mirror of
https://github.com/amkartashov/gf-k8s.git
synced 2026-01-11 09:59:43 +00:00
72 lines
1.8 KiB
YAML
72 lines
1.8 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: vpn-client
|
|
labels:
|
|
k8s-app: vpn-client
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
name: vpn-client
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: vpn-client
|
|
spec:
|
|
hostNetwork: true
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: vpn
|
|
operator: In
|
|
values: ["enabled"]
|
|
volumes:
|
|
- name: vpn-conf
|
|
configMap:
|
|
name: vpn-conf
|
|
- name: vpn-scripts
|
|
configMap:
|
|
name: vpn-scripts
|
|
defaultMode: 0555
|
|
- name: vpn-creds
|
|
secret:
|
|
secretName: vpn-creds
|
|
- name: dev-net-tun
|
|
hostPath:
|
|
path: /dev/net/tun
|
|
containers:
|
|
- name: openvpn
|
|
image: ghcr.io/amkartashov/openvpn:0.1.0
|
|
command: ["/usr/sbin/openvpn"]
|
|
args:
|
|
- --config
|
|
- /vpn/vpn.conf
|
|
- --auth-user-pass
|
|
- /vpn/creds
|
|
- --script-security
|
|
- "2"
|
|
- --up
|
|
- /vpn-scripts/up.sh
|
|
- --down
|
|
- /vpn-scripts/down.sh
|
|
securityContext:
|
|
privileged: true
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
volumeMounts:
|
|
- name: vpn-conf
|
|
mountPath: /vpn/vpn.conf
|
|
subPath: vpn.conf
|
|
readOnly: true
|
|
- name: vpn-creds
|
|
mountPath: /vpn/creds
|
|
subPath: creds
|
|
readOnly: true
|
|
- name: vpn-scripts
|
|
mountPath: /vpn-scripts
|
|
readOnly: true
|
|
- mountPath: /dev/net/tun
|
|
name: dev-net-tun
|