apiVersion: apps/v1 kind: Deployment metadata: name: deluge namespace: media spec: selector: matchLabels: app: deluge template: metadata: labels: app: deluge spec: containers: - name: deluge image: lscr.io/linuxserver/deluge:latest envFrom: - configMapRef: name: deluge-config optional: false ports: - containerPort: 8112 name: http protocol: TCP - containerPort: 6881 name: udp protocol: UDP - containerPort: 6881 name: tcp protocol: TCP - containerPort: 58846 name: thinclient protocol: TCP volumeMounts: - name: deluge-config mountPath: /config - mountPath: /data/downloads name: data subPath: downloads - name: wireguard image: lscr.io/linuxserver/wireguard:latest envFrom: - configMapRef: name: wireguard-config optional: false securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE privileged: true ports: - containerPort: 51820 name: tun protocol: UDP lifecycle: postStart: exec: command: ['cp', '/wireguard-secret/deluge.conf', '/config/wg_confs/wg0.conf'] volumeMounts: - name: wireguard-config mountPath: /config - name: wireguard-secret readOnly: true mountPath: /wireguard-secret initContainers: - name: init-media-filesystem image: busybox command: - /bin/sh - -c - | mkdir -p -v /data/downloads/movies /data/downloads/tv /data/downloads/books /data/downloads/audiobooks /data/media/movies /data/media/tv /data/media/books /data/media/audiobooks chown -R 1000:1000 /data chmod -R a=,a+rX,u+w,g+w /data volumeMounts: - mountPath: /data name: data volumes: - name: deluge-config persistentVolumeClaim: claimName: deluge-config - name: wireguard-config persistentVolumeClaim: claimName: wireguard-config - name: data persistentVolumeClaim: claimName: media-data - name: wireguard-secret secret: secretName: wireguard-secret