- - "prowlarr.local.mafyuh.dev"
- secretName: local-mafyuh-dev-production-tls
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/prowlarr/kustomization.yaml b/kubernetes/apps/production/arr/prowlarr/kustomization.yaml
index 5f7a4f4..4377f60 100644
--- a/kubernetes/apps/production/arr/prowlarr/kustomization.yaml
+++ b/kubernetes/apps/production/arr/prowlarr/kustomization.yaml
@@ -1,6 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - deployment.yaml
- - service.yaml
- - ingress.yaml
\ No newline at end of file
+ - helmrelease.yaml
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/prowlarr/service.yaml b/kubernetes/apps/production/arr/prowlarr/service.yaml
deleted file mode 100644
index e005ac6..0000000
--- a/kubernetes/apps/production/arr/prowlarr/service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: headless-prowlarr
- namespace: arr
-spec:
- selector:
- app: prowlarr
- ports:
- - port: 9696
- targetPort: 9696
- protocol: TCP
- type: ClusterIP
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/qbitty/deployment.yaml b/kubernetes/apps/production/arr/qbitty/deployment.yaml
deleted file mode 100644
index 1e39cbb..0000000
--- a/kubernetes/apps/production/arr/qbitty/deployment.yaml
+++ /dev/null
@@ -1,99 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: qbitty
- namespace: arr
- labels:
- app: qbitty
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: qbitty
- template:
- metadata:
- labels:
- app: qbitty
- spec:
- containers:
- - name: qbitty
- image: ghcr.io/hotio/qbittorrent@sha256:43312cb59ec3054d99848481f0913336275b7afa18ef814d2091e0b87509fc23
- imagePullPolicy: IfNotPresent
- env:
- - name: VPN_ENABLED
- value: "true"
- - name: VPN_CONF
- value: "wg0"
- - name: VPN_PROVIDER
- value: "proton"
- - name: VPN_KEEP_LOCAL_DNS
- value: "false"
- - name: VPN_AUTO_PORT_FORWARD
- value: "true"
- - name: VPN_LAN_NETWORK
- valueFrom:
- secretKeyRef:
- name: lan-network
- key: lan-network
- - name: VPN_LAN_LEAK_ENABLED
- value: "false"
- - name: VPN_FIREWALL_TYPE
- value: "auto"
- - name: PRIVOXY_ENABLED
- value: "false"
- - name: WEBUI_PORT
- value: "8080"
- - name: VPN_HEALTHCHECK_ENABLED
- value: "false"
- - name: UNBOUND_ENABLED
- value: "false"
- resources:
- requests:
- memory: "256Mi"
- cpu: "100m"
- limits:
- memory: "1Gi"
- cpu: "5000m"
- volumeMounts:
- - mountPath: /config
- name: qbitty-conf
- - mountPath: /data
- name: nas
- - mountPath: /config/wireguard/
- name: wireguard-config
- - mountPath: /incomplete
- name: qbitty-incomplete
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- ports:
- - containerPort: 8080
- name: webui
- protocol: TCP
- volumes:
- - name: nas
- nfs:
- path: /mnt/thePool/thePoolShare
- server: 10.0.0.10
- - name: qbitty-conf
- persistentVolumeClaim:
- claimName: qbitty-conf
- - name: wireguard-config
- secret:
- secretName: qbitty-wireguard
- - name: qbitty-incomplete
- emptyDir:
- sizeLimit: 100Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: qbitty-conf
- namespace: arr
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 1Gi
