From 56c14df540077fa5f147405d26f272bd5561787a Mon Sep 17 00:00:00 2001 From: Taqi Tahmid Date: Fri, 9 Jan 2026 17:00:11 +0200 Subject: [PATCH] kubernetes: fix wireguard issue in qbittorrent-helm-chart --- kubernetes/README.md | 8 ++++++ kubernetes/gitea/values.yaml | 2 +- .../templates/configmap.yaml | 3 +-- .../templates/deployment.yaml | 27 ++++++++++--------- kubernetes/traefik/traefik-values.yaml | 12 +++++++-- 5 files changed, 35 insertions(+), 17 deletions(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index 397b595..e9a6628 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -74,6 +74,7 @@ default values, ```bash helm upgrade --install traefik traefik/traefik \ + -f traefik/traefik-values.yaml \ -n kube-system \ --set ingressRoute.dashboard.enabled=true \ --set ingressRoute.dashboard.matchRule='Host(`dashboard.traefik`)' \ @@ -516,7 +517,14 @@ network via ingress. It is accessible locally via loadbalancer IP address. source .env helm upgrade --install \ qbittorrent qbittorrent-helm-chart/ \ + -n media \ --set ingress.host=$QBITTORRENT_HOST \ + --set wireguard.address=$WIREGUARD_IP \ + --set wireguard.peerPublicKey=$WIREGUARD_PEER_PUBLIC_KEY \ + --set wireguard.presharedKey=$WIREGUARD_PRESHARED_KEY \ + --set wireguard.endpoint=$WIREGUARD_ENDPOINT \ + --set wireguard.dns=$WIREGUARD_DNS \ + --set wireguard.privateKey=$WIREGUARD_PRIVATE_KEY \ --atomic ``` diff --git a/kubernetes/gitea/values.yaml b/kubernetes/gitea/values.yaml index 9947cf3..c071092 100644 --- a/kubernetes/gitea/values.yaml +++ b/kubernetes/gitea/values.yaml @@ -16,7 +16,7 @@ gitea: image: repository: gitea - tag: 1.24.2 + tag: 1.25.3 postgresql: enabled: false diff --git a/kubernetes/qbittorrent-helm-chart/templates/configmap.yaml b/kubernetes/qbittorrent-helm-chart/templates/configmap.yaml index 566a77c..e3acd33 100644 --- a/kubernetes/qbittorrent-helm-chart/templates/configmap.yaml +++ b/kubernetes/qbittorrent-helm-chart/templates/configmap.yaml @@ -9,7 +9,6 @@ data: Address = {{ .Values.wireguard.address }} PrivateKey = {{ .Values.wireguard.privateKey }} MTU = {{ .Values.wireguard.mtu }} - DNS = {{ .Values.wireguard.dns }} ListenPort = {{ .Values.wireguard.listenPort }} [Peer] @@ -17,4 +16,4 @@ data: PresharedKey = {{ .Values.wireguard.presharedKey }} AllowedIPs = {{ .Values.wireguard.allowedIPs }} Endpoint = {{ .Values.wireguard.endpoint }} - PersistentKeepalive = {{ .Values.wireguard.persistentKeepalive }} \ No newline at end of file + PersistentKeepalive = {{ .Values.wireguard.persistentKeepalive }} diff --git a/kubernetes/qbittorrent-helm-chart/templates/deployment.yaml b/kubernetes/qbittorrent-helm-chart/templates/deployment.yaml index c35886a..deaf6fa 100644 --- a/kubernetes/qbittorrent-helm-chart/templates/deployment.yaml +++ b/kubernetes/qbittorrent-helm-chart/templates/deployment.yaml @@ -13,6 +13,14 @@ spec: labels: app: {{ .Release.Name }} spec: + dnsPolicy: None + dnsConfig: + nameservers: + - 10.128.0.1 + searches: [] + options: + - name: ndots + value: "1" initContainers: - name: wireguard-init image: {{ .Values.wireguardImage.repository }}:{{ .Values.wireguardImage.tag }} @@ -29,21 +37,18 @@ spec: - | set -x echo "Starting WireGuard initialization..." - mkdir -p /etc/wireguard - cp /config/wg_confs/wg0.conf /etc/wireguard/wg0.conf - chmod 600 /etc/wireguard/wg0.conf - + mkdir -p /run/wireguard + cp /config/wg0.conf /run/wireguard/wg0.conf + chmod 600 /run/wireguard/wg0.conf if ! lsmod | grep -q wireguard; then modprobe wireguard || echo "Failed to load wireguard module" fi - - wg-quick up wg0 || echo "Failed to bring up WireGuard interface" - + wg-quick up /run/wireguard/wg0.conf ip link show wg0 wg show volumeMounts: - name: wireguard-config - mountPath: /config/wg_confs + mountPath: /config/ - name: modules mountPath: /lib/modules containers: @@ -75,9 +80,7 @@ spec: - -c - | while true; do - if ! ip link show wg0 > /dev/null 2>&1; then - wg-quick up wg0 - fi + ip link show wg0 >/dev/null 2>&1 || exit 1 sleep 30 done ports: @@ -122,4 +125,4 @@ spec: claimName: {{ .Values.persistence.downloads.existingClaim }} - name: modules hostPath: - path: /lib/modules \ No newline at end of file + path: /lib/modules diff --git a/kubernetes/traefik/traefik-values.yaml b/kubernetes/traefik/traefik-values.yaml index f74c6e0..09b07a4 100644 --- a/kubernetes/traefik/traefik-values.yaml +++ b/kubernetes/traefik/traefik-values.yaml @@ -6,8 +6,9 @@ deployment: global: systemDefaultRegistry: "" image: - repository: rancher/mirrored-library-traefik - tag: 2.11.8 + registry: docker.io + repository: traefik + tag: 3.6.6 priorityClassName: system-cluster-critical providers: kubernetesIngress: @@ -24,3 +25,10 @@ tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists +additionalArguments: + - "--entrypoints.web.transport.respondingtimeouts.readtimeout=600s" + - "--entrypoints.web.transport.respondingtimeouts.writetimeout=600s" + - "--entrypoints.web.transport.respondingtimeouts.idletimeout=600s" + - "--entrypoints.websecure.transport.respondingtimeouts.readtimeout=600s" + - "--entrypoints.websecure.transport.respondingtimeouts.writetimeout=600s" + - "--entrypoints.websecure.transport.respondingtimeouts.idletimeout=600s"