# Apply: kubectl apply -f manifests/network/gluetun-proxy.yaml # Delete: kubectl delete -f manifests/network/gluetun-proxy.yaml # Description: Standalone Gluetun HTTP proxy for browser traffic via PIA. --- apiVersion: apps/v1 kind: Deployment metadata: name: gluetun-proxy namespace: downloads spec: replicas: 1 selector: matchLabels: app: gluetun-proxy template: metadata: labels: app: gluetun-proxy spec: containers: - name: gluetun image: qmcgaw/gluetun:v3.41.1 securityContext: capabilities: add: - NET_ADMIN env: - name: VPN_SERVICE_PROVIDER value: private internet access - name: VPN_TYPE value: openvpn - name: SERVER_REGIONS value: South Korea,Taiwan,Hong Kong - name: OPENVPN_USER valueFrom: secretKeyRef: name: pia-credentials key: OPENVPN_USER - name: OPENVPN_PASSWORD valueFrom: secretKeyRef: name: pia-credentials key: OPENVPN_PASSWORD - name: HTTPPROXY value: "on" - name: HTTPPROXY_LISTENING_ADDRESS value: "8888" - name: HTTPPROXY_LOG value: "off" - name: FIREWALL_OUTBOUND_SUBNETS value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24" - name: BLOCK_IPV6 value: "on" ports: - containerPort: 8888 startupProbe: exec: command: - /gluetun-entrypoint - healthcheck periodSeconds: 10 failureThreshold: 18 livenessProbe: exec: command: - /gluetun-entrypoint - healthcheck periodSeconds: 30 failureThreshold: 3 readinessProbe: exec: command: - /gluetun-entrypoint - healthcheck periodSeconds: 10 failureThreshold: 3 volumeMounts: - name: tun mountPath: /dev/net/tun volumes: - name: tun hostPath: path: /dev/net/tun type: CharDevice --- apiVersion: v1 kind: Service metadata: name: gluetun-proxy namespace: downloads spec: selector: app: gluetun-proxy type: NodePort ports: - name: httpproxy port: 8888 targetPort: 8888 nodePort: 30888