--- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: vpn-creds namespace: jellyfin spec: target: name: vpn-creds deletionPolicy: Delete template: type: Opaque data: ss_link: |- {{ .ss_link }} data: - secretKey: ss_link sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: cfee6f62-fb06-4a4c-b6d8-92da4908c65a property: fields[0].value --- apiVersion: apps/v1 kind: Deployment metadata: name: qbittorrent namespace: jellyfin labels: app: qbittorrent annotations: reloader.stakater.com/auto: "true" spec: selector: matchLabels: app: qbittorrent replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: metadata: labels: app: qbittorrent spec: nodeSelector: kubernetes.io/hostname: master.tail2fe2d.ts.net volumes: - name: config hostPath: path: /k8s/qbt-config type: DirectoryOrCreate - name: media hostPath: path: /k8s/jellyfin/media type: DirectoryOrCreate containers: - name: qbittorrent image: 'linuxserver/qbittorrent:latest' ports: - name: http containerPort: 8080 protocol: TCP volumeMounts: - name: config mountPath: /config - name: media mountPath: /downloads - name: shadowsocks-proxy image: teddysun/shadowsocks-rust:latest env: - name: SS_LINK valueFrom: secretKeyRef: name: vpn-creds key: ss_link command: ["/bin/bash", "-c", "rm /etc/shadowsocks-rust/config.json && sslocal --online-config-url $SS_LINK --local-addr 127.0.0.1:8081 -U --protocol http"] resources: requests: memory: "64Mi" cpu: "200m" --- apiVersion: v1 kind: Service metadata: name: qbittorrent namespace: jellyfin spec: selector: app: qbittorrent ports: - protocol: TCP port: 80 targetPort: 8080