homelab-manifests/servarr-system/servarr.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: servarr-system
---
# Prowlarr - Indexer Manager
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: prowlarr
    app.kubernetes.io/instance: servarr
    app.kubernetes.io/name: prowlarr
  name: prowlarr
  namespace: servarr-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prowlarr
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: prowlarr
    spec:
      containers:
      - name: prowlarr
        image: linuxserver/prowlarr:latest
        imagePullPolicy: Always
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: TZ
          value: Europe/Budapest
        ports:
        - containerPort: 9696
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /ping
            port: 9696
          initialDelaySeconds: 60
          periodSeconds: 10
        resources:
          limits:
            cpu: 500m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 256Mi
        volumeMounts:
        - name: config
          mountPath: /config
      securityContext:
        fsGroup: 1000
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: prowlarr-config-pvc
---
# Radarr - Movie Manager
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: radarr
    app.kubernetes.io/instance: servarr
    app.kubernetes.io/name: radarr
  name: radarr
  namespace: servarr-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: radarr
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: radarr
    spec:
      containers:
      - name: radarr
        image: linuxserver/radarr:latest
        imagePullPolicy: Always
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: TZ
          value: Europe/Budapest
        ports:
        - containerPort: 7878
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /ping
            port: 7878
          initialDelaySeconds: 60
          periodSeconds: 10
        resources:
          limits:
            cpu: 500m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 256Mi
        volumeMounts:
        - name: config
          mountPath: /config
        - name: movies
          mountPath: /mnt/2_hdd
      securityContext:
        fsGroup: 1000
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: radarr-config-pvc
      - name: movies
        hostPath:
          path: /mnt/2_hdd
          type: Directory
---
# Sonarr - TV Show Manager
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: sonarr
    app.kubernetes.io/instance: servarr
    app.kubernetes.io/name: sonarr
  name: sonarr
  namespace: servarr-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sonarr
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: sonarr
    spec:
      containers:
      - name: sonarr
        image: linuxserver/sonarr:latest
        imagePullPolicy: IfNotPresent
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: TZ
          value: Europe/Budapest
        ports:
        - containerPort: 8989
          name: webui
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /ping
            port: 8989
          initialDelaySeconds: 60
          periodSeconds: 10
        resources:
          limits:
            cpu: 500m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 256Mi
        volumeMounts:
        - name: config
          mountPath: /config
        - name: tv
          mountPath: /mnt/1_hdd
      securityContext:
        fsGroup: 1000
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: sonarr-config-pvc
      - name: tv
        hostPath:
          path: /mnt/1_hdd
          type: Directory
---
# qBittorrent - Download Client
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: qbittorrent
    app.kubernetes.io/instance: servarr
    app.kubernetes.io/name: qbittorrent
  name: qbittorrent
  namespace: servarr-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: qbittorrent
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: qbittorrent
    spec:
      containers:
      - name: qbittorrent
        image: linuxserver/qbittorrent:latest
        imagePullPolicy: Always
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: TZ
          value: Europe/Budapest
        - name: WEBUI_PORT
          value: "8080"
        ports:
        - containerPort: 8080
          protocol: TCP
        - containerPort: 6881
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        resources:
          limits:
            cpu: "1"
            memory: 1Gi
          requests:
            cpu: 100m
            memory: 256Mi
        volumeMounts:
        - name: config
          mountPath: /config
        - name: 2hdd
          mountPath: /mnt/2_hdd
        - name: 1hdd
          mountPath: /mnt/1_hdd
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: qbittorrent-config-pvc
      - name: 2hdd
        hostPath:
          path: /mnt/2_hdd
          type: Directory
      - name: 1hdd
        hostPath:
          path: /mnt/1_hdd
          type: Directory
---
# Services
apiVersion: v1
kind: Service
metadata:
  labels:
    app: prowlarr
  name: prowlarr
  namespace: servarr-system
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 9696
    protocol: TCP
    targetPort: 9696
  selector:
    app: prowlarr
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: radarr
  name: radarr
  namespace: servarr-system
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 7878
