Skip to content

Commit 985ebb3

Browse files
umbertixumbertix
committed
feat(charts): Add Transmission VPN
1 parent 77cb84e commit 985ebb3

File tree

3 files changed

+81
-30
lines changed

3 files changed

+81
-30
lines changed

README.md

Lines changed: 54 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -280,34 +280,35 @@ letting some customization to fit the resource inside your cluster.
280280

281281
### Transmission
282282

283-
| Config path | Meaning | Default |
284-
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
285-
| transmission.enabled | Flag if you want to enable Transmission | true |
286-
| transmission.container.port.utp | The port in use by the container | 9091 |
287-
| transmission.container.nodeSelector | Node Selector for the Transmission pods | {} |
288-
| transmission.container.port.peer | The port in use by the container for peer connection | 51413 |
289-
| transmission.container.image | The image used by the container | docker.io/linuxserver/transmission |
290-
| transmission.container.tag | The tag used by the container | null |
291-
| transmission.service.utp.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for Transmission itself | ClusterIP |
292-
| transmission.service.utp.port | The port assigned to the service for Transmission itself | 9091 |
293-
| transmission.service.utp.nodePort | In case of service.type NodePort, the nodePort to use for Transmission itself | "" |
294-
| transmission.service.utp.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false |
295-
| transmission.service.peer.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for peer port | ClusterIP |
296-
| transmission.service.peer.port | The port assigned to the service for peer port | 51413 |
297-
| transmission.service.peer.nodePort | In case of service.type NodePort, the nodePort to use for peer port | "" |
298-
| transmission.service.peer.nodePortUDP | In case of service.type NodePort, the nodePort to use for peer port UDP service | "" |
299-
| transmission.service.peer.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false |
300-
| transmission.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer | null |
301-
| transmission.ingress.enabled | If true, creates the ingress resource for the application | true |
302-
| transmission.ingress.annotations | Additional field for annotations, if needed | {} |
303-
| transmission.ingress.path | The path where the application is exposed | /transmission |
304-
| transmission.ingress.tls.enabled | If true, tls is enabled | false |
305-
| transmission.ingress.tls.secretName | Name of the secret holding certificates for the secure ingress | "" |
306-
| transmission.config.auth.enabled | Enables authentication for Transmission | false |
307-
| transmission.config.auth.username | Username for Transmission | "" |
308-
| transmission.config.auth.password | Password for Transmission | "" |
309-
| transmission.resources | Limits and Requests for the container | {} |
310-
| transmission.volume | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {} |
283+
| Config path | Meaning | Default |
284+
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
285+
| transmission.enabled | Flag if you want to enable Transmission | true |
286+
| transmission.container.port.utp | The port in use by the container | 9091 |
287+
| transmission.container.nodeSelector | Node Selector for the Transmission pods | {} |
288+
| transmission.container.port.peer | The port in use by the container for peer connection | 51413 |
289+
| transmission.container.image | The image used by the container | docker.io/linuxserver/transmission |
290+
| transmission.container.tag | The tag used by the container | null |
291+
| transmission.service.utp.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for Transmission itself | ClusterIP |
292+
| transmission.service.utp.port | The port assigned to the service for Transmission itself | 9091 |
293+
| transmission.service.utp.nodePort | In case of service.type NodePort, the nodePort to use for Transmission itself | "" |
294+
| transmission.service.utp.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false |
295+
| transmission.service.peer.type | The kind of Service (ClusterIP/NodePort/LoadBalancer) for peer port | ClusterIP |
296+
| transmission.service.peer.port | The port assigned to the service for peer port | 51413 |
297+
| transmission.service.peer.nodePort | In case of service.type NodePort, the nodePort to use for peer port | "" |
298+
| transmission.service.peer.nodePortUDP | In case of service.type NodePort, the nodePort to use for peer port UDP service | "" |
299+
| transmission.service.peer.extraLBService | If true, creates an additional LoadBalancer service with '-lb' suffix (requires a cloud provider or metalLB) | false |
300+
| transmission.service.extraLBService.annotations | Instead of using extraLBService as a bool, you can use it as a map to define annotations on the loadbalancer | null |
301+
| transmission.ingress.enabled | If true, creates the ingress resource for the application | true |
302+
| transmission.ingress.annotations | Additional field for annotations, if needed | {} |
303+
| transmission.ingress.path | The path where the application is exposed | /transmission |
304+
| transmission.ingress.tls.enabled | If true, tls is enabled | false |
305+
| transmission.ingress.tls.secretName | Name of the secret holding certificates for the secure ingress | "" |
306+
| transmission.config.auth.enabled | Enables authentication for Transmission | false |
307+
| transmission.config.auth.username | Username for Transmission | "" |
308+
| transmission.config.auth.password | Password for Transmission | "" |
309+
| transmission.resources | Limits and Requests for the container | {} |
310+
| transmission.volume | If set, Plex will create a PVC for it's config volume, else it will be put on general.storage.subPaths.config | {} |
311+
| transmission.vpn.enabled | If set, a [gluetun](https://github.com/qdm12/gluetun-wiki) sidecar will be provisioned to route the traffic through a VPN. This requires a 3rd party VPN account | {} |
311312

