tubearchivist: controllers: main: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: main: image: repository: bbilly1/tubearchivist tag: v0.5.8 pullPolicy: IfNotPresent env: - name: TZ value: US/Central - name: HOST_UID value: 1000 - name: HOST_GID value: 1000 - name: ES_URL value: https://elasticsearch-tubearchivist-es-http.tubearchivist:9200 - name: ES_DISABLE_VERIFY_SSL value: true - name: REDIS_CON value: redis://redis-replication-tubearchivist-master.tubearchivist:6379 - name: TA_HOST value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/ - name: TA_PORT value: 24000 - name: TA_USERNAME value: admin envFrom: - secretRef: name: tubearchivist-config-secret resources: requests: cpu: 10m memory: 1Gi gluetun: image: repository: ghcr.io/qdm12/gluetun tag: v3.40.4@sha256:e10584de1f82d8999e5e6c3111901d9d56a2eed21151fb96af060f390bbdfba8 pullPolicy: IfNotPresent lifecycle: postStart: exec: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: name: tubearchivist-wireguard-conf key: private-key - name: VPN_PORT_FORWARDING value: "on" - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 10.0.0.0/8 - name: FIREWALL_INPUT_PORTS value: 80,8000,24000 - name: DOT value: off - name: DNS_KEEP_NAMESERVER value: on - name: DNS_PLAINTEXT_ADDRESS value: 10.96.0.10 securityContext: privileged: True capabilities: add: - NET_ADMIN - SYS_MODULE probes: liveness: enabled: true custom: true spec: exec: command: - /gluetun-entrypoint - healthcheck failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 15 resources: limits: devic.es/tun: "1" requests: devic.es/tun: "1" cpu: 10m memory: 128Mi service: main: controller: main ports: http: port: 80 targetPort: 24000 protocol: HTTP route: main: kind: HTTPRoute parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - tubearchivist.alexlebens.net rules: - backendRefs: - group: '' kind: Service name: tubearchivist port: 80 weight: 100 matches: - path: type: PathPrefix value: / persistence: data: storageClass: ceph-block accessMode: ReadWriteOnce size: 40Gi retain: true advancedMounts: main: main: - path: /cache readOnly: false youtube: existingClaim: tubearchivist-nfs-storage advancedMounts: main: main: - path: /youtube readOnly: false redis-replication: existingSecret: enabled: false redisReplication: clusterSize: 3 resources: requests: cpu: 200m memory: 2400Mi volumeClaimTemplate: spec: resources: requests: storage: 10Gi redisSentinel: enabled: true clusterSize: 3