Added download tunnels

2020-09-20 21:18:17 +01:00 · 2020-09-20 21:18:17 +01:00 · 22ae249a1f
parent 50f86cc39f
commit 22ae249a1f
4 changed files with 456 additions and 0 deletions
--- a/manifests/jackett.yaml
+++ b/manifests/jackett.yaml
@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jackett
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: jackett-auth
+  namespace: jackett
+  annotations:
+    kube-1password: mr6spkkx7n3memkbute6ojaarm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jackett-auth
+  namespace: jackett
+  labels:
+    app: jackett-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jackett-auth
+  template:
+    metadata:
+      labels:
+        app: jackett-auth
+    spec:
+      containers:
+      - args:
+        - --cookie-secure=false
+        - --provider=oidc
+        - --provider-display-name=Auth0
+        - --upstream=http://inlets.inlets.svc.cluster.local
+        - --http-address=$(HOST_IP):8080
+        - --redirect-url=https://jackett.cluster.fun/oauth2/callback
+        - --email-domain=*
+        - --pass-basic-auth=false
+        - --pass-access-token=false
+        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
+        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
+        env:
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: jackett-auth
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: jackett-auth
+        image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
+        name: oauth-proxy
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jackett-auth
+  namespace: jackett
+  labels:
+    app: jackett-auth
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: jackett-auth
+  type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: jackett-auth
+  namespace: jackett
+  labels:
+    app: jackett-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - jackett.cluster.fun
+    secretName: jackett-ingress
+  rules:
+  - host: jackett.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: jackett-auth
+          servicePort: 80
--- a/manifests/radarr.yaml
+++ b/manifests/radarr.yaml
@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: radarr
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: radarr-auth
+  namespace: radarr
+  annotations:
+    kube-1password: mr6spkkx7n3memkbute6ojaarm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radarr-auth
+  namespace: radarr
+  labels:
+    app: radarr-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: radarr-auth
+  template:
+    metadata:
+      labels:
+        app: radarr-auth
+    spec:
+      containers:
+      - args:
+        - --cookie-secure=false
+        - --provider=oidc
+        - --provider-display-name=Auth0
+        - --upstream=http://inlets.inlets.svc.cluster.local
+        - --http-address=$(HOST_IP):8080
+        - --redirect-url=https://radarr.cluster.fun/oauth2/callback
+        - --email-domain=*
+        - --pass-basic-auth=false
+        - --pass-access-token=false
+        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
+        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
+        env:
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: radarr-auth
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: radarr-auth
+        image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
+        name: oauth-proxy
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: radarr-auth
+  namespace: radarr
+  labels:
+    app: radarr-auth
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: radarr-auth
+  type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: radarr-auth
+  namespace: radarr
+  labels:
+    app: radarr-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - radarr.cluster.fun
+    secretName: radarr-ingress
+  rules:
+  - host: radarr.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: radarr-auth
+          servicePort: 80
--- a/manifests/sonarr.yaml
+++ b/manifests/sonarr.yaml
@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sonarr
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sonarr-auth
+  namespace: sonarr
+  annotations:
+    kube-1password: mr6spkkx7n3memkbute6ojaarm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sonarr-auth
+  namespace: sonarr
+  labels:
+    app: sonarr-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sonarr-auth
+  template:
+    metadata:
+      labels:
+        app: sonarr-auth
+    spec:
+      containers:
+      - args:
+        - --cookie-secure=false
+        - --provider=oidc
+        - --provider-display-name=Auth0
+        - --upstream=http://inlets.inlets.svc.cluster.local
+        - --http-address=$(HOST_IP):8080
+        - --redirect-url=https://sonarr.cluster.fun/oauth2/callback
+        - --email-domain=*
+        - --pass-basic-auth=false
+        - --pass-access-token=false
+        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
+        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
+        env:
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: sonarr-auth
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: sonarr-auth
+        image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
+        name: oauth-proxy
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sonarr-auth
+  namespace: sonarr
+  labels:
+    app: sonarr-auth
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: sonarr-auth
+  type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: sonarr-auth
+  namespace: sonarr
+  labels:
+    app: sonarr-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - sonarr.cluster.fun
+    secretName: sonarr-ingress
+  rules:
+  - host: sonarr.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: sonarr-auth
+          servicePort: 80
--- a/manifests/transmission.yaml
+++ b/manifests/transmission.yaml
@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: transmission
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: transmission-auth
+  namespace: transmission
+  annotations:
+    kube-1password: mr6spkkx7n3memkbute6ojaarm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: transmission-auth
+  namespace: transmission
+  labels:
+    app: transmission-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: transmission-auth
+  template:
+    metadata:
+      labels:
+        app: transmission-auth
+    spec:
+      containers:
+      - args:
+        - --cookie-secure=false
+        - --provider=oidc
+        - --provider-display-name=Auth0
+        - --upstream=http://inlets.inlets.svc.cluster.local
+        - --http-address=$(HOST_IP):8080
+        - --redirect-url=https://transmission.cluster.fun/oauth2/callback
+        - --email-domain=*
+        - --pass-basic-auth=false
+        - --pass-access-token=false
+        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
+        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
+        env:
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: transmission-auth
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: transmission-auth
+        image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
+        name: oauth-proxy
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: transmission-auth
+  namespace: transmission
+  labels:
+    app: transmission-auth
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: transmission-auth
+  type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: transmission-auth
+  namespace: transmission
+  labels:
+    app: transmission-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - transmission.cluster.fun
+    secretName: transmission-ingress
+  rules:
+  - host: transmission.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: transmission-auth
+          servicePort: 80