kube-cascade/lidarr/deployment.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: lidarr
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: lidarr
  namespace: lidarr
spec:
  ingressClassName: haproxy
  rules:
  - host: lidarr.strudelline.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: lidarr
            port:
              name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: lidarr
  name: lidarr
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lidarr
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: lidarr
    spec:
      terminationGracePeriodSeconds: 0
      restartPolicy: Always
      initContainers:
      - name: killswitch
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -j DROP            
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: lidarr-config
      - name: dropbox
        nfs:
          server: 172.16.18.1
          path: /volume1/dropbox
      - name: music
        nfs:
          server: 172.16.18.1
          path: /volume1/music
      containers:
      - name: lidarr
        image: lscr.io/linuxserver/lidarr:latest
        env:
        - name: TZ
          value: America/Chicago
        - name: PUID
          value: "1029"
        - name: PGID
          value: "101"
        volumeMounts:
        - mountPath: /volume1/music
          name: music
        - mountPath: /volume1/dropbox
          name: dropbox
        - mountPath: /config
          name: config
      - name: vpn
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            mkdir -p /dev/net
            mknod /dev/net/tun c 10 200
            exec /entrypoint.sh            
        env:
        - name: TUN
          value: tun0
        - name: PROXY
          value: socks5://172.16.17.180:1080
        - name: TUN_EXCLUDED_ROUTES
          value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: lidarr
  name: lidarr
  namespace: lidarr
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http
    port: 8686
    protocol: TCP
  selector:
    app: lidarr
  sessionAffinity: None
  type: ClusterIP