---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prowlarr
  namespace: media
  labels:
    app: prowlarr
    app.kubernetes.io/name: prowlarr
    app.kubernetes.io/component: indexer-management
    vpn: "true"
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: prowlarr
  template:
    metadata:
      labels:
        app: prowlarr
        vpn: "true"
    spec:
      containers:
        # Gluetun VPN Sidecar
        - name: gluetun
          image: qmcgaw/gluetun:latest
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
          env:
            - name: TZ
              valueFrom:
                configMapKeyRef:
                  name: media-config
                  key: TZ
            - name: WIREGUARD_PRIVATE_KEY
              valueFrom:
                secretKeyRef:
                  name: mullvad-vpn
                  key: WIREGUARD_PRIVATE_KEY
            - name: WIREGUARD_ADDRESSES
              valueFrom:
                secretKeyRef:
                  name: mullvad-vpn
                  key: WIREGUARD_ADDRESSES
            # Prowlarr needs to reach other *arr apps inside cluster
            # Add cluster network to firewall outbound subnets
            - name: FIREWALL_OUTBOUND_SUBNETS
              value: "10.0.0.0/24,10.96.0.0/12"
          envFrom:
            - configMapRef:
                name: gluetun-config
          volumeMounts:
            - name: tun-device
              mountPath: /dev/net/tun
            - name: gluetun-data
              mountPath: /gluetun
          ports:
            - name: http
              containerPort: 9696
              protocol: TCP
            - name: http-proxy
              containerPort: 8888
              protocol: TCP
          resources:
            requests:
              memory: "128Mi"
              cpu: "50m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            exec:
              command:
                - /gluetun-entrypoint
                - healthcheck
            initialDelaySeconds: 30
            periodSeconds: 30
            timeoutSeconds: 10
          readinessProbe:
            exec:
              command:
                - /gluetun-entrypoint
                - healthcheck
            initialDelaySeconds: 15
            periodSeconds: 10
            timeoutSeconds: 5

        # Prowlarr
        - name: prowlarr
          image: lscr.io/linuxserver/prowlarr:latest
          envFrom:
            - configMapRef:
                name: media-config
          volumeMounts:
            - name: config
              mountPath: /config
              subPath: prowlarr
          resources:
            requests:
              memory: "128Mi"
              cpu: "50m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /ping
              port: 9696
            initialDelaySeconds: 60
            periodSeconds: 30
            timeoutSeconds: 10
          readinessProbe:
            httpGet:
              path: /ping
              port: 9696
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 5

      volumes:
        - name: tun-device
          hostPath:
            path: /dev/net/tun
            type: CharDevice
        - name: gluetun-data
          emptyDir: {}
        - name: config
          persistentVolumeClaim:
            claimName: media-config

---
apiVersion: v1
kind: Service
metadata:
  name: prowlarr
  namespace: media
  labels:
    app: prowlarr
spec:
  type: NodePort
  selector:
    app: prowlarr
  ports:
    - name: http
      port: 9696
      targetPort: 9696
      nodePort: 30696
      protocol: TCP