wheatley/kubernetes
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

refactor: Move slskd to own namespace

Browse source
This commit is contained in:
Peter 2026-05-16 15:42:23 +02:00
parent 537840bc3c
commit 4dc41f994a
Signed by: Peter
SSH key fingerprint: SHA256:B5tYaxBExaDm74r1px9iVeZ6F/ZDiyiy9SbBqfZYrvg
14 changed files with 343 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

19
k8s-peterg/argocd/applications-wheatley.yaml
View file

@ -200,6 +200,25 @@ spec:
--- ---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata:
name: soulseekd
namespace: argocd
spec:
project: default
source:
repoURL: https://code.peterg.nl/wheatley/kubernetes.git
path: k8s-wheatley/soulseekd
targetRevision: HEAD
destination:
server: https://10.13.37.10:6443
namespace: soulseekd
syncPolicy:
automated:
prune: true
selfHeal: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata: metadata:
name: plex name: plex
namespace: argocd namespace: argocd

18
k8s-wheatley/qbittorrent/configmap.yaml
View file

@ -12,7 +12,7 @@ data:
VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh" VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh"
VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh" VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh"
FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
FIREWALL_INPUT_PORTS: "8112,5030" FIREWALL_INPUT_PORTS: "8112"
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@ -43,22 +43,6 @@ data:
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata:
name: slskd-envs
data:
TZ: Europe/Amsterdam
PUID: "1000"
PGID: "1000"
SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads
SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete
SLSKD_SHARED_DIR: "[Music]/shared/media/downloads/_slsk-downloads"
SLSKD_REMOTE_CONFIGURATION: "true"
SLSKD_VPN: "true"
SLSKD_VPN_PORT_FORWARDING: "true"
SLSKD_VPN_GLUETUN_URL: http://localhost:8000
---
apiVersion: v1
kind: ConfigMap
metadata: metadata:
name: unpackerr-envs name: unpackerr-envs
data: data:

30
k8s-wheatley/qbittorrent/deployments.yaml
View file

@ -24,9 +24,6 @@ spec:
- name: qbit-http - name: qbit-http
containerPort: 8112 containerPort: 8112
protocol: TCP protocol: TCP
- name: slskd-http
containerPort: 5030
protocol: TCP
envFrom: envFrom:
- configMapRef: - configMapRef:
name: gluetun-envs name: gluetun-envs
@ -124,30 +121,6 @@ spec:
capabilities: capabilities:
drop: drop:
- "ALL" - "ALL"
- name: slskd
image: docker.io/slskd/slskd
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: slskd-envs
- secretRef:
name: slskd-env-secrets
volumeMounts:
- mountPath: /config
name: slskd-config
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext:
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
add:
- "CHOWN"
- "SETUID"
- "SETGID"
volumes: volumes:
- name: dev-tun - name: dev-tun
hostPath: hostPath:
@ -156,9 +129,6 @@ spec:
- name: qbittorrent-config - name: qbittorrent-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: qbittorrent-storage claimName: qbittorrent-storage
- name: slskd-config
persistentVolumeClaim:
claimName: slskd-storage
- name: gluetun-wgconfig - name: gluetun-wgconfig
secret: secret:
secretName: gluetun-wgconfig secretName: gluetun-wgconfig

30
k8s-wheatley/qbittorrent/ingress.yaml
View file

@ -15,23 +15,6 @@ spec:
- name: qbittorrent - name: qbittorrent
port: 80 port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: slskd-route
spec:
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
hostnames:
- "slskd.wheatley.in"
rules:
- backendRefs:
- name: slskd
port: 80
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -44,16 +27,3 @@ spec:
- port: 80 - port: 80
protocol: TCP protocol: TCP
targetPort: 8112 targetPort: 8112
---
apiVersion: v1
kind: Service
metadata:
name: slskd
spec:
selector:
app: qbittorrent
ports:
- port: 80
protocol: TCP
targetPort: 5030

2
k8s-wheatley/qbittorrent/kustomization.yaml
View file

@ -35,5 +35,3 @@ images:
newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
- name: docker.io/qbittorrentofficial/qbittorrent-nox - name: docker.io/qbittorrentofficial/qbittorrent-nox
newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af
- name: docker.io/slskd/slskd
newTag: 0.25.1

12
k8s-wheatley/qbittorrent/pvc.yaml
View file

@ -10,15 +10,3 @@ spec:
resources: resources:
requests: requests:
storage: 5Gi storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: slskd-storage
spec:
storageClassName: piraeus-lvmthin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

33
k8s-wheatley/qbittorrent/secrets.yaml
View file

@ -18,39 +18,6 @@ spec:
key: secrets/managed/qbittorrent/protonvpn-wgconfig key: secrets/managed/qbittorrent/protonvpn-wgconfig
property: config property: config
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: slskd-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: slskd-env-secrets
data:
- secretKey: SLSKD_VPN_GLUETUN_API_KEY
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: GLUETUN_API_KEY
- secretKey: SLSKD_SLSK_USERNAME
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSK_USERNAME
- secretKey: SLSKD_SLSK_PASSWORD
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSK_PASSWORD
- secretKey: SLSKD_PASSWORD
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSKD_PASSWORD
- secretKey: SLSKD_API_KEY
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: API_KEY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret

