homelab/manifests/network/gluetun-proxy.yaml

79 lines
2.0 KiB
YAML

# Apply: kubectl apply -f manifests/network/gluetun-proxy.yaml
# Delete: kubectl delete -f manifests/network/gluetun-proxy.yaml
# Description: Standalone Gluetun HTTP proxy for browser traffic via PIA.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gluetun-proxy
namespace: downloads
spec:
replicas: 1
selector:
matchLabels:
app: gluetun-proxy
template:
metadata:
labels:
app: gluetun-proxy
spec:
containers:
- name: gluetun
image: qmcgaw/gluetun:latest
securityContext:
capabilities:
add:
- NET_ADMIN
env:
- name: VPN_SERVICE_PROVIDER
value: private internet access
- name: VPN_TYPE
value: openvpn
- name: SERVER_REGIONS
value: Hong Kong
- name: OPENVPN_USER
valueFrom:
secretKeyRef:
name: pia-credentials
key: OPENVPN_USER
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: pia-credentials
key: OPENVPN_PASSWORD
- name: HTTPPROXY
value: "on"
- name: HTTPPROXY_PORT
value: "8888"
- name: HTTPPROXY_LOG
value: "off"
- name: FIREWALL_OUTBOUND_SUBNETS
value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24"
- name: BLOCK_IPV6
value: "on"
ports:
- containerPort: 8888
volumeMounts:
- name: tun
mountPath: /dev/net/tun
volumes:
- name: tun
hostPath:
path: /dev/net/tun
type: CharDevice
---
apiVersion: v1
kind: Service
metadata:
name: gluetun-proxy
namespace: downloads
spec:
selector:
app: gluetun-proxy
type: NodePort
ports:
- name: httpproxy
port: 8888
targetPort: 8888
nodePort: 30888