--- apiVersion: apps/v1 kind: Deployment metadata: name: piped namespace: data labels: app.kubernetes.io/instance: piped app.kubernetes.io/name: piped spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: piped app.kubernetes.io/name: piped template: metadata: labels: app.kubernetes.io/instance: piped app.kubernetes.io/name: piped spec: containers: - image: 1337kavin/piped-fronted:latest imagePullPolicy: Always name: fronted ports: - containerPort: 8080 name: piped-fronted - image: 1337kavin/ytproxy:latest imagePullPolicy: Always name: ytproxy - image: 1337kavin/piped:latest imagePullPolicy: Always name: piped volumeMounts: - name: config mountPath: /app/config.properties subPath: config.properties - image: varnish:6.6-alpine imagePullPolicy: IfNotPresent name: varnish volumeMounts: - name: config mountPath: /etc/varnish/default.vcl subPath: default.vcl - image: caddy:2-alpine imagePullPolicy: IfNotPresent name: caddy ports: - containerPort: 443 name: https volumes: - name: config configMap: name: piped-config --- apiVersion: v1 kind: ConfigMap metadata: name: piped-config namespace: data data: config.properties: | # The port to Listen on. PORT: 8080 # The number of workers to use for the server HTTP_WORKERS: 1 # Proxy PROXY_PART: https://pipedproxy-ams.kavin.rocks # Outgoing HTTP Proxy - eg: 127.0.0.1:8118 # HTTP_PROXY: 127.0.0.1:8118 # Captcha Parameters CAPTCHA_BASE_URL: https://api.capmonster.cloud/ CAPTCHA_API_KEY: INSERT_HERE # Public API URL API_URL: https://pipedapi.kavin.rocks # Hibernate properties hibernate.connection.url: jdbc:postgresql://postgresql-kube.data.svc.cluster.local:5432/piped hibernate.connection.driver_class: org.postgresql.Driver hibernate.dialect: org.hibernate.dialect.PostgreSQL10Dialect hibernate.connection.username: piped hibernate.connection.password: ${SECRET_PIPED_DB_PASSWORD} default.vcl: | vcl 4.0; backend default { .host = "localhost:8080"; } Caddyfile: | { servers :443 { protocol { experimental_http3 } } } FRONTEND_HOSTNAME { reverse_proxy localhost:80 } BACKEND_HOSTNAME { reverse_proxy localhost:80 } PROXY_HOSTNAME { @ytproxy path /videoplayback* /api/v4/* /api/manifest/* @optionscall { method OPTIONS } header Access-Control-Allow-Origin * header Access-Control-Allow-Headers * route { header @ytproxy { Cache-Control private always } header / { Cache-Control "public, max-age=604800" } respond @optionscall 200 reverse_proxy unix//var/run/ytproxy/http-proxy.sock { header_up -CF-Connecting-IP header_up -X-Forwarded-For header_down -Access-Control-Allow-Origin header_down -etag header_down -alt-svc } } } --- apiVersion: v1 kind: Service metadata: annotations: prometheus.io/probe: "true" prometheus.io/protocol: tcp labels: app.kubernetes.io/instance: piped app.kubernetes.io/name: piped name: piped namespace: data spec: ports: - name: http port: 8080 protocol: TCP targetPort: 8080 selector: app.kubernetes.io/instance: piped app.kubernetes.io/name: piped type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: # annotations: # traefik.ingress.kubernetes.io/router.entrypoints: "websecure" labels: app.kubernetes.io/instance: piped app.kubernetes.io/name: piped name: piped namespace: data spec: ingressClassName: "nginx" rules: - host: "piped.${SECRET_CLUSTER_DOMAIN}" http: paths: - path: / pathType: Prefix backend: service: name: piped port: number: 8080 tls: - hosts: - "piped.${SECRET_CLUSTER_DOMAIN}" secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"