54 lines
1.2 KiB
YAML
54 lines
1.2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: wireguard
|
|
namespace: wireguard
|
|
labels:
|
|
app: wireguard
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: wireguard
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: wireguard
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: wireguard
|
|
image: alpine:latest
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
apk add --no-cache wireguard-tools iptables
|
|
cp /config/wg0.conf /etc/wireguard/wg0.conf
|
|
chmod 600 /etc/wireguard/wg0.conf
|
|
wg-quick up wg0
|
|
echo "Wireguard is up"
|
|
trap "wg-quick down wg0" SIGINT SIGTERM
|
|
sleep infinity &
|
|
wait
|
|
securityContext:
|
|
privileged: true
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
volumeMounts:
|
|
- name: wg-config
|
|
mountPath: /config/wg0.conf
|
|
subPath: wg0.conf
|
|
readOnly: true
|
|
- name: lib-modules
|
|
mountPath: /lib/modules
|
|
readOnly: true
|
|
volumes:
|
|
- name: wg-config
|
|
secret:
|
|
secretName: wireguard-config
|
|
- name: lib-modules
|
|
hostPath:
|
|
path: /lib/modules
|