- storageClassName: longhorn
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/qbitty/helmrelease.yaml b/kubernetes/apps/production/arr/qbitty/helmrelease.yaml
new file mode 100644
index 0000000..d1a150d
--- /dev/null
+++ b/kubernetes/apps/production/arr/qbitty/helmrelease.yaml
@@ -0,0 +1,143 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: &app qbitty
+ namespace: arr
+spec:
+ interval: 15m
+ chart:
+ spec:
+ chart: app-template
+ version: 3.7.1
+ interval: 30m
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+
+ install:
+ remediation:
+ retries: 3
+ upgrade:
+ remediation:
+ retries: 3
+
+ values:
+ global:
+ fullnameOverride: *app
+ namespace: arr
+
+ controllers:
+ qbitty:
+ enabled: true
+ type: statefulset
+ annotations:
+ reloader.stakater.com/auto: "true"
+
+ replicas: 1
+
+ statefulset:
+ volumeClaimTemplates:
+ - name: qbitty-config
+ accessMode: ReadWriteOnce
+ size: 500Mi
+ storageClass: longhorn
+ globalMounts:
+ - path: /config
+
+ pod:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: &group 1000
+ fsGroup: *group
+ fsGroupChangePolicy: "OnRootMismatch"
+
+ containers:
+ app:
+ image:
+ repository: ghcr.io/hotio/qbittorrent
+ digest: "sha256:d97080a8a978d7705297dc44bcd6c599b3b47631fec8dcfc0cb7039279d05b02"
+ pullPolicy: IfNotPresent
+ env:
+ TZ: "${TZ}"
+ WEBUI_PORT: &port 8080
+ VPN_ENABLED: "true"
+ VPN_CONF: "wg0"
+ VPN_PROVIDER: "proton"
+ VPN_KEEP_LOCAL_DNS: "false"
+ VPN_AUTO_PORT_FORWARD: "true"
+ VPN_LAN_NETWORK:
+ valueFrom:
+ secretKeyRef:
+ name: lan-network
+ key: lan-network
+ VPN_LAN_LEAK_ENABLED: "false"
+ VPN_FIREWALL_TYPE: "auto"
+ PRIVOXY_ENABLED: "false"
+ VPN_HEALTHCHECK_ENABLED: "false"
+ UNBOUND_ENABLED: "false"
+
+ probes:
+ liveness:
+ enabled: false
+
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+
+ resources:
+ requests:
+ cpu: 20m
+ memory: 200Mi
+ limits:
+ memory: 4000Mi
+
+ service:
+ app:
+ primary: true
+ controller: qbitty
+ ports:
+ http:
+ port: *port
+
+ ingress:
+ internal:
+ enabled: true
+ className: nginx
+ hosts:
+ - host: "qbitty.${LOCAL_DOMAIN}"
+ paths:
+ - path: /
+ pathType: Prefix
+ service:
+ identifier: app
+ port: http
+ tls:
+ - hosts:
+ - "qbitty.${LOCAL_DOMAIN}"
+ secretName: local-mafyuh-dev-production-tls
+
+ persistence:
+ data:
+ enabled: true
+ type: nfs
+ server: "${NAS_IP}"
+ path: /mnt/thePool/thePoolShare
+ globalMounts:
+ - path: /data
+
+ incomplete:
+ enabled: true
+ type: emptyDir
+ sizeLimit: 100Gi
+ globalMounts:
+ - path: /incomplete
+
+ wireguard-config:
+ enabled: true
+ type: secret
+ name: qbitty-wireguard
+ defaultMode: 0400
+ globalMounts:
+ - path: /config/wireguard/
diff --git a/kubernetes/apps/production/arr/qbitty/ingress.yaml b/kubernetes/apps/production/arr/qbitty/ingress.yaml
deleted file mode 100644
index ffa8d06..0000000
--- a/kubernetes/apps/production/arr/qbitty/ingress.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: qbitty
- namespace: arr
-spec:
- ingressClassName: nginx
- rules:
- - host: "qbitty.local.mafyuh.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: qbitty
