apiVersion: v1 kind: PersistentVolumeClaim metadata: name: wg-easy-pvc namespace: infra annotations: nfs.io/storage-path: "wg-easy-config" spec: storageClassName: "nfs-client" accessModes: - ReadWriteOnce resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: wg-easy namespace: infra spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: wg-easy template: metadata: labels: app: wg-easy spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: kubernetes.io/hostname operator: In values: - nexus containers: - name: wg-easy image: ghcr.io/wg-easy/wg-easy:latest imagePullPolicy: Always ports: - containerPort: 51820 protocol: UDP name: wg-port - containerPort: 51821 protocol: TCP name: web-port env: - name: LANG value: en - name: WG_HOST value: vpn.ivanch.me - name: WG_MTU value: "1420" - name: UI_TRAFFIC_STATS value: "true" - name: UI_CHART_TYPE value: "0" - name: WG_ENABLE_ONE_TIME_LINKS value: "true" - name: UI_ENABLE_SORT_CLIENTS value: "true" securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE resources: requests: cpu: 100m memory: 256Mi volumeMounts: - name: wg-easy-volume mountPath: /etc/wireguard restartPolicy: Always volumes: - name: wg-easy-volume persistentVolumeClaim: claimName: wg-easy-pvc --- apiVersion: v1 kind: Service metadata: name: wg-easy-svc namespace: infra spec: type: LoadBalancer selector: app: wg-easy loadBalancerIP: 192.168.15.202 ports: - name: wg-port port: 51820 targetPort: 51820 protocol: UDP - name: web-port port: 51821 targetPort: 51821 protocol: TCP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wg-easy-ingress namespace: infra spec: ingressClassName: nginx rules: - host: vpn.haven http: paths: - path: / pathType: Prefix backend: service: name: wg-easy-svc port: number: 51821