---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: searxng-browser
  labels:
    app.kubernetes.io/controller: browser
    app.kubernetes.io/instance: searxng
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: searxng
    helm.sh/chart: searxng-4.5.0
  namespace: searxng
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/controller: browser
      app.kubernetes.io/name: searxng
      app.kubernetes.io/instance: searxng
  template:
    metadata:
      labels:
        app.kubernetes.io/controller: browser
        app.kubernetes.io/instance: searxng
        app.kubernetes.io/name: searxng
    spec:
      enableServiceLinks: false
      serviceAccountName: default
      automountServiceAccountToken: true
      hostIPC: false
      hostNetwork: false
      hostPID: false
      dnsPolicy: ClusterFirst
      containers:
        - env:
            - name: VPN_SERVICE_PROVIDER
              value: protonvpn
            - name: VPN_TYPE
              value: wireguard
            - name: WIREGUARD_PRIVATE_KEY
              valueFrom:
                secretKeyRef:
                  key: private-key
                  name: searxng-wireguard-conf
            - name: VPN_PORT_FORWARDING
              value: "on"
            - name: VPN_PORT_FORWARDING_UP_COMMAND
              value: /bin/sh -c "/gluetun/update.sh {{PORTS}}"
            - name: PORT_FORWARD_ONLY
              value: "on"
            - name: FIREWALL_OUTBOUND_SUBNETS
              value: 192.168.1.0/24,10.244.0.0/16
            - name: FIREWALL_INPUT_PORTS
              value: "8080"
            - name: DOT
              value: "off"
          image: ghcr.io/qdm12/gluetun:v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30
          imagePullPolicy: IfNotPresent
          name: gluetun
          resources:
            limits:
              devic.es/tun: "1"
            requests:
              cpu: 10m
              devic.es/tun: "1"
              memory: 64Mi
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - SYS_MODULE
            privileged: true
        - env:
            - name: SEARXNG_BASE_URL
              value: https://searxng.alexlebens.net/
            - name: SEARXNG_QUERY_URL
              value: https://searxng.alexlebens.net/search?q=<query>
            - name: SEARXNG_HOSTNAME
              value: searxng.alexlebens.net
            - name: SEARXNG_REDIS_URL
              value: redis://redis-replication-searxng-master.searxng:6379/0
            - name: UWSGI_WORKERS
              value: "4"
            - name: UWSGI_THREADS
              value: "4"
          image: searxng/searxng:latest@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea
          imagePullPolicy: IfNotPresent
          name: main
          resources:
            requests:
              cpu: 10m
              memory: 256Mi
          volumeMounts:
            - mountPath: /etc/searxng
              name: browser-data
      volumes:
        - name: browser-data
          persistentVolumeClaim:
            claimName: searxng-browser-data