apiVersion: apps/v1
kind: Deployment
metadata:
  name: qbittorrent
  labels:
    app: qbittorrent
spec:
  replicas: 1
  selector:
    matchLabels:
      app: qbittorrent
  template:
    metadata:
      labels:
        app: qbittorrent
    spec:
      initContainers:
      - image: ghcr.io/tailscale/tailscale:latest
        command:
        - /bin/sh
        - -c
        - mkdir -p /persist/var/lib/tailscale
        name: ts-prep
        securityContext:
          runAsGroup: 1000
          runAsUser: 1000
          privileged: true
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: kube-api-access-t4rzn
          readOnly: true
        - mountPath: /persist
          name: persist
      containers:
      - image: qbittorrentofficial/qbittorrent-nox:latest
        name: qbittorrent
        command:
        - /bin/sh
        - -c
        - while sleep 1; do echo '.'; done
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: kube-api-access-t4rzn
          readOnly: true
        - mountPath: /config
          name: config
        - mountPath: /downloads
          name: downloads
        env:
        - name: QBT_EULA
          value: "accept"
        - name: QBT_WEBUI_PORT
          value: "8080"
        - name: QBT_CONFIG_PATH
          value: "/config"
        - name: QBT_DOWNLOADS
          value: "/downloads"
      - env:
        - name: TS_KUBE_SECRET
          value: tailscale
        - name: TS_USERSPACE
          value: "false"
        - name: TS_OUTBOUND_HTTP_PROXY_LISTEN
          value: "localhost:1055"
        - name: TS_SOCKS5_SERVER
          value: "localhost:1055"
        - name: TS_EXTRA_ARGS
          value: "--exit-node=100.90.55.121"
        - name: TS_AUTHKEY
          valueFrom:
            secretKeyRef:
              key: TS_AUTHKEY
              name: tailscale-auth
              optional: true
#        livenessProbe:
#          exec:
#            command:
#            - ping
#            - -c1
#            - 100.100.100.100
#          initialDelaySeconds: 120
#          periodSeconds: 5
        image: ghcr.io/tailscale/tailscale:latest
        name: ts-sidecar
        securityContext:
          runAsGroup: 1000
          runAsUser: 1000
          privileged: true
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: kube-api-access-t4rzn
          readOnly: true
        - mountPath: /persist
          name: persist
      preemptionPolicy: PreemptLowerPriority
      priority: 0
      serviceAccountName: tailscale
      tolerations:
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
        tolerationSeconds: 300
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
        tolerationSeconds: 300
      volumes:
      - name: downloads
        persistentVolumeClaim:
          claimName: smb-usenet
      - name: config
        persistentVolumeClaim:
          claimName: q-config
      - name: persist
        emptyDir: {}
      - name: kube-api-access-t4rzn
        projected:
          sources:
          - serviceAccountToken:
              expirationSeconds: 3607
              path: token
          - configMap:
              items:
              - key: ca.crt
                path: ca.crt
              name: kube-root-ca.crt
          - downwardAPI:
              items:
              - fieldRef:
                  fieldPath: metadata.namespace
                path: namespace