167 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			167 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| tubearchivist:
 | |
|   controllers:
 | |
|     main:
 | |
|       type: deployment
 | |
|       replicas: 1
 | |
|       strategy: Recreate
 | |
|       revisionHistoryLimit: 3
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: bbilly1/tubearchivist
 | |
|             tag: v0.5.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: TZ
 | |
|               value: US/Central
 | |
|             - name: HOST_UID
 | |
|               value: 1000
 | |
|             - name: HOST_GID
 | |
|               value: 1000
 | |
|             - name: ES_URL
 | |
|               value: http://tubearchivist-elasticsearch:9200
 | |
|             - name: REDIS_CON
 | |
|               value: redis://tubearchivist-valkey-primary.tubearchivist:6379
 | |
|             - name: TA_HOST
 | |
|               value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/
 | |
|             - name: TA_PORT
 | |
|               value: 24000
 | |
|             - name: TA_USERNAME
 | |
|               value: admin
 | |
|           envFrom:
 | |
|             - secretRef:
 | |
|                 name: tubearchivist-config-secret
 | |
|           probes:
 | |
|             liveness:
 | |
|               enabled: false
 | |
|               custom: true
 | |
|               spec:
 | |
|                 exec:
 | |
|                   command:
 | |
|                     - /usr/bin/env
 | |
|                     - bash
 | |
|                     - -c
 | |
|                     - curl --fail http://localhost:8000/health
 | |
|                 failureThreshold: 5
 | |
|                 initialDelaySeconds: 60
 | |
|                 periodSeconds: 30
 | |
|                 successThreshold: 1
 | |
|                 timeoutSeconds: 10
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 10m
 | |
|               memory: 1Gi
 | |
|         gluetun:
 | |
|           image:
 | |
|             repository: ghcr.io/qdm12/gluetun
 | |
|             tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: VPN_SERVICE_PROVIDER
 | |
|               value: protonvpn
 | |
|             - name: VPN_TYPE
 | |
|               value: wireguard
 | |
|             - name: WIREGUARD_PRIVATE_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: tubearchivist-wireguard-conf
 | |
|                   key: private-key
 | |
|             - name: VPN_PORT_FORWARDING
 | |
|               value: "on"
 | |
|             - name: PORT_FORWARD_ONLY
 | |
|               value: "on"
 | |
|             - name: FIREWALL_OUTBOUND_SUBNETS
 | |
|               value: 10.0.0.0/8
 | |
|             - name: FIREWALL_INPUT_PORTS
 | |
|               value: 80,8000,24000
 | |
|             - name: DOT
 | |
|               value: off
 | |
|             - name: DNS_KEEP_NAMESERVER
 | |
|               value: on
 | |
|             - name: DNS_PLAINTEXT_ADDRESS
 | |
|               value: 10.96.0.10
 | |
|           securityContext:
 | |
|             privileged: True
 | |
|             capabilities:
 | |
|               add:
 | |
|                 - NET_ADMIN
 | |
|                 - SYS_MODULE
 | |
|           resources:
 | |
|             limits:
 | |
|               squat.ai/tun: "1"
 | |
|             requests:
 | |
|               squat.ai/tun: "1"
 | |
|               cpu: 10m
 | |
|               memory: 128Mi
 | |
|   serviceAccount:
 | |
|     create: true
 | |
|   service:
 | |
|     main:
 | |
|       controller: main
 | |
|       ports:
 | |
|         http:
 | |
|           port: 80
 | |
|           targetPort: 24000
 | |
|           protocol: HTTP
 | |
|   persistence:
 | |
|     data:
 | |
|       storageClass: ceph-block
 | |
|       accessMode: ReadWriteOnce
 | |
|       size: 20Gi
 | |
|       retain: true
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /cache
 | |
|               readOnly: false
 | |
|     youtube:
 | |
|       existingClaim: tubearchivist-nfs-storage
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /youtube
 | |
|               readOnly: false
 | |
| valkey:
 | |
|   architecture: standalone
 | |
|   auth:
 | |
|     enabled: false
 | |
|     usePasswordFiles: false
 | |
|   primary:
 | |
|     persistence:
 | |
|       enabled: true
 | |
|       size: 1Gi
 | |
|   replica:
 | |
|     persistence:
 | |
|       enabled: false
 | |
| elasticsearch:
 | |
|   global:
 | |
|     storageClass: ceph-block
 | |
|   extraEnvVars:
 | |
|     - name: discovery.type
 | |
|       value: single-node
 | |
|     - name: xpack.security.enabled
 | |
|       value: "true"
 | |
|   extraEnvVarsSecret: tubearchivist-elasticsearch-secret
 | |
|   extraConfig:
 | |
|     path:
 | |
|       repo: /usr/share/elasticsearch/data/snapshot
 | |
|   extraVolumes:
 | |
|     - name: snapshot
 | |
|       nfs:
 | |
|         path: /volume2/Storage/TubeArchivist
 | |
|         server: synologybond.alexlebens.net
 | |
|   extraVolumeMounts:
 | |
|     - name: snapshot
 | |
|       mountPath: /usr/share/elasticsearch/data/snapshot
 | |
|   snapshotRepoPath: /usr/share/elasticsearch/data/snapshot
 | |
|   master:
 | |
|     masterOnly: false
 | |
|     replicaCount: 1
 | |
|   data:
 | |
|     replicaCount: 0
 | |
|   coordinating:
 | |
|     replicaCount: 0
 | |
|   ingest:
 | |
|     enabled: false
 | |
|     replicaCount: 0
 |