kubernetes: fix wireguard issue in qbittorrent-helm-chart

kubernetes/README.md

@@ -74,6 +74,7 @@ default values,
 
 ```bash
 helm upgrade --install traefik traefik/traefik \
+  -f traefik/traefik-values.yaml \
   -n kube-system \
   --set ingressRoute.dashboard.enabled=true \
   --set ingressRoute.dashboard.matchRule='Host(`dashboard.traefik`)' \
@@ -516,7 +517,14 @@ network via ingress. It is accessible locally via loadbalancer IP address.
 source .env
 helm upgrade --install \
   qbittorrent qbittorrent-helm-chart/ \
+  -n media \
   --set ingress.host=$QBITTORRENT_HOST \
+  --set wireguard.address=$WIREGUARD_IP \
+  --set wireguard.peerPublicKey=$WIREGUARD_PEER_PUBLIC_KEY \
+  --set wireguard.presharedKey=$WIREGUARD_PRESHARED_KEY \
+  --set wireguard.endpoint=$WIREGUARD_ENDPOINT \
+  --set wireguard.dns=$WIREGUARD_DNS \
+  --set wireguard.privateKey=$WIREGUARD_PRIVATE_KEY \
   --atomic
 ```
 

kubernetes/gitea/values.yaml

@@ -16,7 +16,7 @@ gitea:
 
 image:
   repository: gitea
-  tag: 1.24.2
+  tag: 1.25.3
 
 postgresql:
   enabled: false

kubernetes/qbittorrent-helm-chart/templates/configmap.yaml

@@ -9,7 +9,6 @@ data:
     Address = {{ .Values.wireguard.address }}
     PrivateKey = {{ .Values.wireguard.privateKey }}
     MTU = {{ .Values.wireguard.mtu }}
-    DNS = {{ .Values.wireguard.dns }}
     ListenPort = {{ .Values.wireguard.listenPort }}
 
     [Peer]

kubernetes/qbittorrent-helm-chart/templates/deployment.yaml

@@ -13,6 +13,14 @@ spec:
       labels:
         app: {{ .Release.Name }}
     spec:
+      dnsPolicy: None
+      dnsConfig:
+        nameservers:
+          - 10.128.0.1
+        searches: []
+        options:
+          - name: ndots
+            value: "1"
       initContainers:
         - name: wireguard-init
           image: {{ .Values.wireguardImage.repository }}:{{ .Values.wireguardImage.tag }}
@@ -29,21 +37,18 @@ spec:
             - |
               set -x
               echo "Starting WireGuard initialization..."
-              mkdir -p /etc/wireguard
+              mkdir -p /run/wireguard
-              cp /config/wg_confs/wg0.conf /etc/wireguard/wg0.conf
+              cp /config/wg0.conf /run/wireguard/wg0.conf
-              chmod 600 /etc/wireguard/wg0.conf
+              chmod 600 /run/wireguard/wg0.conf
-
               if ! lsmod | grep -q wireguard; then
                   modprobe wireguard || echo "Failed to load wireguard module"
               fi
-
+              wg-quick up /run/wireguard/wg0.conf
-              wg-quick up wg0 || echo "Failed to bring up WireGuard interface"
-
               ip link show wg0
               wg show
           volumeMounts:
             - name: wireguard-config
-              mountPath: /config/wg_confs
+              mountPath: /config/
             - name: modules
               mountPath: /lib/modules
       containers:
@@ -75,9 +80,7 @@ spec:
             - -c
             - |
               while true; do
-                if ! ip link show wg0 > /dev/null 2>&1; then
+                ip link show wg0 >/dev/null 2>&1 || exit 1
-                  wg-quick up wg0
-                fi
                 sleep 30
               done
           ports:

kubernetes/traefik/traefik-values.yaml

@@ -6,8 +6,9 @@ deployment:
 global:
   systemDefaultRegistry: ""
 image:
-  repository: rancher/mirrored-library-traefik
+  registry: docker.io
-  tag: 2.11.8
+  repository: traefik
+  tag: 3.6.6
 priorityClassName: system-cluster-critical
 providers:
   kubernetesIngress:
@@ -24,3 +25,10 @@ tolerations:
   - effect: NoSchedule
     key: node-role.kubernetes.io/master
     operator: Exists
+additionalArguments:
+  - "--entrypoints.web.transport.respondingtimeouts.readtimeout=600s"
+  - "--entrypoints.web.transport.respondingtimeouts.writetimeout=600s"
+  - "--entrypoints.web.transport.respondingtimeouts.idletimeout=600s"
+  - "--entrypoints.websecure.transport.respondingtimeouts.readtimeout=600s"
+  - "--entrypoints.websecure.transport.respondingtimeouts.writetimeout=600s"
+  - "--entrypoints.websecure.transport.respondingtimeouts.idletimeout=600s"