aggarwalakshun/k3s-at-home
0
0
Fork 0
Code Issues 1 Pull Requests Actions 2 Packages Projects Releases Wiki Activity

ipv6 cluster initial commit
All checks were successful
Validate Kubernetes Manifests / kubeconform (push) Successful in 1m3s
Details

Browse Source
This commit is contained in:
Akshun Aggarwal
2026-01-04 07:08:20 +05:30
parent 12d4af9cd8
commit 9aabad8216
179 changed files with 16997 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
clusters/ipv6/arr-stack/bazarr/bazarr-ingress.yml Normal file
View File

@@ -0,0 +1,28 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bazarr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- bazarr.akshun-lab.cc
secretName: bazarr-tls
rules:
- host: bazarr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bazarr-service
port:
number: 6767

15
clusters/ipv6/arr-stack/bazarr/bazarr-pvc.yml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn

13
clusters/ipv6/arr-stack/bazarr/bazarr-svc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: bazarr-service
namespace: arr-stack
spec:
selector:
app: bazarr
ports:
- protocol: TCP
port: 6767
targetPort: 6767

48
clusters/ipv6/arr-stack/bazarr/bazarr.yml Normal file
View File

@@ -0,0 +1,48 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bazarr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: bazarr
template:
metadata:
labels:
app: bazarr
spec:
containers:
- name: bazarr
image: linuxserver/bazarr:1.5.3
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: movies
mountPath: /movies
- name: tv
mountPath: /tv
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: bazarr-longhorn
- name: tv
nfs:
server: 10.0.0.123
path: /merge/series
- name: movies
nfs:
server: 10.0.0.123
path: /merge/movies

28
clusters/ipv6/arr-stack/jellyseerr/jellyseerr-ingress.yml Normal file
View File

@@ -0,0 +1,28 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jellyseerr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- jellyseerr.akshun-lab.cc
secretName: jellyseerr-tls
rules:
- host: jellyseerr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jellyseerr-service
port:
number: 5055

15
clusters/ipv6/arr-stack/jellyseerr/jellyseerr-pvc.yml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyseerr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

14
clusters/ipv6/arr-stack/jellyseerr/jellyseerr-svc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: Service
metadata:
name: jellyseerr-service
namespace: arr-stack
spec:
selector:
app: jellyseerr
ports:
- port: 5055
targetPort: 5055
protocol: TCP

58
clusters/ipv6/arr-stack/jellyseerr/jellyseerr.yml Normal file
View File

@@ -0,0 +1,58 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jellyseerr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: jellyseerr
template:
metadata:
labels:
app: jellyseerr
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
restartPolicy: Always
securityContext:
capabilities:
add:
- NET_ADMIN
envFrom:
- configMapRef:
name: gluetun-config
env:
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_PASSWORD
- name: OPENVPN_USER
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_USER
containers:
- name: jellyseerr
image: fallenbagel/jellyseerr:2.7.3
ports:
- containerPort: 5055
env:
- name: LOG_LEVEL
value: "info"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: config
mountPath: /app/config
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyseerr-longhorn

7
clusters/ipv6/arr-stack/namespace.yml Normal file
View File

@@ -0,0 +1,7 @@
---
kind: Namespace
apiVersion: v1
metadata:
name: arr-stack
labels:
name: arr-stack

13
clusters/ipv6/arr-stack/openvpn/gluetun-config.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gluetun-config
namespace: arr-stack
data:
VPN_SERVICE_PROVIDER: "surfshark"
SERVER_COUNTRIES: "Netherlands"
HTTPPROXY: "ON"
FIREWALL_OUTBOUND_SUBNETS: "192.168.1.0/24,10.42.0.0/16,10.43.0.0/16"
DNS_ADDRESS: "8.8.8.8"

