From cb18fc69915bd7334bb3bc8cdb590535d863856f Mon Sep 17 00:00:00 2001 From: Liam Date: Tue, 24 Sep 2024 07:17:17 +0100 Subject: [PATCH] add configs to searngx --- .../apps/production/searxng/config.yaml | 25 +++++++++++++++++++ .../apps/production/searxng/deployment.yaml | 13 ++++++++++ .../production/searxng/kustomization.yaml | 2 ++ .../production/searxng/sealed-secrets.yaml | 16 ++++++++++++ 4 files changed, 56 insertions(+) create mode 100644 kubernetes/apps/production/searxng/config.yaml create mode 100644 kubernetes/apps/production/searxng/sealed-secrets.yaml diff --git a/kubernetes/apps/production/searxng/config.yaml b/kubernetes/apps/production/searxng/config.yaml new file mode 100644 index 0000000..3d8d5b8 --- /dev/null +++ b/kubernetes/apps/production/searxng/config.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: searxng-config +data: + limiter.toml: | + # This configuration file updates the default configuration file + # See https://github.com/searxng/searxng/blob/master/searx/limiter.toml + + [botdetection.ip_limit] + # activate link_token method in the ip_limit method + link_token = true + + settings.yml: | + # see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings + use_default_settings: true + server: + # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml + limiter: true # can be disabled for a private instance + image_proxy: false + ui: + static_use_hash: true + redis: + url: redis://redis:6379/0 diff --git a/kubernetes/apps/production/searxng/deployment.yaml b/kubernetes/apps/production/searxng/deployment.yaml index 2717afb..a5d3e9c 100644 --- a/kubernetes/apps/production/searxng/deployment.yaml +++ b/kubernetes/apps/production/searxng/deployment.yaml @@ -22,6 +22,15 @@ spec: env: - name: SEARXNG_BASE_URL value: "https://search.fascinated.cc" + - name: SEARXNG_SECRET_KEY + valueFrom: + secretKeyRef: + name: searxng-secret + key: secret_key + volumeMounts: + - name: searxng-config-volume + mountPath: /etc/searxng + readOnly: true resources: requests: memory: "256Mi" @@ -29,3 +38,7 @@ spec: limits: memory: "512Mi" cpu: "500m" + volumes: + - name: searxng-config-volume + configMap: + name: searxng-config diff --git a/kubernetes/apps/production/searxng/kustomization.yaml b/kubernetes/apps/production/searxng/kustomization.yaml index 097a10d..bcbec1a 100644 --- a/kubernetes/apps/production/searxng/kustomization.yaml +++ b/kubernetes/apps/production/searxng/kustomization.yaml @@ -4,6 +4,8 @@ kind: Kustomization namespace: public-services resources: - pvc.yaml + - config.yaml + - sealed-secrets.yaml - redis-pod.yaml - deployment.yaml - service.yaml diff --git a/kubernetes/apps/production/searxng/sealed-secrets.yaml b/kubernetes/apps/production/searxng/sealed-secrets.yaml new file mode 100644 index 0000000..f349a09 --- /dev/null +++ b/kubernetes/apps/production/searxng/sealed-secrets.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: searxng-secret + namespace: public-services +spec: + encryptedData: + secret_key: AgC0GFaPKSBszjmam9HxhhPIKPj3aTaa7BtMEJJBaPUGRA7wPi/9utkHcQL5MG/1HB2nHwfVmBKQY/nmJaYIZBCE+MGjLljjVED37rNEj6PCTcptA/b27+Rnbn7XxH8Zt19uBZapWf0TO8EZaHu/6B9cYIiThlQ0o5+Im7nwuMoYymQSpxMAAr7O6i5cF4XaehYxiNhP1YfveW34Uit/VCMG8qyVi03YBnxsgUKdMeb8krAL2p5zH15ELSd6CprfYdkB8xTZkFYXxEctKyYywsI6ZEC3G0f2R+lcJ46e19wEEZSaCvT1Nviij/jdt4zafHjdQ+U3ZH69Sc83KwNxKJ3hDRdhM2Nl6wDrftl5IFtMFyk2fwOOPPxd8i096dmMBKzljgNgUYzbH4E3f4LBBjaoW0Nrdgkg0wEJplolfpiZVEOtlCm+Jm9tCxEWGEIkrysuZCv90kmd41fJb+k43/J5oY25gMMzUgqEryjR1fXXexgTQoNd1YKOft6DvWy6jZw/RjZWpwxmBHjtxKx9tbr0kwIx/ZCGAQhZ/4LjYCvmP9axV5h7anBbBgiVMA36BJq6nxg//wJ2GMy4CXlIs1oFpob0zTWOg/aCPwzTfK2GrzYXH6xLFqN1ueTdXSxNjb6qi4aOwOFtmZ9z53ffT/XeKyHVgXsLCt6THc1TJVzaqeHL7eM93RtPWlSezdSf84MfzewokisJd3TD3dDoSzhob43ckHlbFV7lbclzPBUAdw== + template: + metadata: + creationTimestamp: null + name: searxng-secret + namespace: public-services + type: Opaque