chore(gluetun): Rework port forward

k8s-wheatley/qbittorrent/configmap.yaml

@@ -9,20 +9,26 @@ data:
   VPN_TYPE: "wireguard"
   VPN_PORT_FORWARDING: on
   VPN_PORT_FORWARDING_PROVIDER: protonvpn
-  VPN_PORT_FORWARDING_UP_COMMAND: |
-    /bin/sh -c '
+  VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh"
+  VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh"
+  FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
+  FIREWALL_INPUT_PORTS: "8112"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gluetun-scripts
+data:
+  port-up.sh: |
+    #!/bin/sh
     wget -O- --retry-connrefused \
       --post-data "json={\"listen_port\":{{PORTS}},\"current_network_interface\":\"tun0\",\"random_port\":false,\"upnp\":false}" \
       http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1
-    '
-  VPN_PORT_FORWARDING_DOWN_COMMAND: |
-    /bin/sh -c '
+  port-down.sh: |
+    #!/bin/sh
     wget -O- --retry-connrefused \
       --post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo\"}" \
       http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1
-    '
-  FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
-  FIREWALL_INPUT_PORTS: "8112"
 ---
 apiVersion: v1
 kind: ConfigMap

k8s-wheatley/qbittorrent/deployments.yaml

@@ -33,6 +33,8 @@ spec:
             - mountPath: "/gluetun/wireguard"
               name: gluetun-wgconfig
               readOnly: true
+            - name: gluetun-scripts
+              mountPath: /scripts
             - name: gluetun-tmp
               mountPath: /tmp/gluetun
           restartPolicy: Always
@@ -128,6 +130,10 @@ spec:
         - name: gluetun-wgconfig
           secret:
             secretName: gluetun-wgconfig
+        - name: gluetun-scripts
+          configMap:
+            name: gluetun-scripts
+            defaultMode: 0755
         - name: gluetun-tmp
           emptyDir: {}
         - name: nfs-media