mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 13:09:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
20f5b2dd485ddfb727cca6b1ee0b874a9ba04e8e
fleet-infra/jellyfin/helmrelease-transmission-openvpn.yaml
Michael Thomson 20f5b2dd48 changed CIDR
2023-12-05 12:30:26 -05:00

213 lines
6.1 KiB
YAML
Raw Blame History

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: transmission-openvpn
namespace: jellyfin
spec:
chart:
spec:
chart: transmission-openvpn
version: 2.x
sourceRef:
kind: HelmRepository
name: utkuozdemir
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: transmission-openvpn
values:
# -- Number of replicas to run. Chart is not designed to scale horizontally, use at your own risk
replicaCount: 1
# -- Use host network
hostNetwork: false
hostPort:
# -- Use host port for the application
enabled: false
# -- Host port to bind to
port: 9091
# -- Common labels for all resources of the chart
commonLabels: {}
# -- Additional port definitions for the pod
additionalPorts: []
# -- Additional port definitions for the service
additionalServicePorts: []
image:
# -- Image repository
repository: haugene/transmission-openvpn
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Image tag (if not specified, defaults to the chart's appVersion)
tag: ""
# -- Image pull secrets
imagePullSecrets: []
# -- String to partially override fullname template with a string (will prepend the release name)
nameOverride: ""
# -- String to fully override fullname template with a string
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template
name: ""
# -- Annotations for the pods
podAnnotations: {}
# -- Security context for the pods
podSecurityContext: {}
# -- Security context for the container. NET_ADMIN capability is required for the VPN to work properly.
securityContext:
capabilities:
add:
- NET_ADMIN
# -- Deployment strategy
strategy:
type: Recreate
service:
# -- Type of the service
type: ClusterIP
# -- Port for the service to use
port: 80
# -- Service annotations
annotations: {}
# -- clusterIP for the service
clusterIP: ""
# -- loadBalancerIP for the service
loadBalancerIP: ""
# -- externalName for the service
externalName: ""
# -- loadBalancerClass for the service
loadBalancerClass: ""
ingress:
# -- Expose the app using an ingress
enabled: true
# -- Ingress class name
className: traefik
# -- Annotations for the ingress
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
# -- Ingress hosts configuration
# @default -- see [values.yaml](values.yaml)
hosts:
- host: transmission.michaelthomson.dev
paths:
- path: /
pathType: ImplementationSpecific
# -- The TLS configuration for the Ingress
tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev
hosts:
- transmission.michaelthomson.dev
# -- The resource requests and limits of the container
resources: {}
# -- The node selector for the deployment
nodeSelector: {}
# -- Tolerations for the pod assignment
tolerations: []
# -- Affinity for the pod assignment
affinity: {}
persistence:
# -- Enable persistence
enabled: true
# -- Persistence type is pvc. When `false`, data volume definition is read from `persistence.dataVolume`
isPvc: true
# -- Name of the existing claim to be used
existingClaim: "jellyfin-data"
# -- Storage class for the data volume
storageClass: ""
# -- Volume name override for the pvc
volumeName: ""
# -- Annotations for the claim
annotations: {}
# helm.sh/resource-policy: keep
# -- Access modes for the claim
accessModes:
- ReadWriteOnce
# -- Size for the claim
size: 64Gi
# -- Alternative data volume definition (e.g. nfs, hostPath). Used when `persistence.isPvc` is `false`
dataVolume: {}
# hostPath:
# path: /path/on/host
# -- Non-sensitive environment variables to be set in the pods. See the [application docs](https://haugene.github.io/docker-transmission-openvpn/config-options/)
env:
OPENVPN_PROVIDER: PROTONVPN
OPENVPN_CONFIG: us.protonvpn.net.udp
LOCAL_NETWORK: "10.0.0.0/8,192.168.2.0/24"
CREATE_TUN_DEVICE: "true"
OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60
# -- Sensitive environment variables to be set in the pods. See the [application docs](https://haugene.github.io/docker-transmission-openvpn/config-options/)
secretEnv:
OPENVPN_USERNAME: wSNJV3UTu7K8fxBV
OPENVPN_PASSWORD: fh7dwMzYzJGmHgTo5nTlirjaO0LANcUa
# -- Mount the /dev/net/tun device into the pod. Required by OpenVPN when a `tun` device is used
mountTunDevice: true
# -- DNS configuration for the pod
dnsConfig: {}
# -- DNS policy for the pod
dnsPolicy: ClusterFirst
# -- Arbitrary extra volume definitions for the pod
extraVolumes: []
# - name: custom-provider-config
# secret:
# defaultMode: 420
# secretName: openvpn-custom
# -- Arbitrary extra volume mounts for the pod
extraVolumeMounts: {}
# - mountPath: /etc/openvpn/custom/
# name: custom-provider-config
# -- Pod liveness probe
livenessProbe: {}
# -- Pod readiness probe
readinessProbe:
tcpSocket:
port: http
# -- Init containers
initContainers: []
# - name: init
# image: busybox:stable-musl
# command:
# - sh
# - -c
# - echo "initializing..."
# -- Sidecar containers
sidecarContainers: []
# - name: sidecar
# image: busybox:stable-musl
# command:
# - tail
# - -f
# - /dev/null
Reference in New Issue View Git Blame Copy Permalink