searxng: controllers: api: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: main: image: repository: searxng/searxng tag: latest@sha256:6f3a875c64bd804d1ccf2fe3c8df35e985b75ffbf0322f216544e79912fabab2 pullPolicy: IfNotPresent env: - name: SEARXNG_BASE_URL value: http://searxng-api.searxng:8080 - name: SEARXNG_QUERY_URL value: http://searxng-api.searxng:8080/search?q= - name: SEARXNG_HOSTNAME value: searxng-api.searxng - name: ENABLE_RAG_WEB_SEARCH value: true - name: RAG_WEB_SEARCH_ENGINE value: searxng - name: RAG_WEB_SEARCH_RESULT_COUNT value: 3 - name: RAG_WEB_SEARCH_CONCURRENT_REQUESTS value: 10 resources: requests: cpu: 10m memory: 256Mi browser: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: main: image: repository: searxng/searxng tag: latest@sha256:6f3a875c64bd804d1ccf2fe3c8df35e985b75ffbf0322f216544e79912fabab2 pullPolicy: IfNotPresent env: - name: SEARXNG_BASE_URL value: https://searxng.alexlebens.net/ - name: SEARXNG_QUERY_URL value: https://searxng.alexlebens.net/search?q= - name: SEARXNG_HOSTNAME value: searxng.alexlebens.net - name: SEARXNG_VALKEY_URL value: valkey://127.0.0.1:6379/0 - name: GRANIAN_HOST value: 0.0.0.0 - name: GRANIAN_PORT value: 8080 resources: requests: cpu: 10m memory: 256Mi valkey: image: repository: valkey/valkey tag: 9.0.0-alpine3.22 pullPolicy: IfNotPresent resources: requests: cpu: 10m memory: 128Mi gluetun: image: repository: ghcr.io/qdm12/gluetun tag: v3.40.4@sha256:e10584de1f82d8999e5e6c3111901d9d56a2eed21151fb96af060f390bbdfba8 pullPolicy: IfNotPresent lifecycle: postStart: exec: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: name: searxng-wireguard-conf key: private-key - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 8080 securityContext: privileged: True capabilities: add: - NET_ADMIN - SYS_MODULE probes: liveness: enabled: true custom: true spec: exec: command: - /gluetun-entrypoint - healthcheck failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 15 resources: limits: devic.es/tun: "1" requests: devic.es/tun: "1" cpu: 10m memory: 64Mi service: api: controller: api ports: mail: port: 8080 targetPort: 8080 protocol: HTTP browser: controller: browser ports: mail: port: 80 targetPort: 8080 protocol: HTTP serviceMonitor: main: selector: matchLabels: app.kubernetes.io/name: searxng-browser app.kubernetes.io/instance: searxng-browser serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' endpoints: - port: mail interval: 30s scrapeTimeout: 15s path: /metrics basicAuth: password: name: searxng-browser-metrics-auth key: metrics-password username: name: searxng-browser-metrics-auth key: metrics-username route: main: kind: HTTPRoute parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - searxng.alexlebens.net rules: - backendRefs: - group: '' kind: Service name: searxng-browser port: 80 weight: 100 matches: - path: type: PathPrefix value: / persistence: config: enabled: true type: secret name: searxng-api-config-secret advancedMounts: api: main: - path: /etc/searxng/settings.yml readOnly: true mountPropagation: None subPath: settings.yml - path: /etc/searxng/limiter.toml readOnly: true mountPropagation: None subPath: limiter.toml api-data: forceRename: searxng-api-data storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi advancedMounts: api: main: - path: /etc/searxng readOnly: false browser-data: forceRename: searxng-browser-data storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi advancedMounts: browser: main: - path: /etc/searxng readOnly: false valkey-data: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi advancedMounts: browser: valkey: - path: /data readOnly: false volsync-target-data: pvcTarget: searxng-browser-data local: enabled: false schedule: 18 11 * * * remote: enabled: false external: enabled: true schedule: 18 12 * * *