add

wg-socks/deployment.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wireguard-socks
+spec:
+  selector:
+    matchLabels:
+      app: wireguard-socks
+      type: proxy
+  template:
+    spec:
+      volumes:
+        - name: wireguard
+          hostPath:
+            path: /data/wireguard
+        - name: module
+          hostPath:
+            path: /lib/modules
+      containers:
+        - name: wireguard
+          image: neilpang/wgcf-docker:alpine
+          resources:
+            limits:
+              cpu: 200m
+              memory: 128Mi
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            #sysctls:
+            #  - name: net.ipv6.conf.all.disable_ipv6
+            #    value: '0'
+            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
+            allowPrivilegeEscalation: true
+            readOnlyRootFilesystem: false
+          volumeMounts:
+            - mountPath: /wgcf
+              name: wireguard
+            - mountPath: /lib/modules
+              name: module
+        - name: socks5
+          image: netbyte/socks5-server
+          args:
+            - '-l'
+            - ':1089'
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              cpu: 200m
+              memory: 128Mi

wg-socks/kustomization.yaml

@@ -0,0 +1,7 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+
+resources:
+  - deployment.yaml
+commonLabels:
+  app: wireguard-socks
+  type: proxy

wg-socks/wg0.conf

@@ -0,0 +1,11 @@
+[Interface]
+PrivateKey = qHAma2P6+Q3vbublEoBhULwVdzXeQne4YMnXeLxG6Wo=
+Address = 172.16.0.2/32
+Address = 2606:4700:110:81a7:4036:8234:a94:4254/128
+DNS = 1.1.1.1
+MTU = 1280
+[Peer]
+PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
+AllowedIPs = 0.0.0.0/0
+AllowedIPs = ::/0
+Endpoint = engage.cloudflareclient.com:2408