From c242ace3499def51e74f00f93bf472065d996801 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 1 May 2025 12:19:46 +0530 Subject: [PATCH] use gluetun vpn for invidious companion --- cluster/apps/invidious/invidious-helper.yml | 41 +++++++++++++++++++-- cluster/apps/invidious/invidious-svc.yml | 16 -------- cluster/apps/invidious/invidious.yml | 2 - 3 files changed, 37 insertions(+), 22 deletions(-) diff --git a/cluster/apps/invidious/invidious-helper.yml b/cluster/apps/invidious/invidious-helper.yml index ed3307f..0d01c37 100644 --- a/cluster/apps/invidious/invidious-helper.yml +++ b/cluster/apps/invidious/invidious-helper.yml @@ -14,20 +14,53 @@ spec: labels: app: invidious-companion spec: + initContainers: + - name: vpn + restartPolicy: Always + image: qmcgaw/gluetun:v3.40.0 + securityContext: + capabilities: + add: + - NET_ADMIN + env: + - name: OPENVPN_PASSWORD + valueFrom: + secretKeyRef: + name: openvpn-secrets + key: OPENVPN_PASSWORD + - name: OPENVPN_USER + valueFrom: + secretKeyRef: + name: openvpn-secrets + key: OPENVPN_USER + - name: VPN_SERVICE_PROVIDER + value: "surfshark" + - name: SERVER_COUNTRIES + value: "Netherlands" + - name: FIREWALL_INPUT_PORTS + value: "8282" + - name: FIREWALL_VPN_INPUT_PORTS + value: "8282" + - name: FIREWALL_OUTBOUND_SUBNETS + value: "192.168.1.0/24" + volumeMounts: + - name: companion-cache + mountPath: /var/tmp/youtubei.js + subPath: youtubei.js containers: - name: invidious-companion - image: quay.io/invidious/invidious-companion:master-26cb520 + image: quay.io/invidious/invidious-companion:master-16d06cd env: - name: SERVER_SECRET_KEY value: "mtRhvm9wMCJhdnGP" ports: - - containerPort: 8282 + - containerPort: 8283 securityContext: + allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL - allowPrivilegeEscalation: false volumeMounts: - name: companion-cache mountPath: /var/tmp/youtubei.js @@ -35,4 +68,4 @@ spec: volumes: - name: companion-cache persistentVolumeClaim: - claimName: longhorn-invidious-cache \ No newline at end of file + claimName: longhorn-invidious-cache diff --git a/cluster/apps/invidious/invidious-svc.yml b/cluster/apps/invidious/invidious-svc.yml index 07c1fb4..e11fe2a 100644 --- a/cluster/apps/invidious/invidious-svc.yml +++ b/cluster/apps/invidious/invidious-svc.yml @@ -40,19 +40,3 @@ spec: targetPort: 3000 nodePort: 3111 protocol: TCP - ---- -apiVersion: v1 -kind: Service -metadata: - name: invidious-companion-external-service - namespace: default -spec: - type: NodePort - selector: - app: invidious-companion - ports: - - port: 8282 - targetPort: 8282 - nodePort: 8282 - protocol: TCP diff --git a/cluster/apps/invidious/invidious.yml b/cluster/apps/invidious/invidious.yml index 73a99ca..77ea66c 100644 --- a/cluster/apps/invidious/invidious.yml +++ b/cluster/apps/invidious/invidious.yml @@ -50,7 +50,6 @@ spec: check_tables: true invidious_companion: - private_url: "http://invidious-companion-service:8282" - public_url: "http://192.168.1.120:8282" invidious_companion_key: "mtRhvm9wMCJhdnGP" hmac_key: "qp/GnTJs5KCB8Ma8" - name: INVIDIOUS_PORT @@ -71,4 +70,3 @@ spec: volumes: - name: logging emptyDir: {} -