Added download tunnels

This commit is contained in:
Marcus Noble 2020-09-20 21:18:17 +01:00
parent 50f86cc39f
commit 22ae249a1f
4 changed files with 456 additions and 0 deletions

114
manifests/jackett.yaml Normal file
View File

@ -0,0 +1,114 @@
apiVersion: v1
kind: Namespace
metadata:
name: jackett
---
apiVersion: v1
kind: Secret
metadata:
name: jackett-auth
namespace: jackett
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jackett-auth
namespace: jackett
labels:
app: jackett-auth
spec:
replicas: 1
selector:
matchLabels:
app: jackett-auth
template:
metadata:
labels:
app: jackett-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://jackett.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: jackett-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: jackett-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: jackett-auth
namespace: jackett
labels:
app: jackett-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: jackett-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jackett-auth
namespace: jackett
labels:
app: jackett-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- jackett.cluster.fun
secretName: jackett-ingress
rules:
- host: jackett.cluster.fun
http:
paths:
- path: /
backend:
serviceName: jackett-auth
servicePort: 80

114
manifests/radarr.yaml Normal file
View File

@ -0,0 +1,114 @@
apiVersion: v1
kind: Namespace
metadata:
name: radarr
---
apiVersion: v1
kind: Secret
metadata:
name: radarr-auth
namespace: radarr
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr-auth
namespace: radarr
labels:
app: radarr-auth
spec:
replicas: 1
selector:
matchLabels:
app: radarr-auth
template:
metadata:
labels:
app: radarr-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://radarr.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: radarr-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: radarr-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: radarr-auth
namespace: radarr
labels:
app: radarr-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: radarr-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: radarr-auth
namespace: radarr
labels:
app: radarr-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- radarr.cluster.fun
secretName: radarr-ingress
rules:
- host: radarr.cluster.fun
http:
paths:
- path: /
backend:
serviceName: radarr-auth
servicePort: 80

114
manifests/sonarr.yaml Normal file
View File

@ -0,0 +1,114 @@
apiVersion: v1
kind: Namespace
metadata:
name: sonarr
---
apiVersion: v1
kind: Secret
metadata:
name: sonarr-auth
namespace: sonarr
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr-auth
namespace: sonarr
labels:
app: sonarr-auth
spec:
replicas: 1
selector:
matchLabels:
app: sonarr-auth
template:
metadata:
labels:
app: sonarr-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://sonarr.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: sonarr-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: sonarr-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: sonarr-auth
namespace: sonarr
labels:
app: sonarr-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: sonarr-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sonarr-auth
namespace: sonarr
labels:
app: sonarr-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- sonarr.cluster.fun
secretName: sonarr-ingress
rules:
- host: sonarr.cluster.fun
http:
paths:
- path: /
backend:
serviceName: sonarr-auth
servicePort: 80

114
manifests/transmission.yaml Normal file
View File

@ -0,0 +1,114 @@
apiVersion: v1
kind: Namespace
metadata:
name: transmission
---
apiVersion: v1
kind: Secret
metadata:
name: transmission-auth
namespace: transmission
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: transmission-auth
namespace: transmission
labels:
app: transmission-auth
spec:
replicas: 1
selector:
matchLabels:
app: transmission-auth
template:
metadata:
labels:
app: transmission-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://transmission.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: transmission-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: transmission-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: transmission-auth
namespace: transmission
labels:
app: transmission-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: transmission-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: transmission-auth
namespace: transmission
labels:
app: transmission-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- transmission.cluster.fun
secretName: transmission-ingress
rules:
- host: transmission.cluster.fun
http:
paths:
- path: /
backend:
serviceName: transmission-auth
servicePort: 80