125 lines
2.7 KiB
YAML
125 lines
2.7 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: lidarr
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: lidarr
|
|
namespace: lidarr
|
|
spec:
|
|
ingressClassName: haproxy
|
|
rules:
|
|
- host: lidarr.strudelline.net
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: lidarr
|
|
port:
|
|
name: http
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: lidarr
|
|
name: lidarr
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: lidarr
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: lidarr
|
|
spec:
|
|
terminationGracePeriodSeconds: 0
|
|
restartPolicy: Always
|
|
initContainers:
|
|
- name: killswitch
|
|
image: xjasonlyu/tun2socks:latest
|
|
command: ["sh","-c"]
|
|
args:
|
|
- |
|
|
iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
|
|
iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
|
|
iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
|
|
iptables -t mangle -A POSTROUTING -o eth0 -j DROP
|
|
securityContext:
|
|
capabilities:
|
|
add: ["NET_ADMIN","SYS_TIME"]
|
|
volumes:
|
|
- name: config
|
|
persistentVolumeClaim:
|
|
claimName: lidarr-config
|
|
- name: dropbox
|
|
nfs:
|
|
server: 172.16.18.1
|
|
path: /volume1/dropbox
|
|
- name: music
|
|
nfs:
|
|
server: 172.16.18.1
|
|
path: /volume1/music
|
|
containers:
|
|
- name: lidarr
|
|
image: lscr.io/linuxserver/lidarr:latest
|
|
env:
|
|
- name: TZ
|
|
value: America/Chicago
|
|
- name: PUID
|
|
value: "1029"
|
|
- name: PGID
|
|
value: "101"
|
|
volumeMounts:
|
|
- mountPath: /volume1/music
|
|
name: music
|
|
- mountPath: /volume1/dropbox
|
|
name: dropbox
|
|
- mountPath: /config
|
|
name: config
|
|
- name: vpn
|
|
image: xjasonlyu/tun2socks:latest
|
|
command: ["sh","-c"]
|
|
args:
|
|
- |
|
|
mkdir -p /dev/net
|
|
mknod /dev/net/tun c 10 200
|
|
exec /entrypoint.sh
|
|
env:
|
|
- name: TUN
|
|
value: tun0
|
|
- name: PROXY
|
|
value: socks5://172.16.17.180:1080
|
|
- name: TUN_EXCLUDED_ROUTES
|
|
value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
|
securityContext:
|
|
capabilities:
|
|
add: ["NET_ADMIN","SYS_TIME"]
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: lidarr
|
|
name: lidarr
|
|
namespace: lidarr
|
|
spec:
|
|
ipFamilies:
|
|
- IPv4
|
|
ipFamilyPolicy: SingleStack
|
|
ports:
|
|
- name: http
|
|
port: 8686
|
|
protocol: TCP
|
|
selector:
|
|
app: lidarr
|
|
sessionAffinity: None
|
|
type: ClusterIP
|