--- apiVersion: apps/v1 kind: Deployment metadata: name: invidious-companion namespace: default spec: replicas: 1 selector: matchLabels: app: invidious-companion template: metadata: labels: app: invidious-companion spec: initContainers: - name: vpn restartPolicy: Always image: qmcgaw/gluetun:v3.40.0 securityContext: capabilities: add: - NET_ADMIN env: - name: OPENVPN_PASSWORD valueFrom: secretKeyRef: name: openvpn-secrets key: OPENVPN_PASSWORD - name: OPENVPN_USER valueFrom: secretKeyRef: name: openvpn-secrets key: OPENVPN_USER - name: VPN_SERVICE_PROVIDER value: "surfshark" - name: SERVER_COUNTRIES value: "Netherlands" - name: FIREWALL_INPUT_PORTS value: "8282" - name: FIREWALL_VPN_INPUT_PORTS value: "8282" - name: FIREWALL_OUTBOUND_SUBNETS value: "192.168.1.0/24" - name: DOT value: "on" - name: DNS_ADDRESS value: "8.8.8.8" volumeMounts: - name: companion-cache mountPath: /var/tmp/youtubei.js subPath: youtubei.js containers: - name: invidious-companion image: quay.io/invidious/invidious-companion@sha256:a4cc1ca00e3f9025f3b3246f44801a5cbccd674cac25be9c84deb4e1cf2ab9c3 env: - name: SERVER_SECRET_KEY valueFrom: secretKeyRef: name: invidious-secrets key: SERVER_SECRET_KEY ports: - containerPort: 8282 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - name: companion-cache mountPath: /var/tmp/youtubei.js subPath: youtubei.js volumes: - name: companion-cache persistentVolumeClaim: claimName: longhorn-invidious-cache