    protocol: TCP
    targetPort: 7878
  selector:
    app: radarr
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: sonarr
  name: sonarr
  namespace: servarr-system
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 8989
    protocol: TCP
    targetPort: 8989
  selector:
    app: sonarr
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: qbittorrent
  name: qbittorrent
  namespace: servarr-system
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  - name: torrent
    port: 6881
    protocol: TCP
    targetPort: 6881
  selector:
    app: qbittorrent
---
# Ingresses with Authentik proxy auth
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: prowlarr.dooplex.hu,prowlarr.home
    nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email
    nginx.ingress.kubernetes.io/auth-signin: https://prowlarr.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  name: prowlarr
  namespace: servarr-system
spec:
  ingressClassName: nginx-internal
  rules:
  - host: prowlarr.dooplex.hu
    http:
      paths:
      - backend:
          service:
            name: prowlarr
            port:
              number: 9696
        path: /
        pathType: Prefix
  - host: prowlarr.home
    http:
      paths:
      - backend:
          service:
            name: prowlarr
            port:
              number: 9696
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - prowlarr.dooplex.hu
    secretName: prowlarr-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: radarr.dooplex.hu,radarr.home
    nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email
    nginx.ingress.kubernetes.io/auth-signin: https://radarr.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  name: radarr
  namespace: servarr-system
spec:
  ingressClassName: nginx-internal
  rules:
  - host: radarr.dooplex.hu
    http:
      paths:
      - backend:
          service:
            name: radarr
            port:
              number: 7878
        path: /
        pathType: Prefix
  - host: radarr.home
    http:
      paths:
      - backend:
          service:
            name: radarr
            port:
              number: 7878
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - radarr.dooplex.hu
    secretName: radarr-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: sonarr.dooplex.hu,sonarr.home
    nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,Authorization
    nginx.ingress.kubernetes.io/auth-signin: https://sonarr.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  name: sonarr
  namespace: servarr-system
spec:
  ingressClassName: nginx-internal
  rules:
  - host: sonarr.dooplex.hu
    http:
      paths:
      - backend:
          service:
            name: sonarr
            port:
              number: 8989
        path: /
        pathType: Prefix
  - host: sonarr.home
    http:
      paths:
      - backend:
          service:
            name: sonarr
            port:
              number: 8989
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - sonarr.dooplex.hu
    secretName: sonarr-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: qbittorrent.dooplex.hu,qbittorrent.home
    nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email
    nginx.ingress.kubernetes.io/auth-signin: https://qbittorrent.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-arr-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  name: qbittorrent
  namespace: servarr-system
spec:
  ingressClassName: nginx-internal
  rules:
  - host: qbittorrent.dooplex.hu
    http:
      paths:
      - backend:
          service:
            name: qbittorrent
            port:
              number: 8080
        path: /
        pathType: Prefix
  - host: qbittorrent.home
    http:
      paths:
      - backend:
          service:
            name: qbittorrent
            port:
              number: 8080
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - qbittorrent.dooplex.hu
    secretName: qbittorrent-tls
---
# PVCs for config (keep existing, add Prune=false to prevent deletion)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    argocd.argoproj.io/sync-options: Prune=false
  labels:
    app: prowlarr
    recurring-job-group.longhorn.io/needbackup: enabled
    recurring-job.longhorn.io/source: enabled
  name: prowlarr-config-pvc
  namespace: servarr-system
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    argocd.argoproj.io/sync-options: Prune=false
  labels:
    app: radarr
    recurring-job-group.longhorn.io/needbackup: enabled
    recurring-job.longhorn.io/source: enabled
  name: radarr-config-pvc
  namespace: servarr-system
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi
  storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    argocd.argoproj.io/sync-options: Prune=false
  labels:
    app: sonarr
    recurring-job-group.longhorn.io/needbackup: enabled
    recurring-job.longhorn.io/source: enabled
  name: sonarr-config-pvc
  namespace: servarr-system
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    argocd.argoproj.io/sync-options: Prune=false
  labels:
    app: qbittorrent
    recurring-job-group.longhorn.io/needbackup: enabled
    recurring-job.longhorn.io/source: enabled
  name: qbittorrent-config-pvc
  namespace: servarr-system
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: longhorn