helm/wg-socks/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wireguard-socks
spec:
  selector:
    matchLabels:
      app: wireguard-socks
      type: proxy
  template:
    spec:
      volumes:
        - name: wireguard
          hostPath:
            path: /data/wireguard
        - name: module
          hostPath:
            path: /lib/modules
      containers:
        - name: wireguard
          image: neilpang/wgcf-docker:alpine
          resources:
            limits:
              cpu: 200m
              memory: 128Mi
          imagePullPolicy: IfNotPresent
          securityContext:
            #sysctls:
            #  - name: net.ipv6.conf.all.disable_ipv6
            #    value: '0'
            privileged: true
            capabilities:
              add:
                - NET_ADMIN
            allowPrivilegeEscalation: true
            readOnlyRootFilesystem: false
          volumeMounts:
            - mountPath: /wgcf
              name: wireguard
            - mountPath: /lib/modules
              name: module
        - name: socks5
          image: netbyte/socks5-server
          args:
            - '-l'
            - ':1089'
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: 200m
              memory: 128Mi