15
clusters/ipv6/arr-stack/openvpn/gluetun-secrets-sealed.yml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: openvpn-secrets
namespace: arr-stack
spec:
encryptedData:
OPENVPN_PASSWORD: AgB7Oc8moaDTahnT3UDKXtRaOYknWJ+0eer7e5Gj01xcUHPwI82ufKHPmgOP3f/9f7Z7TV29gJbWsBqEbbuT8VRzd+KiwTKgpMDFVvIgciaoevj9PPW1ExRGdrcV069Pi4ZqqlCzQavh2BwZq+cbuIhMYZmKHtBRCoAJl3V/FCBu+3udDjiXk74ZiJ8G+EA2vaaANT8z7/lNiDJFb5TPuW+bte0IkfpmyyvFYQmOUsIQI301Ao040tMt39koPPTDKYlybPN0jyIRnXvVj1Ix3BX3sa1B80okCejPfw6DxdhkowVj30ZudgX/QmeaFuVaTNofwXXKsSQjbeiuqjsu9K94B6AXpWaCyxJ534wRuOJiLFpXREMwt7RhuwlB8pCEgXQj1g1hVxK/svjdQmuJirYPrJ9gO1+1BfRUubBMaWJB5mp03QL/5/4blqJKSjJyvPT51UqrQcdAMjudsZWSkr9ST0dczsc6JVGeF1vAWRVSmi0+v9tMDGHZDSIJJhSgCTmsfBw9LprJcTlL3WC7S7YVuNOnDtreNrQ/HK/S+aqD+Fl2SWjlGR71E2FTgwbwf/51iVQtp6i2s5WqHTY0hdenNOUUmMARYVHv0RMKG6urAflaeBUi7f1hTMPr5Hka2d0C1yVuPMAwpvbEi1rb3XMTfIw2/vD4s9L20WmXOKBh4Qs1KHuzEio4Fqt3SRG2fFJq8PFVkQ3t9BMJX8anbRmth7lrq6YfxcY=
OPENVPN_USER: AgB2LyS1rYyRfdxyDebD4V4Nz9Aa6J7Czs59K6xcWlgAIylyfX8Fxs1GdJ+thERmbaJ8LrSAHiX3DEQMyKs73DB06UaHwHYIQZIdHDSYprPYa16YGHmX5HuUKZ/NsN1Rf9MkC4P/hfUBPxrFVtZHPM44MWI/8kbFWvErK+w6BjUDyu7hP2fHTrri1ZIAesdPBoEO4g9krnyPfXSqsWJeJIzk33tILdKvaralCzqxcR0vziV8diaqsTflM7xZ6d7yXiidhrNx1CtCfUtkjbdWM6x0Ff9bzEoLgzKJRhxI8OlLLe8fFwbXSz3YHdDfTFvjBycYBVyQ7qCVz1zKtahnDGyWYIlQnsNQopeCQ4U7dVnrdzUK+qpP3uim7H0+vYE8Gy7ZShbALkp78u/93zyXtuUsd+eIClfzwYvY36lnrp1/zWT3cWuP1DbEBOXQoIBhOqlUGXIAX8n75wJF5WcsJtnu+hjOWgaNLsU6+xRmu7kB0fRmELfNqM9/ES4nKdVxq83XhAecsirR+1kgqUUGA8277aPDQd3h1SO4oXSkw4ikT8XQwgTv9To/EDdOjMEm5aTjxDbxlRNy4WZCGSXoINTy9Zg5aMEEMAN00sOwklyBejX0FyhgmW0pLJSG4Kqr+vFENcSuA+9cLlj1uV26ff/fBvp29RooOegpiaCiICB8IUBVI56D5FpeqImhg6h3nqloGch4Bk0V9o7J1FujYce81D9gh1/a9rM=
template:
metadata:
name: openvpn-secrets
namespace: arr-stack
type: Opaque

28
clusters/ipv6/arr-stack/prowlarr/prowlarr-ingress.yml Normal file
View File

@@ -0,0 +1,28 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prowlarr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- prowlarr.akshun-lab.cc
secretName: prowlarr-tls
rules:
- host: prowlarr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prowlarr-service
port:
number: 9696

14
clusters/ipv6/arr-stack/prowlarr/prowlarr-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

13
clusters/ipv6/arr-stack/prowlarr/prowlarr-svc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: prowlarr-service
namespace: arr-stack
spec:
selector:
app: prowlarr
ports:
- port: 9696
targetPort: 9696
clusterIP: 10.43.0.142

59
clusters/ipv6/arr-stack/prowlarr/prowlarr.yml Normal file
View File

@@ -0,0 +1,59 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prowlarr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: prowlarr
template:
metadata:
labels:
app: prowlarr
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
restartPolicy: Always
securityContext:
capabilities:
add:
- NET_ADMIN
envFrom:
- configMapRef:
name: gluetun-config
env:
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_PASSWORD
- name: OPENVPN_USER
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_USER
containers:
- name: prowlarr
image: lscr.io/linuxserver/prowlarr:2.3.0
volumeMounts:
- name: config
mountPath: /config
ports:
- containerPort: 9696
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumes:
- name: config
persistentVolumeClaim:
claimName: prowlarr-longhorn

27
clusters/ipv6/arr-stack/qbittorrent/qbittorrent-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: qbittorrent-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- qbittorrent.akshun-lab.cc
secretName: qbittorrent-tls
rules:
- host: qbittorrent.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: qbittorrent-service
port:
number: 8080

14
clusters/ipv6/arr-stack/qbittorrent/qbittorrent-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

