Created
April 20, 2020 21:10
-
-
Save adawolfs/2ea9e823e3dbb3e92a6f381959ec0530 to your computer and use it in GitHub Desktop.
Revisions
-
adawolfs created this gist
Apr 20, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,72 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: vpn spec: selector: matchLabels: app: vpn serviceName: vpn replicas: 1 template: metadata: labels: app: vpn spec: containers: - name: vpn image: hanyifeng/alpine-ikev2-vpn imagePullPolicy: Always env: - name: VPNUSER value: vpn-user - name: VPNPASS value: please_change_me - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP securityContext: privileged: true <---- Its required to access kernel features due IPsec ports: - containerPort: 500 #hostPort: 500 <--- You can enable hostPort but its not a good practice name: vpn-isakmp protocol: UDP - containerPort: 4500 #hostPort: <--- You can enable hostPort but its not a good practice name: vpn-ike protocol: UDP volumeMounts: - mountPath: /lib/modules name: modules volumes: - name: modules hostPath: path: /lib/modules --- # You will have to setup node ports 30500 and 30501 at your client # Or use something like nginx with streams enabled: # to forward udp traffic to port 500 and 4500 # https://nginx.org/en/docs/stream/ngx_stream_core_module.html # Rememer that nginx does not supports domain based reverse proxy. kind: Service apiVersion: v1 metadata: name: vpn spec: selector: app: vpn type: NodePort ports: - name: vpn-isakmp port: 500 targetPort: vpn-isakmp protocol: UDP nodePort: 30500 - name: vpn-ike port: 4500 targetPort: vpn-ike protocol: UDP nodePort: 30501