initial refactor

apps/wg-easy/config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wg-easy-config
+  namespace: wg-easy
+data:
+  LANG: "en"
+  WG_HOST: "wireguard.michaelthomson.dev"
+  WG_PORT: "30000"
+  UI_TRAFFIC_STATS: "true"
+  UI_CHART_TYPE: "1"
+  ENABLE_PROMETHEUS_METRICS: "true"

apps/wg-easy/deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wg-easy
+  namespace: wg-easy
+spec:
+  selector:
+    matchLabels:
+      app: wg-easy
+  template:
+    metadata:
+      labels:
+        app: wg-easy
+    spec:
+      # securityContext:
+      #   sysctls:
+      #   - name: net.ipv4.ip_forward
+      #     value: "1"
+      #   - name: net.ipv4.conf.all.src_valid_mark
+      #     value: "1"
+      containers:
+      - name: wg-easy
+        image: ghcr.io/wg-easy/wg-easy
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: wg-easy-config
+            optional: false
+        ports:
+        - containerPort: 30000
+          name: wg
+          protocol: UDP
+        - containerPort: 51821
+          name: http
+          protocol: TCP
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - SYS_MODULE
+        volumeMounts:
+        - name: config
+          mountPath: /etc/wireguard
+      restartPolicy: Always
+      volumes:
+      - name: config
+        persistentVolumeClaim:
+          claimName: wg-easy-config

apps/wg-easy/dns-endpoint.yaml

@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: wireguard.michaelthomson.dev
+  namespace: wg-easy
+spec:
+  endpoints:
+  - dnsName: wireguard.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "false"

apps/wg-easy/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: wg-easy
+  namespace: wg-easy
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+  - host: wireguard.michaelthomson.dev
+    http:
+      paths:
+      - pathType: ImplementationSpecific
+        path: /
+        backend:
+          service:
+            name: wg-easy
+            port: 
+              name: http
+  tls:
+    - hosts:
+        - wireguard.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev

apps/wg-easy/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wg-easy

apps/wg-easy/pvc-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wg-easy-config
+  namespace: wg-easy
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce

apps/wg-easy/service-dns.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wg-easy-dns
+  namespace: wg-easy
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 192.168.2.245
+spec:
+  type: LoadBalancer
+  selector:
+    app: wg-easy
+  ports:
+  - name: wg
+    port: 30000
+    targetPort: wg
+    protocol: UDP

apps/wg-easy/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wg-easy
+  namespace: wg-easy
+spec:
+  selector:
+    app: wg-easy
+  ports:
+  - port: 80
+    targetPort: http
+    name: http