From 21a694212262c66fc746a205334dcf260d9f8392 Mon Sep 17 00:00:00 2001 From: David Landry Date: Sun, 2 Mar 2025 00:06:47 -0500 Subject: [PATCH] chore(arr): stand up temporary torrent deployment --- apps/temp-arr/base/deployment.gluetun.yaml | 89 +++++++++++++++++++ apps/temp-arr/base/kustomization.yaml | 23 +++++ apps/temp-arr/base/ns.yaml | 4 + apps/temp-arr/base/secret-generator.yaml | 15 ++++ apps/temp-arr/base/secret.mullvad.enc.yaml | 29 ++++++ apps/temp-arr/base/service.gluetun.yaml | 12 +++ apps/temp-arr/overlays/media/config.json | 11 +++ .../overlays/media/kustomization.yaml | 4 + 8 files changed, 187 insertions(+) create mode 100644 apps/temp-arr/base/deployment.gluetun.yaml create mode 100644 apps/temp-arr/base/kustomization.yaml create mode 100644 apps/temp-arr/base/ns.yaml create mode 100644 apps/temp-arr/base/secret-generator.yaml create mode 100644 apps/temp-arr/base/secret.mullvad.enc.yaml create mode 100644 apps/temp-arr/base/service.gluetun.yaml create mode 100644 apps/temp-arr/overlays/media/config.json create mode 100644 apps/temp-arr/overlays/media/kustomization.yaml diff --git a/apps/temp-arr/base/deployment.gluetun.yaml b/apps/temp-arr/base/deployment.gluetun.yaml new file mode 100644 index 0000000..efd168e --- /dev/null +++ b/apps/temp-arr/base/deployment.gluetun.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gluetun-deployment + labels: + app: gluetun + annotations: + checksum/secret-generator.yaml: ee04727f42edb84f45970dc517940686f4dadc241155b8df7cd253cec5d8309e + checksum/secret.mullvad.enc.yaml: 97c4a8210c9face06d08f8f73b8a71385a5dd072bb447cb05843907bef80dcae + +spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + selector: + matchLabels: + app: gluetun + template: + metadata: + labels: + app: gluetun + spec: + initContainers: + - name: gluetun + image: ghcr.io/qdm12/gluetun:v3.39.1 + imagePullPolicy: Always + restartPolicy: Always + securityContext: + capabilities: + add: + - NET_ADMIN + envFrom: + - configMapRef: + name: gluetun-env + - secretRef: + name: mullvad-secret + volumeMounts: + - name: gluetun-config + mountPath: /gluetun + - name: test-connectivity + image: busybox + command: + - sh + - '-c' + - | + sleep 60 + while ! ping -c 1 8.8.8.8; do + echo "Ping failed, retrying in 15" + sleep 15 + done + echo "ping succesfull, exiting" + + containers: + - name: qbittorrent + image: lscr.io/linuxserver/qbittorrent:latest + resources: + requests: + memory: 128Mi + cpu: 250m + limits: + memory: 2Gi + cpu: 2000m + ports: + - name: qtorrent-http + containerPort: 8080 + # containerPort: 9091 + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + # - name: WEBUI_PORT + # value: "9091" + volumeMounts: + - name: downloads + mountPath: /downloads + + + + volumes: + - name: gluetun-config + emptyDir: {} + - name: downloads + emptyDir: {} + # - name: transmission-config + # emptyDir: {} + diff --git a/apps/temp-arr/base/kustomization.yaml b/apps/temp-arr/base/kustomization.yaml new file mode 100644 index 0000000..4b76836 --- /dev/null +++ b/apps/temp-arr/base/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: arr + +resources: + - ./ns.yaml + - ./deployment.gluetun.yaml + - ./service.gluetun.yaml + +configMapGenerator: + - name: gluetun-env + literals: + - TZ=America/New_York + - VPN_SERVICE_PROVIDER=mullvad + # - #VPN_TYPE=wireguard + - VPN_TYPE=openvpn + - SERVER_COUNTRIES=Switzerland + # - HTTPPROXY=on + # - SHADOWSOCKS=on + # - SHADOWSOCKS_PASSWORD=IOnx6nu5Bm7ZFVhN2 + +generators: + - secret-generator.yaml diff --git a/apps/temp-arr/base/ns.yaml b/apps/temp-arr/base/ns.yaml new file mode 100644 index 0000000..bb218a5 --- /dev/null +++ b/apps/temp-arr/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: arr diff --git a/apps/temp-arr/base/secret-generator.yaml b/apps/temp-arr/base/secret-generator.yaml new file mode 100644 index 0000000..f07f71c --- /dev/null +++ b/apps/temp-arr/base/secret-generator.yaml @@ -0,0 +1,15 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: arr-secrets + annotations: + config.kubernetes.io/function: | + exec: + # if the binary is in your PATH, you can do + path: ksops + # otherwise, path should be relative to manifest files, like + # path: ../../../ksops +files: + - ./secret.mullvad.enc.yaml + diff --git a/apps/temp-arr/base/secret.mullvad.enc.yaml b/apps/temp-arr/base/secret.mullvad.enc.yaml new file mode 100644 index 0000000..d935e18 --- /dev/null +++ b/apps/temp-arr/base/secret.mullvad.enc.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mullvad-secret +type: Opaque +data: + OPENVPN_USER: ENC[AES256_GCM,data:yROISWuVZgA2EseHClb687L7RV0SA0Ot,iv:pr78VyGXp12SSRhkvpWBshnbSU/CPqUYnVokcWIyuII=,tag:dK08MXL5udYtszVARmlybg==,type:str] + #ENC[AES256_GCM,data:OuDD4Ol2aFOCA3HIdhYufCH7ZoLQwl8sI6aoWbR9J94xqGl7mU0Yf5z5MgRsl9+jte/dZngNDEtpmtPSWlNCB4AwBunZqxCdoRhxakH4Xfg50+41,iv:g/RaILqnflJ7GJ3IK+XJ5Jj0kHc9FGamqjtkBBJ79Ao=,tag:6kVYwbEHJ1A2zMcS6hMdUQ==,type:comment] + #ENC[AES256_GCM,data:1jOTNv8/kxtSFpMF6AJMQggGJsIJ9GTR2hfvzaSRGwCmVHYEuXK30z5d,iv:HfrfMWPaU8FnXTLUejXi2ATCeyOsCS0A/Ymj+w3+SXE=,tag:21mfcuPDM7L4fkpuORdAaA==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZjNlZFVoTGZlZVhmWUNr + UkUrak90UGV1UmF4Y0dNN1Axa0lMVWREWnhBCmxrK3NONEtkQXVlU1h4U2ZLNlhZ + UUlpV2VadkhoNEF4akRLbjU2K0lRWVUKLS0tIFpUK05zaEhSbEJZNDg1TDlGa2VF + Mjd3MXhrcWJab2V2VUl6UEJoT094OWcKh9eGQSYj+52pF8lsDtv3VRVNuG9QoMtj + 4Ei64FjpDHnVEmIDbpSiqdLf0Qg1IQwNJX+jL4lCC46W/cCIxMtaAg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-02T03:22:56Z" + mac: ENC[AES256_GCM,data:rGM1uxBXLE/QhYavTU9ZRtjB928Chh3nLL1xAEJrm2FDz4qkf8DYARnx9jl8Du3gpc/MXe9BpWhigYImSv2OSjt+8XHUuR6Wfs/cNxelv5f7AmUThYlpsJ5rmYTLMb8CNYsL9hsqgYLjUXKxxSv3KT0GSCaa4IPghOjBZgLYRKk=,iv:GitsY70ExsEWGIKTw6rBBRZ48xu1tqxh08eHehc4ONY=,tag:tjqsoS1qXwHSGqqlzCUxVA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.2 diff --git a/apps/temp-arr/base/service.gluetun.yaml b/apps/temp-arr/base/service.gluetun.yaml new file mode 100644 index 0000000..1e40917 --- /dev/null +++ b/apps/temp-arr/base/service.gluetun.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: qbittorrent +spec: + ports: + - name: http + port: 80 + targetPort: qtorrent-http + selector: + app: gluetun diff --git a/apps/temp-arr/overlays/media/config.json b/apps/temp-arr/overlays/media/config.json new file mode 100644 index 0000000..3a5ef5a --- /dev/null +++ b/apps/temp-arr/overlays/media/config.json @@ -0,0 +1,11 @@ +{ + "appName": "temp-arr", + "userGivenName": "temp-arr", + "destNamespace": "arr", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/temp-arr/overlays/media", + "srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} diff --git a/apps/temp-arr/overlays/media/kustomization.yaml b/apps/temp-arr/overlays/media/kustomization.yaml new file mode 100644 index 0000000..2333422 --- /dev/null +++ b/apps/temp-arr/overlays/media/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base