kube-cascade/readarr/deployment.yaml

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: readarr
  namespace: readarr
spec:
  ingressClassName: haproxy
  rules:
  - host: readarr.strudelline.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: readarr
            port:
              number: 8787
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: readarr
  name: readarr
spec:
  replicas: 0
  selector:
    matchLabels:
      app: readarr
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: readarr
    spec:
      terminationGracePeriodSeconds: 0
      restartPolicy: Always
      initContainers:
      - name: killswitch
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -j DROP
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
      volumes:
      - name: config
        nfs:
          server: 172.16.18.1
          path: /volume1/k8s-volumes/readarr-config
      - name: dropbox
        nfs:
          server: 172.16.18.1
          path: /volume1/dropbox
      - name: audiobooks
        nfs:
          server: 172.16.18.1
          path: /volume1/audiobooks
      containers:
      - name: readarr
        image: lscr.io/linuxserver/readarr:develop
        env:
        - name: TZ
          value: America/Chicago
        - name: PUID
          value: "1029"
        - name: PGID
          value: "101"
        volumeMounts:
        - mountPath: /volume1/audiobooks
          name: audiobooks
        - mountPath: /volume1/dropbox
          name: dropbox
        - mountPath: /config
          name: config
      - name: vpn
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            mkdir -p /dev/net
            mknod /dev/net/tun c 10 200
            exec /entrypoint.sh
        env:
        - name: TUN
          value: tun0
        - name: PROXY
          value: socks5://172.16.17.180:1080
        - name: TUN_EXCLUDED_ROUTES
          value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: readarr
  name: readarr
  namespace: readarr
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: readarr
    port: 8787
    protocol: TCP
    targetPort: 8787
  selector:
    app: readarr
  sessionAffinity: None
  type: ClusterIP
#apiVersion: v1
#kind: Service
#metadata:
#  annotations:
#    metallb.universe.tf/allow-shared-ip: 172.16.17.180
#    metallb.universe.tf/loadBalancerIPs: 172.16.17.180
#  labels:
#    app: nordproxy
#  name: nordproxy
#  namespace: nordproxy
#spec:
#  ipFamilies:
#  - IPv4
#  ipFamilyPolicy: SingleStack
#  ports:
#  - name: dns
#    port: 53
#    protocol: UDP
#    targetPort: 5353
#  - name: socks
#    port: 1080
#    protocol: TCP
#    targetPort: 1080
#  - name: gost-auto
#    port: 4080
#    protocol: TCP
#    targetPort: 4080
#  - name: http
#    port: 8080
#    protocol: TCP
#    targetPort: 8080
#  selector:
#    app: nordproxy
#  sessionAffinity: None
#  type: LoadBalancer
true it on up y'all 2023-12-20 22:40:16 +00:00			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: readarr`
			`namespace: readarr`
			`spec:`
			`ingressClassName: haproxy`
			`rules:`
			`- host: readarr.strudelline.net`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: readarr`
			`port:`
			`number: 8787`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`namespace: readarr`
			`name: readarr`
			`spec:`
			`replicas: 0`
			`selector:`
			`matchLabels:`
			`app: readarr`
			`strategy:`
			`type: Recreate`
			`template:`
			`metadata:`
			`labels:`
			`app: readarr`
			`spec:`
			`terminationGracePeriodSeconds: 0`
			`restartPolicy: Always`
			`initContainers:`
			`- name: killswitch`
			`image: xjasonlyu/tun2socks:latest`
			`command: ["sh","-c"]`
			`args:`
			`- \|`
			`iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT`
			`iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT`
			`iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT`
			`iptables -t mangle -A POSTROUTING -o eth0 -j DROP`
			`securityContext:`
			`capabilities:`
			`add: ["NET_ADMIN","SYS_TIME"]`
			`volumes:`
			`- name: config`
			`nfs:`
			`server: 172.16.18.1`
			`path: /volume1/k8s-volumes/readarr-config`
			`- name: dropbox`
			`nfs:`
			`server: 172.16.18.1`
			`path: /volume1/dropbox`
			`- name: audiobooks`
			`nfs:`
			`server: 172.16.18.1`
			`path: /volume1/audiobooks`
			`containers:`
			`- name: readarr`
			`image: lscr.io/linuxserver/readarr:develop`
			`env:`
			`- name: TZ`
			`value: America/Chicago`
			`- name: PUID`
			`value: "1029"`
			`- name: PGID`
			`value: "101"`
			`volumeMounts:`
			`- mountPath: /volume1/audiobooks`
			`name: audiobooks`
			`- mountPath: /volume1/dropbox`
			`name: dropbox`
			`- mountPath: /config`
			`name: config`
			`- name: vpn`
			`image: xjasonlyu/tun2socks:latest`
			`command: ["sh","-c"]`
			`args:`
			`- \|`
			`mkdir -p /dev/net`
			`mknod /dev/net/tun c 10 200`
			`exec /entrypoint.sh`
			`env:`
			`- name: TUN`
			`value: tun0`
			`- name: PROXY`
			`value: socks5://172.16.17.180:1080`
			`- name: TUN_EXCLUDED_ROUTES`
			`value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16`
			`securityContext:`
			`capabilities:`
			`add: ["NET_ADMIN","SYS_TIME"]`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`labels:`
			`app: readarr`
			`name: readarr`
			`namespace: readarr`
			`spec:`
			`ipFamilies:`
			`- IPv4`
			`ipFamilyPolicy: SingleStack`
			`ports:`
			`- name: readarr`
			`port: 8787`
			`protocol: TCP`
			`targetPort: 8787`
			`selector:`
			`app: readarr`
			`sessionAffinity: None`
			`type: ClusterIP`
			`#apiVersion: v1`
			`#kind: Service`
			`#metadata:`
			`# annotations:`
			`# metallb.universe.tf/allow-shared-ip: 172.16.17.180`
			`# metallb.universe.tf/loadBalancerIPs: 172.16.17.180`
			`# labels:`
			`# app: nordproxy`
			`# name: nordproxy`
			`# namespace: nordproxy`
			`#spec:`
			`# ipFamilies:`
			`# - IPv4`
			`# ipFamilyPolicy: SingleStack`
			`# ports:`
			`# - name: dns`
			`# port: 53`
			`# protocol: UDP`
			`# targetPort: 5353`
			`# - name: socks`
			`# port: 1080`
			`# protocol: TCP`
			`# targetPort: 1080`
			`# - name: gost-auto`
			`# port: 4080`
			`# protocol: TCP`
			`# targetPort: 4080`
			`# - name: http`
			`# port: 8080`
			`# protocol: TCP`
			`# targetPort: 8080`
			`# selector:`
			`# app: nordproxy`
			`# sessionAffinity: None`
			`# type: LoadBalancer`