apiVersion: apps/v1 kind: Deployment metadata: name: soulseek namespace: stack-arr spec: replicas: 1 selector: matchLabels: app: soulseek template: metadata: labels: app: soulseek spec: imagePullSecrets: - name: regcred initContainers: - name: init-tun image: busybox command: - sh - -c - | mkdir -p /dev/net [ -c /dev/net/tun ] || mknod /dev/net/tun c 10 200 chmod 0666 /dev/net/tun securityContext: privileged: true containers: - name: vpn image: ghcr.io/wfg/openvpn-client securityContext: capabilities: add: - NET_ADMIN env: - name: VPN_CONFIG_FILE value: "vpn.conf" - name: KILL_SWITCH value: "off" volumeMounts: - name: vpn-config mountPath: /data/vpn - name: tun-device # ← mount host tun device mountPath: /dev/net/tun - name: slskd image: slskd/slskd securityContext: capabilities: add: - NET_ADMIN ports: - containerPort: 5030 name: webui - containerPort: 5031 name: https - containerPort: 50300 name: communication env: - name: SLSKD_FLAGS_NO_SQLITE_POOLING value: "true" - name: SLSKD_FLAGS_VOLATILE_AGENT_TOKEN value: "true" - name: TZ value: 'Etc/UTC' - name: UID value: "1013" - name: GID value: "1013" volumeMounts: - name: app mountPath: /app - name: media mountPath: /downloads volumes: - name: app persistentVolumeClaim: claimName: soulseek-app-pvc - name: media persistentVolumeClaim: claimName: soulseek-media-pvc - name: vpn-config persistentVolumeClaim: claimName: soulseek-vpn-config-pvc - name: tun-device hostPath: path: /dev/net/tun type: CharDevice