125 lines
2.5 KiB
YAML
125 lines
2.5 KiB
YAML
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: wg-easy-pvc
|
|
namespace: infra
|
|
annotations:
|
|
nfs.io/storage-path: "wg-easy-config"
|
|
spec:
|
|
storageClassName: "nfs-client"
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: wg-easy
|
|
namespace: infra
|
|
spec:
|
|
strategy:
|
|
type: Recreate
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: wg-easy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: wg-easy
|
|
spec:
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
preference:
|
|
matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values:
|
|
- nexus
|
|
containers:
|
|
- name: wg-easy
|
|
image: ghcr.io/wg-easy/wg-easy:latest
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- containerPort: 51820
|
|
protocol: UDP
|
|
name: wg-port
|
|
- containerPort: 51821
|
|
protocol: TCP
|
|
name: web-port
|
|
env:
|
|
- name: LANG
|
|
value: en
|
|
- name: WG_HOST
|
|
value: vpn.ivanch.me
|
|
- name: WG_MTU
|
|
value: "1420"
|
|
- name: UI_TRAFFIC_STATS
|
|
value: "true"
|
|
- name: UI_CHART_TYPE
|
|
value: "0"
|
|
- name: WG_ENABLE_ONE_TIME_LINKS
|
|
value: "true"
|
|
- name: UI_ENABLE_SORT_CLIENTS
|
|
value: "true"
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
volumeMounts:
|
|
- name: wg-easy-volume
|
|
mountPath: /etc/wireguard
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: wg-easy-volume
|
|
persistentVolumeClaim:
|
|
claimName: wg-easy-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: wg-easy-svc
|
|
namespace: infra
|
|
spec:
|
|
type: LoadBalancer
|
|
selector:
|
|
app: wg-easy
|
|
loadBalancerIP: 192.168.15.202
|
|
ports:
|
|
- name: wg-port
|
|
port: 51820
|
|
targetPort: 51820
|
|
protocol: UDP
|
|
- name: web-port
|
|
port: 51821
|
|
targetPort: 51821
|
|
protocol: TCP
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: wg-easy-ingress
|
|
namespace: infra
|
|
spec:
|
|
ingressClassName: nginx
|
|
rules:
|
|
- host: vpn.haven
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: wg-easy-svc
|
|
port:
|
|
number: 51821
|