[qbittorrent] qBittorrent incompatible with pod-gateway due to a lack of permissions

[jbwaclawski]

Helm chart name

qbittorrent

Helm chart version

4.4.2

Container name

qbittorrent

Container tag

1.2.6

Description

Attempted to setup the qbittorrent service to run within my k3s cluster and route all traffic through a VPN through the use of the pod-gateway service. At this time, I cannot successfully setup qbittorrent with pod-gateway due to a permissions error encountered by qbittorrent when the pod-gateway gateway-init script is attempting to reconfigure the network settings of the qbittorrent pod.

I verified the functionality of the pod-gateway service by deploying a test namespace also routed through the pod-gateway as well as a debug pod that allowed me to exec in and verify network settings were as-expected. Network settings on the debug pod were as-expected, functionality was as-expected, no permissions error, it was a success. This leads me to believe this is a problem with the permissions configurations within the qbittorrent pod.

Repository, pod-gateway

Expected result

Expected to have the gateway-init script run successfully and reconfigure the network settings of the qbittorrent pod so traffic was routed through the pod-gateway pod.

Helm values to reproduce

helm install pod-gateway k8s-at-home/pod-gateway -n tunnel -f mod_values.yaml

helm install qbittorrent k8s-at-home/qbittorrent -n app-qbittorrent -f mod_values.yaml

pod-gateway, mod_values.yaml:

routed_namespaces:
  - app-qbittorrent

settings:
  NOT_ROUTED_TO_GATEWAY_CIDRS: "10.42.0.0/16 10.43.0.0/16"

qbittorrent, mod_values.yaml:

image:
  tag: latest

settings:
  automaticPortSetup: true

env:
  TZ: "America/New York"

podSecurityContext:
  runAsUser: 1000
  runAsGroup: 2000

service:
  main:
    ports:
      http:
        port: 80
        targetPort: 8080
  bittorrent:
    enabled: true

ingress:
  main:
    enabled: true
    ingressClassName: nginx
    hosts:
    - host: torr.internal.domain.net
      paths:
        - path: /
          pathType: Prefix
          service:
            port: 80
    tls:
      - secretName: torr-internal-domain-net
        hosts:
          - torr.internal.domain.net

persistence:
  config:
    enabled: true
    storageClass: longhorn
    accessMode: ReadWriteMany
    mountPath: /config
  downloads:
    enabled: true
    server: "10.10.10.5"
    type: nfs
    path: /mnt/general/TorrStaging
    mountPath: /downloads

### Additional Information

error, qbittorrent.gateway-init:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if84: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether 36:e4:8f:1c:a0:80 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.42.2.159/24 brd 10.42.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::34e4:8fff:fe1c:a080/64 scope link
       valid_lft forever preferred_lft forever
+ ip route
default via 10.42.2.1 dev eth0
10.42.0.0/16 via 10.42.2.1 dev eth0
10.42.2.0/24 dev eth0 proto kernel scope link src 10.42.2.159
+ ping -c1 10.42.2.154
PING 10.42.2.154 (10.42.2.154): 56 data bytes
**ping: permission denied (are you root?)**

### Repo link

_No response_

[bjw-s]

@jbwaclawski Thanks for taking the time to write up this bug report! It was actually fixed by the upstream pod-gateway solution, but our chart hadn't been updated to run the latest images. Can you please re-check with pod-gateway chart version 5.5.0 once that's publicly available? Please feel free to reopen the issue if the problem is not solved.