--- apiVersion: apps/v1 kind: StatefulSet metadata: name: qbittorrent namespace: qbittorrent labels: app: qbittorrent spec: replicas: 1 serviceName: qbittorrent selector: matchLabels: app: qbittorrent template: metadata: labels: app: qbittorrent spec: initContainers: - name: gluetun image: ghcr.io/qdm12/gluetun ports: - name: qbittorrent-http containerPort: 8112 protocol: TCP - name: slskd-http containerPort: 5030 protocol: TCP envFrom: - configMapRef: name: gluetun-envs volumeMounts: - mountPath: /dev/net/tun name: dev-tun - mountPath: /gluetun/wireguard name: gluetun-wgconfig readOnly: true - name: gluetun-scripts mountPath: /scripts - name: gluetun-tmp mountPath: /tmp/gluetun restartPolicy: Always lifecycle: postStart: exec: command: [ "/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true", ] readinessProbe: exec: command: - sh - -c - "ping -c 1 9.9.9.9" initialDelaySeconds: 5 periodSeconds: 3 timeoutSeconds: 2 failureThreshold: 3 livenessProbe: exec: command: - sh - -c - "ping -c 1 9.9.9.9" initialDelaySeconds: 10 periodSeconds: 15 timeoutSeconds: 2 failureThreshold: 3 securityContext: seccompProfile: type: RuntimeDefault allowPrivilegeEscalation: true capabilities: drop: - "ALL" add: - "CHOWN" - "NET_ADMIN" - "NET_RAW" containers: - name: qbittorrent-nox image: docker.io/qbittorrentofficial/qbittorrent-nox imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: qbittorrent-envs volumeMounts: - mountPath: /config name: qbittorrent-config - mountPath: /shared/media/downloads name: nfs-media securityContext: seccompProfile: type: RuntimeDefault runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - "ALL" - name: unpackerr image: golift/unpackerr imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: unpackerr-envs - secretRef: name: unpackerr-env-secrets volumeMounts: - mountPath: /shared/media/downloads name: nfs-media securityContext: seccompProfile: type: RuntimeDefault runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - "ALL" - name: slskd image: docker.io/slskd/slskd imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: slskd-envs volumeMounts: - mountPath: /config name: slskd-config - mountPath: /shared/media/downloads name: nfs-media securityContext: seccompProfile: type: RuntimeDefault runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - "ALL" - name: unpackerr image: golift/unpackerr imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: unpackerr-envs - secretRef: name: unpackerr-env-secrets volumeMounts: - mountPath: /shared/media/downloads name: nfs-media securityContext: seccompProfile: type: RuntimeDefault runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - "ALL" volumes: - name: dev-tun hostPath: path: /dev/net/tun type: CharDevice - name: qbittorrent-config persistentVolumeClaim: claimName: qbittorrent-storage - name: slskd-config persistentVolumeClaim: claimName: slskd-storage - name: gluetun-wgconfig secret: secretName: gluetun-wgconfig - name: gluetun-scripts configMap: name: gluetun-scripts defaultMode: 0755 - name: gluetun-tmp emptyDir: {} - name: nfs-media persistentVolumeClaim: claimName: nfs-media