apiVersion: apps/v1 kind: Deployment metadata: name: searxng-api labels: app.kubernetes.io/controller: api app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: api app.kubernetes.io/name: searxng app.kubernetes.io/instance: searxng template: metadata: labels: app.kubernetes.io/controller: api app.kubernetes.io/instance: searxng app.kubernetes.io/name: searxng spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: SEARXNG_BASE_URL value: http://searxng-api.searxng:8080 - name: SEARXNG_QUERY_URL value: http://searxng-api.searxng:8080/search?q= - name: SEARXNG_HOSTNAME value: searxng-api.searxng - name: ENABLE_RAG_WEB_SEARCH value: "true" - name: RAG_WEB_SEARCH_ENGINE value: searxng - name: RAG_WEB_SEARCH_RESULT_COUNT value: "3" - name: RAG_WEB_SEARCH_CONCURRENT_REQUESTS value: "10" image: searxng/searxng:latest@sha256:174f6a8498d88d2d98c265a952c2d552859bf315cd505746d1c0d4fbec37952f imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 256Mi volumeMounts: - mountPath: /etc/searxng name: api-data - mountPath: /etc/searxng/settings.yml mountPropagation: None name: config readOnly: true subPath: settings.yml - mountPath: /etc/searxng/limiter.toml mountPropagation: None name: config readOnly: true subPath: limiter.toml volumes: - name: api-data persistentVolumeClaim: claimName: searxng-api-data - name: config secret: secretName: searxng-api-config-secret --- apiVersion: apps/v1 kind: Deployment metadata: name: searxng-browser labels: app.kubernetes.io/controller: browser app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: browser app.kubernetes.io/name: searxng app.kubernetes.io/instance: searxng template: metadata: labels: app.kubernetes.io/controller: browser app.kubernetes.io/instance: searxng app.kubernetes.io/name: searxng spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: SEARXNG_BASE_URL value: https://searxng.alexlebens.net/ - name: SEARXNG_QUERY_URL value: https://searxng.alexlebens.net/search?q= - name: SEARXNG_HOSTNAME value: searxng.alexlebens.net - name: SEARXNG_VALKEY_URL value: valkey://127.0.0.1:6379/0 - name: GRANIAN_HOST value: 0.0.0.0 - name: GRANIAN_PORT value: "8080" image: searxng/searxng:latest@sha256:174f6a8498d88d2d98c265a952c2d552859bf315cd505746d1c0d4fbec37952f imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 256Mi volumeMounts: - mountPath: /etc/searxng name: browser-data - image: valkey/valkey:9.0.0-alpine3.22 imagePullPolicy: IfNotPresent name: valkey resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /data name: valkey-data volumes: - name: browser-data persistentVolumeClaim: claimName: searxng-browser-data - name: valkey-data persistentVolumeClaim: claimName: searxng-valkey-data --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: searxng-api-config-secret namespace: searxng labels: app.kubernetes.io/name: searxng-api-config-secret app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: settings.yml remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/searxng/api/config metadataPolicy: None property: settings.yml - secretKey: limiter.toml remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/searxng/api/config metadataPolicy: None property: limiter.toml --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: searxng-browser-data-backup-secret-external namespace: searxng labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng-browser-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: searxng-browser-data-backup-secret-local namespace: searxng labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng-browser-data-backup-secret-local spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: searxng-browser-data-backup-secret-remote namespace: searxng labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng-browser-data-backup-secret-remote spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: searxng-browser-metrics-auth namespace: searxng labels: app.kubernetes.io/name: searxng-browser-metrics-auth app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: metrics-password remoteRef: conversionStrategy: Default decodingStrategy: None key: cl01tl/searxng/browser metadataPolicy: None property: metrics-password - secretKey: metrics-username remoteRef: conversionStrategy: Default decodingStrategy: None key: cl01tl/searxng/browser metadataPolicy: None property: metrics-username --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: HTTPRoute metadata: name: searxng labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - "searxng.alexlebens.net" rules: - backendRefs: - group: "" kind: Service name: searxng-browser namespace: searxng port: 80 weight: 100 matches: - path: type: PathPrefix value: / --- apiVersion: v1 kind: Namespace metadata: name: searxng labels: app.kubernetes.io/name: searxng app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: searxng-api-data labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "5Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: searxng-browser-data labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "5Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: searxng-valkey-data labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "5Gi" storageClassName: "ceph-block" --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: searxng-browser-data-backup-source-external namespace: searxng labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng-browser-data-backup spec: sourcePVC: searxng-browser-data trigger: schedule: 16 12 * * * restic: pruneIntervalDays: 7 repository: searxng-browser-data-backup-secret-external retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: searxng-browser-data-backup-source-local namespace: searxng labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng-browser-data-backup spec: sourcePVC: searxng-browser-data trigger: schedule: 16 11 * * * restic: pruneIntervalDays: 7 repository: searxng-browser-data-backup-secret-local retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: searxng-browser-data-backup-source-remote namespace: searxng labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng-browser-data-backup spec: sourcePVC: searxng-browser-data trigger: schedule: 16 12 * * * restic: pruneIntervalDays: 7 repository: searxng-browser-data-backup-secret-remote retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: v1 kind: Service metadata: name: searxng-api labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng app.kubernetes.io/service: searxng-api helm.sh/chart: searxng-4.6.2 namespace: searxng spec: type: ClusterIP ports: - port: 8080 targetPort: 8080 protocol: TCP name: mail selector: app.kubernetes.io/controller: api app.kubernetes.io/instance: searxng app.kubernetes.io/name: searxng --- apiVersion: v1 kind: Service metadata: name: searxng-browser labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng app.kubernetes.io/service: searxng-browser helm.sh/chart: searxng-4.6.2 namespace: searxng spec: type: ClusterIP ports: - port: 80 targetPort: 8080 protocol: TCP name: mail selector: app.kubernetes.io/controller: browser app.kubernetes.io/instance: searxng app.kubernetes.io/name: searxng --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: searxng labels: app.kubernetes.io/instance: searxng app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: searxng helm.sh/chart: searxng-4.6.2 namespace: searxng spec: jobLabel: searxng namespaceSelector: matchNames: - searxng selector: matchLabels: app.kubernetes.io/instance: searxng-browser app.kubernetes.io/name: searxng-browser endpoints: - basicAuth: password: key: metrics-password name: searxng-browser-metrics-auth username: key: metrics-username name: searxng-browser-metrics-auth interval: 30s path: /metrics port: mail scrapeTimeout: 15s