29
k8s-wheatley/soulseekd/configmap.yaml Normal file
View file

@ -0,0 +1,29 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gluetun-envs
data:
TZ: Europe/Amsterdam
VPN_SERVICE_PROVIDER: "custom"
VPN_TYPE: "wireguard"
VPN_PORT_FORWARDING: on
VPN_PORT_FORWARDING_PROVIDER: protonvpn
FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
FIREWALL_INPUT_PORTS: "5030"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: slskd-envs
data:
TZ: Europe/Amsterdam
PUID: "1000"
PGID: "1000"
SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads
SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete
SLSKD_SHARED_DIR: "[Music]/shared/media/music"
SLSKD_REMOTE_CONFIGURATION: "true"
SLSKD_VPN: "true"
SLSKD_VPN_PORT_FORWARDING: "true"
SLSKD_VPN_GLUETUN_URL: http://localhost:8000

126
k8s-wheatley/soulseekd/deployments.yaml Normal file
View file

@ -0,0 +1,126 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: soulseekd
namespace: soulseekd
labels:
app: soulseekd
spec:
replicas: 1
serviceName: soulseekd
selector:
matchLabels:
app: soulseekd
template:
metadata:
labels:
app: soulseekd
spec:
initContainers:
- name: gluetun
image: ghcr.io/qdm12/gluetun
ports:
- name: slskd-http
containerPort: 5030
protocol: TCP
envFrom:
- configMapRef:
name: gluetun-envs
- secretRef:
name: gluetun-env-secrets
volumeMounts:
- mountPath: /dev/net/tun
name: dev-tun
- mountPath: /gluetun/wireguard
name: gluetun-wgconfig
readOnly: true
- name: gluetun-tmp
mountPath: /tmp/gluetun
restartPolicy: Always
lifecycle:
postStart:
exec:
command:
[
"/bin/sh",
"-c",
"(ip rule del table 51820; ip -6 rule del table 51820) || true",
]
readinessProbe:
exec:
command:
- sh
- -c
- "ping -c 1 9.9.9.9"
initialDelaySeconds: 5
periodSeconds: 3
timeoutSeconds: 2
failureThreshold: 3
livenessProbe:
exec:
command:
- sh
- -c
- "ping -c 1 9.9.9.9"
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 2
failureThreshold: 3
securityContext:
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: true
capabilities:
drop:
- "ALL"
add:
- "CHOWN"
- "NET_ADMIN"
- "NET_RAW"
containers:
- name: slskd
image: docker.io/slskd/slskd
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: slskd-envs
- secretRef:
name: slskd-env-secrets
volumeMounts:
- mountPath: /config
name: slskd-config
- mountPath: /shared/media/downloads
name: nfs-media-downloads
- mountPath: /shared/media/music
name: nfs-media-music
securityContext:
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
add:
- "CHOWN"
- "SETUID"
- "SETGID"
volumes:
- name: dev-tun
hostPath:
path: /dev/net/tun
type: CharDevice
- name: slskd-config
persistentVolumeClaim:
claimName: slskd-storage
- name: gluetun-wgconfig
secret:
secretName: gluetun-wgconfig
- name: gluetun-tmp
emptyDir: {}
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads
- name: nfs-media-music
persistentVolumeClaim:
claimName: nfs-media-music

28
k8s-wheatley/soulseekd/ingress.yaml Normal file
View file

@ -0,0 +1,28 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: slskd-route
spec:
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
hostnames:
- "slskd.wheatley.in"
rules:
- backendRefs:
- name: slskd
port: 80
---
apiVersion: v1
kind: Service
metadata:
name: slskd
spec:
selector:
app: soulseekd
ports:
- port: 80
protocol: TCP
targetPort: 5030

52
k8s-wheatley/soulseekd/kustomization.yaml Normal file
View file

@ -0,0 +1,52 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: soulseekd
resources:
- configmap.yaml
- deployments.yaml
- ingress.yaml
- pvc.yaml
- secrets.yaml
- namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/downloads
- ../../kustomize-bases/nfs-media/components/music
patches:
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-soulseekd-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-soulseekd-downloads
- target:
kind: PersistentVolume
name: nfs-media-music
patch: |
- op: replace
path: /metadata/name
value: nfs-media-soulseekd-music
- target:
kind: PersistentVolumeClaim
name: nfs-media-music
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-soulseekd-music
images:
- name: ghcr.io/qdm12/gluetun
newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
- name: docker.io/slskd/slskd
newTag: 0.25.1

7
k8s-wheatley/soulseekd/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: soulseekd
labels:
pod-security.kubernetes.io/enforce: privileged

12
k8s-wheatley/soulseekd/pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: slskd-storage
spec:
storageClassName: piraeus-lvmthin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

69
k8s-wheatley/soulseekd/secrets.yaml Normal file
View file

@ -0,0 +1,69 @@
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gluetun-wgconfig
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: gluetun-wgconfig
template:
data:
wg0.conf: "{{ .config }}"
data:
- secretKey: config
remoteRef:
key: secrets/managed/soulseekd/protonvpn-wgconfig
property: config
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: slskd-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: slskd-env-secrets
data:
- secretKey: SLSKD_VPN_GLUETUN_API_KEY
remoteRef:
key: secrets/managed/soulseekd/slskd-env-secrets
property: GLUETUN_API_KEY
- secretKey: SLSKD_SLSK_USERNAME
remoteRef:
key: secrets/managed/soulseekd/slskd-env-secrets
property: SLSK_USERNAME
- secretKey: SLSKD_SLSK_PASSWORD
remoteRef:
key: secrets/managed/soulseekd/slskd-env-secrets
property: SLSK_PASSWORD
- secretKey: SLSKD_PASSWORD
remoteRef:
key: secrets/managed/soulseekd/slskd-env-secrets
property: SLSKD_PASSWORD
- secretKey: SLSKD_API_KEY
remoteRef:
key: secrets/managed/soulseekd/slskd-env-secrets
property: API_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gluetun-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: gluetun-env-secrets
data:
- secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE
remoteRef:
key: secrets/managed/soulseekd/gluetun-env-secrets
property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE