diff --git a/sabnzbd/deployment.yaml b/sabnzbd/deployment.yaml new file mode 100644 index 0000000..81d02f3 --- /dev/null +++ b/sabnzbd/deployment.yaml @@ -0,0 +1,160 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sabnzbd + namespace: sabnzbd +spec: + ingressClassName: istio + rules: + - host: sabnzbd.strudelline.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: sabnzbd + port: + number: 8080 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: sabnzbd + name: sabnzbd +spec: + replicas: 1 + selector: + matchLabels: + app: sabnzbd + strategy: + type: Recreate + template: + metadata: + labels: + app: sabnzbd + spec: + terminationGracePeriodSeconds: 0 + restartPolicy: Always + securityContext: + sysctls: + #- name: net.core.rmem_max + # value: "67108864" + #- name: net.core.wmem_max + # value: "67108864" + - name: net.ipv4.tcp_rmem + value: "4096 87380 33554432" + - name: net.ipv4.tcp_wmem + value: "4096 65536 33554432" + initContainers: + - name: killswitch + image: xjasonlyu/tun2socks:latest + command: ["sh","-c"] + args: + - | + iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -j DROP + securityContext: + capabilities: + add: ["NET_ADMIN","SYS_TIME"] + volumes: + - name: config + nfs: + server: 172.16.18.1 + path: /volume1/k8s-volumes/sabnzbd-config + - name: dropbox + nfs: + server: 172.16.18.1 + path: /volume1/dropbox + containers: + - name: sabnzbd + image: lscr.io/linuxserver/sabnzbd:latest + env: + - name: TZ + value: America/Chicago + - name: PUID + value: "1029" + - name: PGID + value: "101" + volumeMounts: + - mountPath: /volume1/dropbox + name: dropbox + - mountPath: /config + name: config + - name: vpn + image: xjasonlyu/tun2socks:latest + command: ["sh","-c"] + args: + - | + mkdir -p /dev/net + mknod /dev/net/tun c 10 200 + exec /entrypoint.sh + env: + - name: TUN + value: tun0 + - name: PROXY + value: socks5://172.16.17.180:1080 + - name: TUN_EXCLUDED_ROUTES + value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + securityContext: + capabilities: + add: ["NET_ADMIN","SYS_TIME"] +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: sabnzbd + name: sabnzbd + namespace: sabnzbd +spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: sabnzbd + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: sabnzbd + sessionAffinity: None + type: ClusterIP +#apiVersion: v1 +#kind: Service +#metadata: +# annotations: +# metallb.universe.tf/allow-shared-ip: 172.16.17.180 +# metallb.universe.tf/loadBalancerIPs: 172.16.17.180 +# labels: +# app: nordproxy +# name: nordproxy +# namespace: nordproxy +#spec: +# ipFamilies: +# - IPv4 +# ipFamilyPolicy: SingleStack +# ports: +# - name: dns +# port: 53 +# protocol: UDP +# targetPort: 5353 +# - name: socks +# port: 1080 +# protocol: TCP +# targetPort: 1080 +# - name: gost-auto +# port: 4080 +# protocol: TCP +# targetPort: 4080 +# - name: http +# port: 8080 +# protocol: TCP +# targetPort: 8080 +# selector: +# app: nordproxy +# sessionAffinity: None +# type: LoadBalancer diff --git a/sabnzbd/ns.yaml b/sabnzbd/ns.yaml new file mode 100644 index 0000000..c8b3d19 --- /dev/null +++ b/sabnzbd/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: sabnzbd