diff --git a/bootstrap/kustomizations/kustomization-wg-easy.yaml b/bootstrap/kustomizations/kustomization-wg-easy.yaml new file mode 100644 index 0000000..809ea9b --- /dev/null +++ b/bootstrap/kustomizations/kustomization-wg-easy.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: wg-easy + namespace: flux-system +spec: + interval: 15m + path: ./wg-easy + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: wg-easy + namespace: wg-easy diff --git a/bootstrap/namespaces/namespace-wg-easy.yaml b/bootstrap/namespaces/namespace-wg-easy.yaml new file mode 100644 index 0000000..2b9eeae --- /dev/null +++ b/bootstrap/namespaces/namespace-wg-easy.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: wg-easy diff --git a/wg-easy/config.yaml b/wg-easy/config.yaml new file mode 100644 index 0000000..ec1d32e --- /dev/null +++ b/wg-easy/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: wg-easy-config + namespace: wg-easy +data: + LANG: "en" + WG_HOST: "wireguard.michaelthomson.dev" diff --git a/wg-easy/deployment.yaml b/wg-easy/deployment.yaml new file mode 100644 index 0000000..876c7e2 --- /dev/null +++ b/wg-easy/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wg-easy + namespace: wg-easy +spec: + selector: + matchLabels: + app: wg-easy + template: + metadata: + labels: + app: wg-easy + spec: + containers: + - name: wg-easy + image: ghcr.io/wg-easy/wg-easy + imagePullPolicy: Always + envFrom: + - configMapRef: + name: wg-easy-config + optional: false + ports: + - containerPort: 51820 + protocol: UDP + - containerPort: 51821 + volumeMounts: + - name: config + mountPath: /etc/wireguard + restartPolicy: Always + volumes: + - name: config + persistentVolumeClaim: + claimName: wg-easy-config diff --git a/wg-easy/dns-endpoint.yaml b/wg-easy/dns-endpoint.yaml new file mode 100644 index 0000000..b7a9084 --- /dev/null +++ b/wg-easy/dns-endpoint.yaml @@ -0,0 +1,15 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: wireguard.michaelthomson.dev + namespace: wg-easy +spec: + endpoints: + - dnsName: wireguard.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - michaelthomson.ddns.net + providerSpecific: + - name: external-dns.alpha.kubernetes.io/cloudflare-proxied + value: "true" diff --git a/wg-easy/ingress.yaml b/wg-easy/ingress.yaml new file mode 100644 index 0000000..0aed506 --- /dev/null +++ b/wg-easy/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wg-easy + namespace: wg-easy + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: wireguard.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: wg-easy + port: + name: http + tls: + - hosts: + - wireguard.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/wg-easy/pvc-config.yaml b/wg-easy/pvc-config.yaml new file mode 100644 index 0000000..b6f2028 --- /dev/null +++ b/wg-easy/pvc-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wg-easy-config + namespace: wg-easy +spec: + resources: + requests: + storage: 1Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/wg-easy/service.yaml b/wg-easy/service.yaml new file mode 100644 index 0000000..9052191 --- /dev/null +++ b/wg-easy/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: wg-easy + namespace: wg-easy +spec: + selector: + app: wg-easy + ports: + - port: 80 + targetPort: 51821 + name: http + - port: 51820 + targetPort: 51820 + name: udp