From 5fde45b3749332e3791b5e708c185d01182b1fd9 Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Wed, 13 May 2026 22:28:50 +0900 Subject: [PATCH] feat: add Gluetun proxy deployment and service configuration --- manifests/network/gluetun-proxy.yaml | 78 ++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 manifests/network/gluetun-proxy.yaml diff --git a/manifests/network/gluetun-proxy.yaml b/manifests/network/gluetun-proxy.yaml new file mode 100644 index 0000000..d626bb2 --- /dev/null +++ b/manifests/network/gluetun-proxy.yaml @@ -0,0 +1,78 @@ +# Apply: kubectl apply -f manifests/network/gluetun-proxy.yaml +# Delete: kubectl delete -f manifests/network/gluetun-proxy.yaml +# Description: Standalone Gluetun HTTP proxy for browser traffic via PIA. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gluetun-proxy + namespace: downloads +spec: + replicas: 1 + selector: + matchLabels: + app: gluetun-proxy + template: + metadata: + labels: + app: gluetun-proxy + spec: + containers: + - name: gluetun + image: qmcgaw/gluetun:latest + securityContext: + capabilities: + add: + - NET_ADMIN + env: + - name: VPN_SERVICE_PROVIDER + value: private internet access + - name: VPN_TYPE + value: openvpn + - name: SERVER_REGIONS + value: Hong Kong + - name: OPENVPN_USER + valueFrom: + secretKeyRef: + name: pia-credentials + key: OPENVPN_USER + - name: OPENVPN_PASSWORD + valueFrom: + secretKeyRef: + name: pia-credentials + key: OPENVPN_PASSWORD + - name: HTTPPROXY + value: "on" + - name: HTTPPROXY_PORT + value: "8888" + - name: HTTPPROXY_LOG + value: "off" + - name: FIREWALL_OUTBOUND_SUBNETS + value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24" + - name: BLOCK_IPV6 + value: "on" + ports: + - containerPort: 8888 + volumeMounts: + - name: tun + mountPath: /dev/net/tun + volumes: + - name: tun + hostPath: + path: /dev/net/tun + type: CharDevice +--- +apiVersion: v1 +kind: Service +metadata: + name: gluetun-proxy + namespace: downloads +spec: + selector: + app: gluetun-proxy + type: NodePort + ports: + - name: httpproxy + port: 8888 + targetPort: 8888 + nodePort: 30888