- port:
- number: 8080
- tls:
- - hosts:
- - "qbitty.local.mafyuh.dev"
- secretName: local-mafyuh-dev-production-tls
diff --git a/kubernetes/apps/production/arr/qbitty/kustomization.yaml b/kubernetes/apps/production/arr/qbitty/kustomization.yaml
index 5f7a4f4..4377f60 100644
--- a/kubernetes/apps/production/arr/qbitty/kustomization.yaml
+++ b/kubernetes/apps/production/arr/qbitty/kustomization.yaml
@@ -1,6 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - deployment.yaml
- - service.yaml
- - ingress.yaml
\ No newline at end of file
+ - helmrelease.yaml
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/qbitty/service.yaml b/kubernetes/apps/production/arr/qbitty/service.yaml
deleted file mode 100644
index bfcd933..0000000
--- a/kubernetes/apps/production/arr/qbitty/service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: qbitty
- namespace: arr
-spec:
- selector:
- app: qbitty
- ports:
- - port: 8080
- targetPort: 8080
- protocol: TCP
- type: ClusterIP
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/sabnzbd/helmrelease.yaml b/kubernetes/apps/production/arr/sabnzbd/helmrelease.yaml
index 087cf4e..c06838a 100644
--- a/kubernetes/apps/production/arr/sabnzbd/helmrelease.yaml
+++ b/kubernetes/apps/production/arr/sabnzbd/helmrelease.yaml
@@ -38,8 +38,8 @@ spec:
statefulset:
volumeClaimTemplates:
- - name: config
- accessMode: ReadWriteMany
+ - name: sabnzbd-config
+ accessMode: ReadWriteOnce
size: 500Mi
storageClass: longhorn
globalMounts:
@@ -47,8 +47,8 @@ spec:
pod:
securityContext:
- runAsUser: 65534
- runAsGroup: &group 65534
+ runAsUser: 1000
+ runAsGroup: &group 1000
fsGroup: *group
fsGroupChangePolicy: "OnRootMismatch"
@@ -61,6 +61,12 @@ spec:
env:
TZ: "${TZ}"
SABNZBD__PORT: &port 8080
+ SABNZBD__HOST_WHITELIST_ENTRIES: >-
+ {{ .Release.Name }},
+ {{ .Release.Name }}.arr,
+ {{ .Release.Name }}.arr.svc,
+ {{ .Release.Name }}.arr.svc.cluster.local,
+ sab.${LOCAL_DOMAIN}
probes:
liveness:
@@ -92,7 +98,7 @@ spec:
enabled: true
className: nginx
hosts:
- - host: "sabnzbd.${LOCAL_DOMAIN}"
+ - host: "sab.${LOCAL_DOMAIN}"
paths:
- path: /
pathType: Prefix
@@ -101,7 +107,7 @@ spec:
port: http
tls:
- hosts:
- - "sabnzbd.${LOCAL_DOMAIN}"
+ - "sab.${LOCAL_DOMAIN}"
secretName: local-mafyuh-dev-production-tls
persistence:
@@ -111,4 +117,11 @@ spec:
server: "${NAS_IP}"
path: /mnt/thePool/thePoolShare
globalMounts:
- - path: /data
\ No newline at end of file
+ - path: /data
+
+ incomplete:
+ enabled: true
+ type: emptyDir
+ sizeLimit: 100Gi
+ globalMounts:
+ - path: /incomplete
\ No newline at end of file
diff --git a/kubernetes/apps/production/arr/sonarr/helmrelease.yaml b/kubernetes/apps/production/arr/sonarr/helmrelease.yaml
index 90d1c7e..714f5e0 100644
--- a/kubernetes/apps/production/arr/sonarr/helmrelease.yaml
+++ b/kubernetes/apps/production/arr/sonarr/helmrelease.yaml
@@ -51,6 +51,11 @@ spec:
runAsGroup: &group 1000
fsGroup: *group
fsGroupChangePolicy: "OnRootMismatch"
+ dnsPolicy: None
+ dnsConfig:
+ nameservers:
+ - 1.1.1.1
+ - 8.8.8.8
containers:
app: