kube-cascade/tubesync/deployment.yaml

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tubesync
  namespace: tubesync
spec:
  ingressClassName: haproxy
  rules:
  - host: tubesync.strudelline.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: oauth2-proxy
            port:
              number: 4180
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: tubesync
  name: tubesync
  annotations:
    "reloader.stakater.com/auto": "true"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tubesync
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: tubesync
    spec:
      terminationGracePeriodSeconds: 0
      restartPolicy: Always
      securityContext:
        sysctls:
        - name: net.ipv4.tcp_rmem
          value: "4096 87380 33554432"
        - name: net.ipv4.tcp_wmem
          value: "4096 65536 33554432"
      initContainers:
      - name: killswitch
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -j DROP
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: tubesync-data
      - name: video
        nfs:
          server: 172.16.18.1
          path: /volume1/video
      containers:
      - name: tubesync
        image: ghcr.io/meeb/tubesync:latest
        env:
        - name: TZ
          value: America/Chicago
        - name: PUID
          value: "1029"
        - name: PGID
          value: "101"
        volumeMounts:
        - mountPath: /downloads
          name: video
        - mountPath: /config
          name: data
      - name: vpn
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            mkdir -p /dev/net
            mknod /dev/net/tun c 10 200
            exec /entrypoint.sh
        env:
        - name: TUN
          value: tun0
        - name: PROXY
          value: socks5://172.16.17.180:1080
        - name: TUN_EXCLUDED_ROUTES
          value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: tubesync
  name: tubesync
  namespace: tubesync
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: tubesync
    port: 4848
    protocol: TCP
    targetPort: 4848
  selector:
    app: tubesync
  sessionAffinity: None
  type: ClusterIP
true it on up y'all 2023-12-20 22:40:16 +00:00			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: tubesync`
			`namespace: tubesync`
			`spec:`
			`ingressClassName: haproxy`
			`rules:`
			`- host: tubesync.strudelline.net`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: oauth2-proxy`
			`port:`
			`number: 4180`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`namespace: tubesync`
			`name: tubesync`
			`annotations:`
			`"reloader.stakater.com/auto": "true"`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: tubesync`
			`strategy:`
			`type: Recreate`
			`template:`
			`metadata:`
			`labels:`
			`app: tubesync`
			`spec:`
			`terminationGracePeriodSeconds: 0`
			`restartPolicy: Always`
			`securityContext:`
			`sysctls:`
			`- name: net.ipv4.tcp_rmem`
			`value: "4096 87380 33554432"`
			`- name: net.ipv4.tcp_wmem`
			`value: "4096 65536 33554432"`
			`initContainers:`
			`- name: killswitch`
			`image: xjasonlyu/tun2socks:latest`
			`command: ["sh","-c"]`
			`args:`
			`- \|`
			`iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT`
			`iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT`
			`iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT`
			`iptables -t mangle -A POSTROUTING -o eth0 -j DROP`
			`securityContext:`
			`capabilities:`
			`add: ["NET_ADMIN","SYS_TIME"]`
			`volumes:`
			`- name: data`
			`persistentVolumeClaim:`
			`claimName: tubesync-data`
			`- name: video`
			`nfs:`
			`server: 172.16.18.1`
			`path: /volume1/video`
			`containers:`
			`- name: tubesync`
			`image: ghcr.io/meeb/tubesync:latest`
			`env:`
			`- name: TZ`
			`value: America/Chicago`
			`- name: PUID`
			`value: "1029"`
			`- name: PGID`
			`value: "101"`
			`volumeMounts:`
			`- mountPath: /downloads`
			`name: video`
			`- mountPath: /config`
			`name: data`
			`- name: vpn`
			`image: xjasonlyu/tun2socks:latest`
			`command: ["sh","-c"]`
			`args:`
			`- \|`
			`mkdir -p /dev/net`
			`mknod /dev/net/tun c 10 200`
			`exec /entrypoint.sh`
			`env:`
			`- name: TUN`
			`value: tun0`
			`- name: PROXY`
			`value: socks5://172.16.17.180:1080`
			`- name: TUN_EXCLUDED_ROUTES`
			`value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16`
			`securityContext:`
			`capabilities:`
			`add: ["NET_ADMIN","SYS_TIME"]`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`labels:`
			`app: tubesync`
			`name: tubesync`
			`namespace: tubesync`
			`spec:`
			`ipFamilies:`
			`- IPv4`
			`ipFamilyPolicy: SingleStack`
			`ports:`
			`- name: tubesync`
			`port: 4848`
			`protocol: TCP`
			`targetPort: 4848`
			`selector:`
			`app: tubesync`
			`sessionAffinity: None`
			`type: ClusterIP`