wireguard-proxy

2023-09-06 04:40:10 +00:00 · 2023-09-06 04:40:10 +00:00 · 738564f747
commit 738564f747
parent 669c63ee4b
3 changed files with 21 additions and 29 deletions
--- a/wg-socks/deployment.yaml
+++ b/wg-socks/deployment.yaml
@ -6,39 +6,38 @@ spec:
  selector:
    matchLabels:
      app: wireguard-socks
      type: proxy
  template:
    spec:
      volumes:
-        - name: wireguard
+        - name: config
-          hostPath:
+          secret:
-            path: /data/wireguard
+            secretName: wireguard
-        - name: module
+      initContainers:
-          hostPath:
+        - name: setup
-            path: /lib/modules
+          image: busybox
          command:
          - sysctl 
          - -w
          - net.ipv4.conf.all.src_valid_mark=1
          securityContext:
            privileged: true
      containers:
        - name: wireguard
-          image: neilpang/wgcf-docker:alpine
+          image: linuxserver/wireguard:amd64-1.0.20210914
          resources:
            limits:
              cpu: 200m
              memory: 128Mi
          imagePullPolicy: IfNotPresent
          securityContext:
-            #sysctls:
+            privileged: false
            #  - name: net.ipv6.conf.all.disable_ipv6
            #    value: '0'
            privileged: true
            capabilities:
              add:
                - NET_ADMIN
-            allowPrivilegeEscalation: true
+                - SYS_MODULE
            readOnlyRootFilesystem: false
          volumeMounts:
-            - mountPath: /wgcf
+            - name: config
-              name: wireguard
+              mountPath: /config
            - mountPath: /lib/modules
              name: module
        - name: socks5
          image: netbyte/socks5-server
          args:
--- a/wg-socks/kustomization.yaml
+++ b/wg-socks/kustomization.yaml
@ -5,3 +5,7 @@ resources:
 commonLabels:
  app: wireguard-socks
  type: proxy
 secretGenerator:
  - name: wireguard
    files:
      - config/wg0.conf
--- a/wg-socks/wg0.conf
+++ b/wg-socks/wg0.conf
@ -1,11 +0,0 @@
 [Interface]
 PrivateKey = qHAma2P6+Q3vbublEoBhULwVdzXeQne4YMnXeLxG6Wo=
 Address = 172.16.0.2/32
 Address = 2606:4700:110:81a7:4036:8234:a94:4254/128
 DNS = 1.1.1.1
 MTU = 1280
 [Peer]
 PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
 AllowedIPs = 0.0.0.0/0
 AllowedIPs = ::/0
 Endpoint = engage.cloudflareclient.com:2408