taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kubernetes: fix wireguard issue in qbittorrent-helm-chart
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
Details

Browse Source
This commit is contained in:
Taqi Tahmid
2026-01-09 17:00:11 +02:00
parent b9fcdfc6b7
commit 56c14df540
5 changed files with 35 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kubernetes/README.md
View File

@@ -74,6 +74,7 @@ default values,
```bash ```bash
helm upgrade --install traefik traefik/traefik \ helm upgrade --install traefik traefik/traefik \
-f traefik/traefik-values.yaml \
-n kube-system \ -n kube-system \
--set ingressRoute.dashboard.enabled=true \ --set ingressRoute.dashboard.enabled=true \
--set ingressRoute.dashboard.matchRule='Host(`dashboard.traefik`)' \ --set ingressRoute.dashboard.matchRule='Host(`dashboard.traefik`)' \
@@ -516,7 +517,14 @@ network via ingress. It is accessible locally via loadbalancer IP address.
source .env source .env
helm upgrade --install \ helm upgrade --install \
qbittorrent qbittorrent-helm-chart/ \ qbittorrent qbittorrent-helm-chart/ \
-n media \
--set ingress.host=$QBITTORRENT_HOST \ --set ingress.host=$QBITTORRENT_HOST \
--set wireguard.address=$WIREGUARD_IP \
--set wireguard.peerPublicKey=$WIREGUARD_PEER_PUBLIC_KEY \
--set wireguard.presharedKey=$WIREGUARD_PRESHARED_KEY \
--set wireguard.endpoint=$WIREGUARD_ENDPOINT \
--set wireguard.dns=$WIREGUARD_DNS \
--set wireguard.privateKey=$WIREGUARD_PRIVATE_KEY \
--atomic --atomic
``` ```

2
kubernetes/gitea/values.yaml
View File

@@ -16,7 +16,7 @@ gitea:
image: image:
repository: gitea repository: gitea
tag: 1.24.2 tag: 1.25.3
postgresql: postgresql:
enabled: false enabled: false

3
kubernetes/qbittorrent-helm-chart/templates/configmap.yaml
View File

@@ -9,7 +9,6 @@ data:
Address = {{ .Values.wireguard.address }} Address = {{ .Values.wireguard.address }}
PrivateKey = {{ .Values.wireguard.privateKey }} PrivateKey = {{ .Values.wireguard.privateKey }}
MTU = {{ .Values.wireguard.mtu }} MTU = {{ .Values.wireguard.mtu }}
DNS = {{ .Values.wireguard.dns }}
ListenPort = {{ .Values.wireguard.listenPort }} ListenPort = {{ .Values.wireguard.listenPort }}
[Peer] [Peer]
@@ -17,4 +16,4 @@ data:
PresharedKey = {{ .Values.wireguard.presharedKey }} PresharedKey = {{ .Values.wireguard.presharedKey }}
AllowedIPs = {{ .Values.wireguard.allowedIPs }} AllowedIPs = {{ .Values.wireguard.allowedIPs }}
Endpoint = {{ .Values.wireguard.endpoint }} Endpoint = {{ .Values.wireguard.endpoint }}
PersistentKeepalive = {{ .Values.wireguard.persistentKeepalive }} PersistentKeepalive = {{ .Values.wireguard.persistentKeepalive }}

27
kubernetes/qbittorrent-helm-chart/templates/deployment.yaml
View File

@@ -13,6 +13,14 @@ spec:
labels: labels:
app: {{ .Release.Name }} app: {{ .Release.Name }}
spec: spec:
dnsPolicy: None
dnsConfig:
nameservers:
- 10.128.0.1
searches: []
options:
- name: ndots
value: "1"
initContainers: initContainers:
- name: wireguard-init - name: wireguard-init
image: {{ .Values.wireguardImage.repository }}:{{ .Values.wireguardImage.tag }} image: {{ .Values.wireguardImage.repository }}:{{ .Values.wireguardImage.tag }}
@@ -29,21 +37,18 @@ spec:
- | - |
set -x set -x
echo "Starting WireGuard initialization..." echo "Starting WireGuard initialization..."
mkdir -p /etc/wireguard mkdir -p /run/wireguard
cp /config/wg_confs/wg0.conf /etc/wireguard/wg0.conf cp /config/wg0.conf /run/wireguard/wg0.conf
chmod 600 /etc/wireguard/wg0.conf chmod 600 /run/wireguard/wg0.conf
if ! lsmod | grep -q wireguard; then if ! lsmod | grep -q wireguard; then
modprobe wireguard || echo "Failed to load wireguard module" modprobe wireguard || echo "Failed to load wireguard module"
fi fi
wg-quick up /run/wireguard/wg0.conf
wg-quick up wg0 || echo "Failed to bring up WireGuard interface"
ip link show wg0 ip link show wg0
wg show wg show
volumeMounts: volumeMounts:
- name: wireguard-config - name: wireguard-config
mountPath: /config/wg_confs mountPath: /config/
- name: modules - name: modules
mountPath: /lib/modules mountPath: /lib/modules
containers: containers:
@@ -75,9 +80,7 @@ spec:
- -c - -c
- | - |
while true; do while true; do
if ! ip link show wg0 > /dev/null 2>&1; then ip link show wg0 >/dev/null 2>&1 || exit 1
wg-quick up wg0
fi
sleep 30 sleep 30
done done
ports: ports:
@@ -122,4 +125,4 @@ spec:
claimName: {{ .Values.persistence.downloads.existingClaim }} claimName: {{ .Values.persistence.downloads.existingClaim }}
- name: modules - name: modules
hostPath: hostPath:
path: /lib/modules path: /lib/modules

12
kubernetes/traefik/traefik-values.yaml
View File

@@ -6,8 +6,9 @@ deployment:
global: global:
systemDefaultRegistry: "" systemDefaultRegistry: ""
image: image:
repository: rancher/mirrored-library-traefik registry: docker.io
tag: 2.11.8 repository: traefik
tag: 3.6.6
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
providers: providers:
kubernetesIngress: kubernetesIngress:
@@ -24,3 +25,10 @@ tolerations:
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/master key: node-role.kubernetes.io/master
operator: Exists operator: Exists
additionalArguments:
- "--entrypoints.web.transport.respondingtimeouts.readtimeout=600s"
- "--entrypoints.web.transport.respondingtimeouts.writetimeout=600s"
- "--entrypoints.web.transport.respondingtimeouts.idletimeout=600s"
- "--entrypoints.websecure.transport.respondingtimeouts.readtimeout=600s"
- "--entrypoints.websecure.transport.respondingtimeouts.writetimeout=600s"
- "--entrypoints.websecure.transport.respondingtimeouts.idletimeout=600s"