added amnezia-dellow

2026-06-29 16:03:54 +03:00
parent 3d58baaf2f
commit df1aa96316
6 changed files with 170 additions and 0 deletions
@@ -0,0 +1,74 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: amnezia-fellow
+  template:
+    metadata:
+      labels:
+        app: amnezia-fellow
+    spec:
+      serviceAccountName: amnezia-fellow
+      containers:
+        - name: amnezia-fellow
+          image: ultradesu/amnezia-fellow:latest
+          imagePullPolicy: Always
+          args:
+            - "--listen"
+            - "0.0.0.0:8000"
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: AMNEZIA_FELLOW_DATABASE_URL
+              value: "sqlite:///data/amnezia-fellow.sqlite3?mode=rwc"
+            - name: AMNEZIA_FELLOW_K8S_NAMESPACE
+              value: "amnezia"
+            - name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET
+              value: "amneziawg-clients"
+            - name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET_KEY
+              value: "peers.conf"
+            - name: AMNEZIA_FELLOW_K8S_SERVER_SECRET
+              value: "amneziawg-server"
+            - name: AMNEZIA_FELLOW_K8S_ENDPOINTS_SECRET
+              value: "amneziawg-endpoints"
+            - name: AMNEZIA_FELLOW_VPN_CLIENT_CIDR
+              value: "10.8.0.0/16"
+            - name: AMNEZIA_FELLOW_VPN_MTU
+              value: "1376"
+          readinessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+          livenessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 30
+            timeoutSeconds: 5
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "128Mi"
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+          volumeMounts:
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: amnezia-fellow-data
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: amnezia-fellow-tls-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: awg.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: amnezia-fellow
+                port:
+                  number: 8000
+  tls:
+    - secretName: amnezia-fellow-tls
+      hosts:
+        - awg.hexor.cy
@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: amnezia-fellow
+subjects:
+  - kind: ServiceAccount
+    name: amnezia-fellow
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+spec:
+  type: ClusterIP
+  selector:
+    app: amnezia-fellow
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8000
+      targetPort: 8000
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: amnezia-fellow-data
+  labels:
+    app: amnezia-fellow
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 3Gi
@@ -7,4 +7,9 @@ resources:
  - external-secrets.yaml
  - configmap-scripts.yaml
  - rbac.yaml
+  - fellow-rbac.yaml
+  - fellow-storage.yaml
+  - fellow-service.yaml
+  - fellow-ingress.yaml
+  - fellow-deployment.yaml
  - daemonset.yaml