12
clusters/ipv6/arr-stack/qbittorrent/qbittorrent-svc.yml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent-service
namespace: arr-stack
spec:
selector:
app: qbittorrent
ports:
- port: 8080
targetPort: 8080

63
clusters/ipv6/arr-stack/qbittorrent/qbittorrent.yml Normal file
View File

@@ -0,0 +1,63 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbittorrent
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: qbittorrent
template:
metadata:
labels:
app: qbittorrent
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
restartPolicy: Always
securityContext:
capabilities:
add:
- NET_ADMIN
envFrom:
- configMapRef:
name: gluetun-config
env:
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_PASSWORD
- name: OPENVPN_USER
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_USER
containers:
- name: qbittorrent
image: linuxserver/qbittorrent:5.1.4
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: downloads
mountPath: /downloads
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: qbittorrent-longhorn
- name: downloads
nfs:
server: 10.0.0.123
path: /merge/downloads

27
clusters/ipv6/arr-stack/radarr/radarr-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: radarr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- radarr.akshun-lab.cc
secretName: radarr-tls
rules:
- host: radarr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: radarr-service
port:
number: 7878

14
clusters/ipv6/arr-stack/radarr/radarr-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn

13
clusters/ipv6/arr-stack/radarr/radarr-svc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: radarr-service
namespace: arr-stack
spec:
selector:
app: radarr
ports:
- port: 7878
targetPort: 7878
clusterIP: 10.43.0.204

49
clusters/ipv6/arr-stack/radarr/radarr.yml Normal file
View File

@@ -0,0 +1,49 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: radarr
template:
metadata:
labels:
app: radarr
spec:
containers:
- name: radarr
image: lscr.io/linuxserver/radarr:6.0.4
ports:
- containerPort: 7878
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: movies
mountPath: /movies
- name: downloads
mountPath: /downloads
- name: config
mountPath: /config
volumes:
- name: movies
nfs:
server: 10.0.0.123
path: /merge/movies
- name: downloads
nfs:
server: 10.0.0.123
path: /merge/downloads
- name: config
persistentVolumeClaim:
claimName: radarr-longhorn

27
clusters/ipv6/arr-stack/sabnzbd/sabnzbd-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sabnzbd-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- sabnzbd.akshun-lab.cc
secretName: sabnzbd-tls
rules:
- host: sabnzbd.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sabnzbd-service
port:
number: 8080

14
clusters/ipv6/arr-stack/sabnzbd/sabnzbd-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sabnzbd-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

12
clusters/ipv6/arr-stack/sabnzbd/sabnzbd-svc.yml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: sabnzbd-service
namespace: arr-stack
spec:
selector:
app: sabnzbd
ports:
- port: 8080
targetPort: 8080

40
clusters/ipv6/arr-stack/sabnzbd/sabnzbd.yml Normal file
View File

@@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sabnzbd
namespace: arr-stack
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: sabnzbd
template:
metadata:
labels:
app: sabnzbd
spec:
containers:
- name: sabnzbd
image: lscr.io/linuxserver/sabnzbd:4.5.5
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: sabnzbd-config
mountPath: /config
- name: downloads
mountPath: /downloads
volumes:
- name: sabnzbd-config
persistentVolumeClaim:
claimName: sabnzbd-longhorn
- name: downloads
nfs:
server: 10.0.0.123
path: /merge/downloads

27
clusters/ipv6/arr-stack/sonarr/sonarr-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sonarr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- sonarr.akshun-lab.cc
secretName: sonarr-tls
rules:
- host: sonarr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sonarr-service
port:
number: 8989

14
clusters/ipv6/arr-stack/sonarr/sonarr-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 5Gi
storageClassName: longhorn

13
clusters/ipv6/arr-stack/sonarr/sonarr-svc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: sonarr-service
namespace: arr-stack
spec:
selector:
app: sonarr
ports:
- port: 8989
targetPort: 8989
clusterIP: 10.43.0.194

49
clusters/ipv6/arr-stack/sonarr/sonarr.yml Normal file
View File

@@ -0,0 +1,49 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: sonarr
template:
metadata:
labels:
app: sonarr
spec:
containers:
- name: sonarr
image: lscr.io/linuxserver/sonarr:4.0.16
ports:
- containerPort: 8989
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: config
mountPath: /config
- name: tv
mountPath: /tv
- name: downloads
mountPath: /downloads
volumes:
- name: config
persistentVolumeClaim:
claimName: sonarr-longhorn
- name: downloads
nfs:
server: 10.0.0.123
path: /merge/downloads
- name: tv
nfs:
server: 10.0.0.123
path: /merge/series