-
Notifications
You must be signed in to change notification settings - Fork 10
/
wireguard-pod.yaml
95 lines (95 loc) · 1.71 KB
/
wireguard-pod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
apiVersion: v1
kind: Namespace
metadata:
name: wireguard
labels:
name: wireguard
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-claim-wireguard
namespace: wireguard
spec:
storageClassName: "standard"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10M
---
apiVersion: v1
kind: ConfigMap
metadata:
name: wireguard-configmap
namespace: wireguard
data:
PUID: "1000"
PGID: "1000"
TZ: "America/Mexico_City"
SERVERPORT: "31820"
PEERS: "5"
PEERDNS: "10.124.0.10"
ALLOWEDIPS: "0.0.0.0/0, ::/0"
INTERNAL_SUBNET: "10.13.13.0"
---
apiVersion: v1
kind: Pod
metadata:
name: wireguard
namespace: wireguard
labels:
app: wireguard
spec:
containers:
- name: wireguard
image: ghcr.io/linuxserver/wireguard
envFrom:
- configMapRef:
name: wireguard-configmap
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
privileged: true
volumeMounts:
- name: wg-config
mountPath: /config
- name: host-volumes
mountPath: /lib/modules
ports:
- containerPort: 51820
protocol: UDP
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "128Mi"
cpu: "200m"
volumes:
- name: wg-config
persistentVolumeClaim:
claimName: pv-claim-wireguard
- name: host-volumes
hostPath:
path: /lib/modules
type: Directory
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: wireguard
name: wireguard-service
namespace: wireguard
spec:
type: NodePort
ports:
- port: 51820
nodePort: 31820
protocol: UDP
targetPort: 51820
selector:
app: wireguard