infra4talos/apps-kustomized/torrents/deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: qbittorrentofficial/qbittorrent-nox:latest
        name: nginx
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: kube-api-access-t4rzn
          readOnly: true
        - mountPath: /config
          name: config
        - mountPath: /downloads
          name: downloads
        env:
        - name: QBT_EULA
          value: "accept"
        - name: QBT_WEBUI_PORT
          value: "8080"
        - name: QBT_CONFIG_PATH
          value: "/config"
        - name: QBT_DOWNLOADS
          value: "/downloads"
      - env:
        - name: TS_KUBE_SECRET
          value: tailscale
        - name: TS_USERSPACE
          value: "true"
        - name: TS_OUTBOUND_HTTP_PROXY_LISTEN
          value: "localhost:1055"
        - name: TS_SOCKS5_SERVER
          value: "localhost:1055"
        - name: TS_EXTRA_ARGS
          value: "--exit-node=100.90.55.149"
        - name: TS_AUTHKEY
          valueFrom:
            secretKeyRef:
              key: TS_AUTHKEY
              name: tailscale-auth
              optional: true
        image: ghcr.io/tailscale/tailscale:latest
        name: ts-sidecar
        securityContext:
          runAsGroup: 1000
          runAsUser: 1000
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: kube-api-access-t4rzn
          readOnly: true
      preemptionPolicy: PreemptLowerPriority
      priority: 0
      serviceAccountName: tailscale
      tolerations:
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
        tolerationSeconds: 300
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
        tolerationSeconds: 300
      volumes:
      - name: downloads
        persistentVolumeClaim:
          claimName: smb-usenet
      - name: config
        persistentVolumeClaim:
          claimName: q-config
      - name: kube-api-access-t4rzn
        projected:
          sources:
          - serviceAccountToken:
              expirationSeconds: 3607
              path: token
          - configMap:
              items:
              - key: ca.crt
                path: ca.crt
              name: kube-root-ca.crt
          - downwardAPI:
              items:
              - fieldRef:
                  fieldPath: metadata.namespace
                path: namespace
This has been running a while Signed-off-by: Martyn Ranyard <m@rtyn.berlin> 2024-10-03 15:02:24 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: nginx`
			`labels:`
			`app: nginx`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: nginx`
			`template:`
			`metadata:`
			`labels:`
			`app: nginx`
			`spec:`
			`containers:`
			`- image: qbittorrentofficial/qbittorrent-nox:latest`
			`name: nginx`
			`volumeMounts:`
			`- mountPath: /var/run/secrets/kubernetes.io/serviceaccount`
			`name: kube-api-access-t4rzn`
			`readOnly: true`
			`- mountPath: /config`
			`name: config`
			`- mountPath: /downloads`
			`name: downloads`
			`env:`
			`- name: QBT_EULA`
			`value: "accept"`
			`- name: QBT_WEBUI_PORT`
			`value: "8080"`
			`- name: QBT_CONFIG_PATH`
			`value: "/config"`
			`- name: QBT_DOWNLOADS`
			`value: "/downloads"`
			`- env:`
			`- name: TS_KUBE_SECRET`
			`value: tailscale`
			`- name: TS_USERSPACE`
			`value: "true"`
			`- name: TS_OUTBOUND_HTTP_PROXY_LISTEN`
			`value: "localhost:1055"`
			`- name: TS_SOCKS5_SERVER`
			`value: "localhost:1055"`
			`- name: TS_EXTRA_ARGS`
			`value: "--exit-node=100.90.55.149"`
			`- name: TS_AUTHKEY`
			`valueFrom:`
			`secretKeyRef:`
			`key: TS_AUTHKEY`
			`name: tailscale-auth`
			`optional: true`
			`image: ghcr.io/tailscale/tailscale:latest`
			`name: ts-sidecar`
			`securityContext:`
			`runAsGroup: 1000`
			`runAsUser: 1000`
			`volumeMounts:`
			`- mountPath: /var/run/secrets/kubernetes.io/serviceaccount`
			`name: kube-api-access-t4rzn`
			`readOnly: true`
			`preemptionPolicy: PreemptLowerPriority`
			`priority: 0`
			`serviceAccountName: tailscale`
			`tolerations:`
			`- effect: NoExecute`
			`key: node.kubernetes.io/not-ready`
			`operator: Exists`
			`tolerationSeconds: 300`
			`- effect: NoExecute`
			`key: node.kubernetes.io/unreachable`
			`operator: Exists`
			`tolerationSeconds: 300`
			`volumes:`
			`- name: downloads`
			`persistentVolumeClaim:`
			`claimName: smb-usenet`
			`- name: config`
			`persistentVolumeClaim:`
			`claimName: q-config`
			`- name: kube-api-access-t4rzn`
			`projected:`
			`sources:`
			`- serviceAccountToken:`
			`expirationSeconds: 3607`
			`path: token`
			`- configMap:`
			`items:`
			`- key: ca.crt`
			`path: ca.crt`
			`name: kube-root-ca.crt`
			`- downwardAPI:`
			`items:`
			`- fieldRef:`
			`fieldPath: metadata.namespace`
			`path: namespace`