312313
### Sabnzbd
313314

@@ -376,9 +377,34 @@ plex:
376377
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags:
377378
```
378379
380+
### Setting up the VPN
381+
382+
If you have enabled the VPN for transmission you will need to fullfill the rest of parameters related to it, currently only [Mullvad](https://mullvad.net) VPN is supported.
383+
384+
The following shows an example of the current settings for mullvard.
385+
386+
```yaml
387+
vpn:
388+
enabled: true
389+
provider: mullvad
390+
type: openvpn
391+
user: "XXXXXX"
392+
city: zurich
393+
```
394+
379395
## About the project
380396
381397
This project is intended as an exercise, and absolutely for fun.
382398
This is not intended to promote piracy.
383399
384400
Also feel free to contribute and extend it!
401+
402+
### Uninstalling the helm chart
403+
404+
To fully remove all the resources created you should uninstall the helm deployment.
405+
406+
```bash
407+
helm uninstall k8s-mediaserver
408+
```
409+
410+
This will not delete the Custom Resources like the operator.

helm-charts/k8s-mediaserver/templates/transmission-resources.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,28 @@ spec:
173173
resources:
174174
{{- toYaml . | nindent 12 }}
175175
{{- end }}
176+
{{- if .Values.transmission.vpn.enabled }}
177+
- name: gluetun
178+
image: ghcr.io/qdm12/gluetun # Optionally you can use the "qmcgaw/gluetun" image as well as specify what version of Gluetun you desire
179+
imagePullPolicy: Always
180+
securityContext:
181+
capabilities:
182+
add: ["NET_ADMIN"]
183+
env:
184+
{{- if eq .Values.transmission.vpn.provider `mullvad` }}
185+
# https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md
186+
- name: TZ
187+
value: "Europe/London"
188+
- name: VPN_SERVICE_PROVIDER
189+
value: "{{ .Values.transmission.vpn.provider }}"
190+
- name: VPN_TYPE
191+
value: "{{ .Values.transmission.vpn.type }}"
192+
- name: OPENVPN_USER
193+
value: {{ .Values.transmission.vpn.user | quote }}
194+
- name: SERVER_CITIES
195+
value: {{ .Values.transmission.vpn.city }}
196+
{{ end }}
197+
{{- end }}
176198
volumes:
177199
{{ if not .Values.general.storage.customVolume }}
178200
- name: mediaserver-volume

k8s-mediaserver.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ spec:
88
general:
99
ingress_host: k8s-mediaserver.k8s.test
1010
plex_ingress_host: k8s-plex.k8s.test
11+
jellyfin_ingress_host: k8s-jellyfin.k8s.test
1112
image_tag: latest
1213
podDistribution: cluster # can be "spread" or "cluster"
1314
#UID to run the process with
@@ -170,6 +171,8 @@ spec:
170171
password: ""
171172
resources: {}
172173
volume: {}
174+
vpn:
175+
enabled: false
173176
# name: pvc-transmission-config
174177
# storageClassName: longhorn
175178
# annotations: {}
@@ -249,7 +252,7 @@ spec:
249252
# selector: {}
250253

251254
plex:
252-
enabled: true
255+
enabled: false
253256
claim: "CHANGEME"
254257
replicaCount: 1
255258
container:
@@ -286,7 +289,7 @@ spec:
286289
# selector: {}
287290

288291
jellyfin:
289-
enabled: false
292+
enabled: true
290293
replicaCount: 1
291294
container:
292295
image: docker.io/linuxserver/jellyfin

0 commit comments

Comments
 (0)