apiVersion: apps/v1 kind: Deployment metadata: name: qbittorrent labels: app: qbittorrent spec: replicas: 1 selector: matchLabels: app: qbittorrent template: metadata: labels: app: qbittorrent spec: containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn readOnly: true - mountPath: /config name: config - mountPath: /downloads name: downloads env: - name: QBT_EULA value: "accept" - name: QBT_WEBUI_PORT value: "8080" - name: QBT_CONFIG_PATH value: "/config" - name: QBT_DOWNLOADS value: "/downloads" - env: - name: TS_KUBE_SECRET value: tailscale - name: TS_USERSPACE value: "true" - name: TS_OUTBOUND_HTTP_PROXY_LISTEN value: "localhost:1055" - name: TS_SOCKS5_SERVER value: "localhost:1055" - name: TS_EXTRA_ARGS value: "--exit-node=100.90.55.121" - name: TS_AUTHKEY valueFrom: secretKeyRef: key: TS_AUTHKEY name: tailscale-auth optional: true livenessProbe: exec: command: - ping - -c1 - 100.100.100.100 initialDelaySeconds: 5 periodSeconds: 5 image: ghcr.io/tailscale/tailscale:latest name: ts-sidecar securityContext: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn readOnly: true preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: downloads persistentVolumeClaim: claimName: smb-usenet - name: config persistentVolumeClaim: claimName: q-config - name: kube-api-access-t4rzn projected: sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: fieldPath: metadata.namespace path: namespace