--- apiVersion: apps/v1 kind: Deployment metadata: name: qbittorrent namespace: qbittorrent labels: app: qbittorrent spec: replicas: 1 selector: matchLabels: app: qbittorrent template: metadata: labels: app: qbittorrent spec: initContainers: - name: gluetun image: ghcr.io/qdm12/gluetun:v3.40.0 ports: - name: http containerPort: 8112 protocol: TCP envFrom: - configMapRef: name: gluetun-envs volumeMounts: - mountPath: /dev/net/tun name: dev-tun - mountPath: "/gluetun/wireguard" name: gluetun-wgconfig readOnly: true restartPolicy: Always readinessProbe: exec: command: - sh - -c - "ping -c 1 9.9.9.9" initialDelaySeconds: 5 periodSeconds: 3 timeoutSeconds: 2 failureThreshold: 3 livenessProbe: exec: command: - sh - -c - "ping -c 1 9.9.9.9" initialDelaySeconds: 10 periodSeconds: 15 timeoutSeconds: 2 failureThreshold: 3 securityContext: seccompProfile: type: RuntimeDefault runAsUser: 0 runAsGroup: 0 allowPrivilegeEscalation: true capabilities: drop: - "ALL" add: - "NET_ADMIN" containers: - name: qbittorrent-nox image: docker.io/qbittorrentofficial/qbittorrent-nox:5.1.2-2 imagePullPolicy: IfNotPresent ports: - containerPort: 8112 envFrom: - configMapRef: name: qbittorrent-envs volumeMounts: - mountPath: /config name: qbittorrent-config - mountPath: /shared/media name: nfs-media securityContext: seccompProfile: type: RuntimeDefault runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - "ALL" volumes: - name: dev-tun hostPath: path: /dev/net/tun type: CharDevice - name: qbittorrent-config persistentVolumeClaim: claimName: qbittorrent-storage - name: gluetun-wgconfig secret: secretName: gluetun-wgconfig - name: nfs-media persistentVolumeClaim: claimName: nfs-media