gilgamezh
1a91b72464
AirVPN blocks outbound DNS-over-TLS (tcp/853), so gluetun's default DoT resolver at 127.0.0.1 never gets answers. The startup healthcheck's "lookup cloudflare.com" then times out and the VPN restarts every ~6s in a permanent loop, leaving qbittorrent with no working DNS. Verified inside the pod netns: tunnel egress works (ping 8.8.8.8 18ms), AirVPN's pushed resolver 10.128.0.1 resolves fine, but tcp/853 to both 1.1.1.1 and 8.8.8.8 times out. Set DOT=off and DNS_ADDRESS=10.128.0.1 so gluetun points resolv.conf at AirVPN's pushed DNS, reached over the tunnel (no DNS leak, no port 853). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
141 lines
3.1 KiB
YAML
141 lines
3.1 KiB
YAML
---
|
|
replicaCount: 1
|
|
|
|
qbittorrent:
|
|
image:
|
|
repository: lscr.io/linuxserver/qbittorrent
|
|
tag: "5.1.4-r3-ls453"
|
|
pullPolicy: Always
|
|
env:
|
|
- name: PUID
|
|
value: "1000"
|
|
- name: PGID
|
|
value: "1000"
|
|
- name: TZ
|
|
value: "Europe/Amsterdam"
|
|
- name: WEBUI_PORT
|
|
value: "8080"
|
|
- name: TORRENTING_PORT
|
|
value: "54408"
|
|
torrentPort: 54408
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 8080
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 20
|
|
timeoutSeconds: 2
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 2
|
|
failureThreshold: 3
|
|
resources:
|
|
requests:
|
|
memory: "500Mi"
|
|
cpu: "500m"
|
|
ephemeral-storage: "50Mi"
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "2"
|
|
ephemeral-storage: "1Gi"
|
|
volumeMounts:
|
|
- name: plex-data
|
|
mountPath: "/config"
|
|
subPath: "configs/qbittorrent"
|
|
- name: plex-data
|
|
mountPath: "/nfs/incomplete_torrents"
|
|
subPath: "incomplete_torrents"
|
|
- name: plex-data
|
|
mountPath: "/nfs/torrent"
|
|
subPath: "torrent"
|
|
|
|
gluetun:
|
|
image:
|
|
repository: qmcgaw/gluetun
|
|
tag: v3.41.1
|
|
pullPolicy: IfNotPresent
|
|
env:
|
|
- name: VPN_SERVICE_PROVIDER
|
|
value: "airvpn"
|
|
- name: VPN_TYPE
|
|
value: "wireguard"
|
|
- name: WIREGUARD_PRIVATE_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gluetun-wireguard
|
|
key: WIREGUARD_PRIVATE_KEY
|
|
- name: WIREGUARD_PRESHARED_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gluetun-wireguard
|
|
key: WIREGUARD_PRESHARED_KEY
|
|
- name: WIREGUARD_ADDRESSES
|
|
value: "10.160.17.207/32,fd7d:76ee:e68f:a993:61d7:a5fe:f834:90e1/128"
|
|
- name: SERVER_COUNTRIES
|
|
value: "Netherlands"
|
|
# AirVPN blocks outbound DNS-over-TLS (tcp/853), so gluetun's default
|
|
# DoT resolver never gets answers and the startup healthcheck loops
|
|
# forever on "lookup cloudflare.com: i/o timeout". Use AirVPN's pushed
|
|
# plaintext resolver instead (reached over the tunnel, no DNS leak).
|
|
- name: DOT
|
|
value: "off"
|
|
- name: DNS_ADDRESS
|
|
value: "10.128.0.1"
|
|
- name: FIREWALL_INPUT_PORTS
|
|
value: "8080"
|
|
- name: FIREWALL_VPN_INPUT_PORTS
|
|
value: "54408"
|
|
- name: TZ
|
|
value: "Europe/Amsterdam"
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 8000
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 20
|
|
timeoutSeconds: 2
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 8000
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 2
|
|
failureThreshold: 3
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 512Mi
|
|
cpu: 500m
|
|
volumeMounts:
|
|
- name: dev-tun
|
|
mountPath: "/dev/net/tun"
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
|
|
volumes:
|
|
- name: plex-data
|
|
persistentVolumeClaim:
|
|
claimName: plex-data
|
|
- name: dev-tun
|
|
hostPath:
|
|
path: /dev/net/tun
|
|
|
|
nodeSelector:
|
|
kubernetes.io/arch: arm64
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|