From bc1cd750f2f152175f893d8c292c3e2dc7902a26 Mon Sep 17 00:00:00 2001
From: sumarsono <sumarsono.wongbandar@gmail.com>
Date: Wed, 20 Apr 2022 11:42:18 +0700
Subject: [PATCH] Add kubernetes example

This is a working wg-easy kubernetes example.
---
 kubernetes-wg-easy-example.yaml | 143 ++++++++++++++++++++++++++++++++
 1 file changed, 143 insertions(+)
 create mode 100644 kubernetes-wg-easy-example.yaml

diff --git a/kubernetes-wg-easy-example.yaml b/kubernetes-wg-easy-example.yaml
new file mode 100644
index 00000000..b683486a
--- /dev/null
+++ b/kubernetes-wg-easy-example.yaml
@@ -0,0 +1,143 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wg-easy-pvc
+  namespace: wireguard
+spec:
+  storageClassName: openebs-data
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 0.25Gi
+      
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wg-easy
+  namespace: wireguard
+  labels:
+    app: wg-easy
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: wg-easy
+  template:
+    metadata:
+      labels:
+        app: wg-easy
+    spec:
+      restartPolicy: Always
+      initContainers:
+      - name: init
+        image: busybox:1.32.0
+        command:
+        - sh
+        - -c
+        - sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.forwarding=1
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
+      containers:
+      - name: wg-easy
+        image: weejewel/wg-easy
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
+        ports:
+        - containerPort: 51820
+          protocol: UDP
+          name: wg
+        - containerPort: 51821
+          protocol: TCP
+          name: wg-dashboard
+        env:
+        - name: WG_HOST
+          value: "sub.domain.tld"
+        - name: PASSWORD
+          value: "eiCCXkBifqwJ8qGT74repVf3ab7mYsbzGUx66"
+        - name: WG_DEFAULT_DNS
+          value: "8.8.8.8"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "150m"
+          limits:
+            memory: "128Mi"
+        volumeMounts:
+        - name: wg-easy-data
+          mountPath: /etc/wireguard
+      volumes:
+      - name: wg-easy-data
+        persistentVolumeClaim:
+          claimName: wg-easy-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wg-easy
+  namespace: wireguard
+  labels:
+    app: wg-easy
+spec:
+  type: NodePort
+  selector:
+    app: wg-easy
+  ports:
+  - port: 51820
+    targetPort: wg
+    # When import config to client, you must edit the peer port to 30001
+    nodePort: 30001
+    protocol: UDP
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wg-easy-dashboard
+  namespace: wireguard
+  labels:
+    app: wg-easy
+spec:
+  selector:
+    app: wg-easy
+  ports:
+  - port: 51821
+    targetPort: wg-dashboard
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: wg-easy-dashboard
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "production-issuer"
+
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: sub.domain.tld
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wg-easy-dashboard
+            port:
+              number: 51821
+  tls:
+  - hosts:
+    - sub.domain.tld
+    secretName: sub.domain.tld-cert