Automated Manifest Update (#2287)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2287 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
2025-12-07 02:57:05 +00:00
parent 728f5b144f
commit a616cf7d77
13 changed files with 60 additions and 14 deletions
--- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml
+++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml
+++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -36,6 +35,44 @@ spec:
      hostPID: false
      dnsPolicy: ClusterFirst
      containers:
+        - env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: private-key
+                  name: searxng-wireguard-conf
+            - name: VPN_PORT_FORWARDING
+              value: "on"
+            - name: VPN_PORT_FORWARDING_UP_COMMAND
+              value: /bin/sh -c "/gluetun/update.sh {{PORTS}}"
+            - name: PORT_FORWARD_ONLY
+              value: "on"
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 192.168.1.0/24,10.244.0.0/16
+            - name: FIREWALL_INPUT_PORTS
+              value: "8080"
+            - name: DOT
+              value: "off"
+          image: ghcr.io/qdm12/gluetun:v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30
+          imagePullPolicy: IfNotPresent
+          name: gluetun
+          resources:
+            limits:
+              devic.es/tun: "1"
+            requests:
+              cpu: 10m
+              devic.es/tun: "1"
+              memory: 64Mi
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+            privileged: true
        - env:
            - name: SEARXNG_BASE_URL
              value: https://searxng.alexlebens.net/
--- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml
+++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/external-secret.yaml
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
--- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml
+++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/external-secret.yaml
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
--- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-wireguard-conf.yaml
+++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-wireguard-conf.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: searxng-wireguard-conf
+  namespace: searxng
+  labels:
+    app.kubernetes.io/name: searxng-wireguard-conf
+    app.kubernetes.io/instance: searxng
+    app.kubernetes.io/part-of: searxng
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: private-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: private-key
--- a/clusters/cl01tl/manifests/searxng/HTTPRoute-http-route-searxng.yaml
+++ b/clusters/cl01tl/manifests/searxng/HTTPRoute-http-route-searxng.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/http-route.yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
--- a/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-api-data.yaml
+++ b/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-api-data.yaml
@@ -1,6 +1,3 @@
---
-# Source: searxng/charts/searxng/templates/common.yaml
---
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
--- a/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-browser-data.yaml
+++ b/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-browser-data.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
--- a/clusters/cl01tl/manifests/searxng/RedisReplication-redis-replication-searxng.yaml
+++ b/clusters/cl01tl/manifests/searxng/RedisReplication-redis-replication-searxng.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/redis-replication.yaml
 apiVersion: redis.redis.opstreelabs.in/v1beta2
 kind: RedisReplication
 metadata:
--- a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml
+++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/replication-source.yaml
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
--- a/clusters/cl01tl/manifests/searxng/Service-searxng-api.yaml
+++ b/clusters/cl01tl/manifests/searxng/Service-searxng-api.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: v1
 kind: Service
 metadata:
--- a/clusters/cl01tl/manifests/searxng/Service-searxng-browser.yaml
+++ b/clusters/cl01tl/manifests/searxng/Service-searxng-browser.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: v1
 kind: Service
 metadata:
--- a/clusters/cl01tl/manifests/searxng/ServiceMonitor-redis-replication-searxng.yaml
+++ b/clusters/cl01tl/manifests/searxng/ServiceMonitor-redis-replication-searxng.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/service-monitor.yaml
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata: