cluster/kubernetes/apps/default/qbittorrent/tools/helmrelease.yaml at main · martinjonsson01/cluster · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: tqm
spec:
  interval: 30m
  chartRef:
    kind: OCIRepository
    name: app-template
    namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  driftDetection:
    mode: enabled
  dependsOn:
    - name: qbittorrent
      namespace: default
  values:
    controllers:
      tqm:
        type: cronjob
        cronjob: &cronJobSpec
          schedule: 0 * * * * # Every hour
          backoffLimit: 0
          concurrencyPolicy: Forbid
          successfulJobsHistory: 1
          failedJobsHistory: 1
          ttlSecondsAfterFinished: 3600
        initContainers:
          retag: &container
            image:
              repository: ghcr.io/home-operations/tqm
              tag: 1.19.0@sha256:025ee0c0c8b75f4c7bffa90216eedb494b9884e092a47e9c49824fe63427808c
            args:
              - retag
              - qb
            resources:
              requests:
                cpu: 10m
              limits:
                memory: 512Mi
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities: {drop: ["ALL"]}
        containers:
          clean:
            <<: *container
            args:
              - clean
              - qb
        pod:
          restartPolicy: Never
      orphaned:
        type: cronjob
        cronjob:
          <<: *cronJobSpec
          schedule: 0 0 * * 0
          suspend: true # Only ever run manually
        containers:
          app:
            <<: *container
            args:
              - orphan
              - qb
              - --dry-run
        pod:
          restartPolicy: Never
    defaultPodOptions:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        fsGroupChangePolicy: OnRootMismatch
    persistence:
      config:
        type: emptyDir
        globalMounts:
          - path: /.config/tqm
      secret-file:
        type: secret
        name: tqm-secret
        globalMounts:
          - path: /.config/tqm/config.yaml
            subPath: config.yaml
      media:
        type: nfs
        server: ${SECRET_NAS_IP}
        path: /volume1/Media/torrents
        globalMounts:
          - path: /Media/torrents
            readOnly: true