diff --git a/wg-socks/deployment.yaml b/wg-socks/deployment.yaml index 7f5a51d..a9e9cc7 100644 --- a/wg-socks/deployment.yaml +++ b/wg-socks/deployment.yaml @@ -6,39 +6,38 @@ spec: selector: matchLabels: app: wireguard-socks - type: proxy template: spec: volumes: - - name: wireguard - hostPath: - path: /data/wireguard - - name: module - hostPath: - path: /lib/modules + - name: config + secret: + secretName: wireguard + initContainers: + - name: setup + image: busybox + command: + - sysctl + - -w + - net.ipv4.conf.all.src_valid_mark=1 + securityContext: + privileged: true containers: - name: wireguard - image: neilpang/wgcf-docker:alpine + image: linuxserver/wireguard:amd64-1.0.20210914 resources: limits: cpu: 200m memory: 128Mi imagePullPolicy: IfNotPresent securityContext: - #sysctls: - # - name: net.ipv6.conf.all.disable_ipv6 - # value: '0' - privileged: true + privileged: false capabilities: add: - NET_ADMIN - allowPrivilegeEscalation: true - readOnlyRootFilesystem: false + - SYS_MODULE volumeMounts: - - mountPath: /wgcf - name: wireguard - - mountPath: /lib/modules - name: module + - name: config + mountPath: /config - name: socks5 image: netbyte/socks5-server args: diff --git a/wg-socks/kustomization.yaml b/wg-socks/kustomization.yaml index 40193cb..cfca7e3 100644 --- a/wg-socks/kustomization.yaml +++ b/wg-socks/kustomization.yaml @@ -5,3 +5,7 @@ resources: commonLabels: app: wireguard-socks type: proxy +secretGenerator: + - name: wireguard + files: + - config/wg0.conf diff --git a/wg-socks/wg0.conf b/wg-socks/wg0.conf deleted file mode 100644 index 664cda0..0000000 --- a/wg-socks/wg0.conf +++ /dev/null @@ -1,11 +0,0 @@ -[Interface] -PrivateKey = qHAma2P6+Q3vbublEoBhULwVdzXeQne4YMnXeLxG6Wo= -Address = 172.16.0.2/32 -Address = 2606:4700:110:81a7:4036:8234:a94:4254/128 -DNS = 1.1.1.1 -MTU = 1280 -[Peer] -PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= -AllowedIPs = 0.0.0.0/0 -AllowedIPs = ::/0 -Endpoint = engage.cloudflareclient.com:2408 \ No newline at end of file