--- apiVersion: batch/v1 kind: CronJob metadata: namespace: lidarr name: youtube-downloader spec: schedule: "0/5 * * * *" concurrencyPolicy: Forbid jobTemplate: spec: template: spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app: lidarr topologyKey: kubernetes.io/hostname restartPolicy: OnFailure initContainers: - name: killswitch image: xjasonlyu/tun2socks:latest command: ["sh","-c"] args: - | iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT iptables -t mangle -A POSTROUTING -o eth0 -j DROP securityContext: capabilities: add: ["NET_ADMIN","SYS_TIME"] volumes: - name: config persistentVolumeClaim: claimName: lidarr-config - name: dropbox nfs: server: 172.16.18.1 path: /volume1/dropbox - name: music nfs: server: 172.16.18.1 path: /volume1/music securityContext: fsGroup: 101 containers: - name: youtube-downloader image: git.strudelline.net/infra/lidarr-youtube-downloader:main env: - name: LIDARR_URL value: https://lidarr.strudelline.net - name: LIDARR_API_KEY value: f371b7b67584461085bf1004520f0fe8 - name: LIDARR_DB value: /config/lidarr.db - name: LIDARR_MUSIC_PATH value: /volume1/music volumeMounts: - mountPath: /volume1/music name: music - mountPath: /volume1/dropbox name: dropbox - mountPath: /config name: config - name: vpn image: xjasonlyu/tun2socks:latest command: ["sh","-c"] args: - | mkdir -p /dev/net mknod /dev/net/tun c 10 200 exec /entrypoint.sh env: - name: TUN value: tun0 - name: PROXY value: socks5://172.16.17.180:1080 - name: TUN_EXCLUDED_ROUTES value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 securityContext: capabilities: add: ["NET_ADMIN","SYS_TIME"]