openvpn/docs/manifests.yaml at master · The-Kube-Way/openvpn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openvpn-server
  labels:
    app: openvpn-server
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: openvpn-server
  template:
    metadata:
      labels:
        app: openvpn-server
    spec:
      containers:
      - name: openvpn-server
        image: ghcr.io/the-kube-way/openvpn:latest
        securityContext:
          readOnlyRootFilesystem: false
          capabilities:
            add:
              - NET_ADMIN
        resources:
          requests:
            cpu: 50m
            memory: 128M
          limits:
            cpu: 800m
            memory: 256M
        ports:
        - containerPort: 1194
          hostPort: 1194
          protocol: UDP
        volumeMounts:
        - name: openvpn-conf
          mountPath: /etc/openvpn
        - name: openvpn-keys
          mountPath: /etc/openvpn/keys
        - name: openvpn-ccd
          mountPath: /etc/openvpn/ccd
      volumes:
      - name: openvpn-conf
        configMap:
          name: openvpn-server-config
          items:
            - key: server1.conf
              path: server.conf
            - key: server1_port_forwarding.conf
              path: port_forwarding.conf
      - name: openvpn-keys
        secret:
          secretName: openvpn-server-keys
          defaultMode: 0600
          items:
            - key: ca.crt
              path: ca.crt
            - key: dh.pem
              path: dh.pem
            - key: tls.key
              path: tls.key
            - key: server1.crt
              path: server1.crt
            - key: server1.key
              path: server1.key
      - name: openvpn-ccd
        configMap:
          name: openvpn-server-ccd

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: openvpn-server-config
  labels:
    app: openvpn-server
data:
  server1_port_forwarding.conf: |
    # CLIENT_IP PROTO EXPOSED_PORT DEST_PORT
    10.0.0.42 tcp 8080 80

  server1.conf: |
    port 1194
    proto udp
    dev tun_server1

    ca keys/ca.crt
    cert keys/server1.crt
    key keys/server1.key
    dh keys/dh.pem
    tls-crypt keys/tls.key
    #crl-verify crl.pem

    topology subnet
    server 10.0.0.0 255.255.255.0 nopool
    ifconfig-pool 10.0.0.0 10.0.0.99 255.255.255.0
    client-config-dir ccd

    #push "dhcp-option DNS 8.8.8.8"

    #server-ipv6 fc00::/7
    push "redirect-gateway"
    client-to-client
    keepalive 10 30
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
    cipher AES-256-GCM
    compress lz4
    persist-key
    persist-tun
    user nobody
    group nobody
    verb 3

    status /run/openvpn_server1.status

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: openvpn-server-ccd
  labels:
    app: openvpn-server
data:
  client1: |
    ifconfig-push 10.0.0.42 255.255.255.0

---
apiVersion: v1
kind: Secret
metadata:
  name: openvpn-server-keys
  labels:
    app: openvpn-server
data:
  ca.crt: xxx (ca.crt in base64)
  dh.pem: xxx
  server1.crt: xxx
  server1.key: xxx
  tls.key: xxx