ab/homelab
1
1
Fork 1
Code Issues Pull Requests 91 Actions Packages Wiki Activity
Files
0707becf61a1f3ec86996b434a216a0957a2fb79
homelab/k8s/apps/amnezia/daemonset.yaml
T
Ultradesu 3881b5b3ba
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s
Details
Check with kubeconform / lint (push) Successful in 6s
Details
Auto-update README / Generate README and Create MR (push) Successful in 6s
Details
Added amnezia WG
2026-06-16 02:27:29 +01:00

149 lines
4.4 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: amneziawg
labels:
app: amneziawg
annotations:
reloader.stakater.com/auto: "true"
secret.reloader.stakater.com/reload: "amneziawg-server,amneziawg-clients"
spec:
selector:
matchLabels:
app: amneziawg
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: amneziawg
spec:
serviceAccountName: amneziawg
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
amnezia-vpn: "true"
tolerations:
- operator: Exists
initContainers:
- name: register-endpoint
image: bitnami/kubectl:latest
imagePullPolicy: IfNotPresent
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: PORT
value: "5847"
command:
- /bin/bash
- -lc
- |
set -euo pipefail
NAMESPACE="$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)"
ENDPOINT="$(kubectl get node "${NODE_NAME}" -o jsonpath="{.metadata.labels['external-ipv4']}")"
if [ -z "${ENDPOINT}" ]; then
ENDPOINT="$(kubectl get node "${NODE_NAME}" -o jsonpath='{range .status.addresses[?(@.type=="ExternalIP")]}{.address}{end}')"
fi
if [ -z "${ENDPOINT}" ]; then
echo "ERROR: node ${NODE_NAME} has no external-ipv4 label and no ExternalIP"
exit 1
fi
VALUE="${ENDPOINT}:${PORT}"
echo "Registering AmneziaWG endpoint: ${NODE_NAME} -> ${VALUE}"
if kubectl get secret amneziawg-endpoints -n "${NAMESPACE}" >/dev/null 2>&1; then
kubectl patch secret amneziawg-endpoints -n "${NAMESPACE}" \
--type merge -p "{\"stringData\":{\"${NODE_NAME}\":\"${VALUE}\"}}"
else
kubectl create secret generic amneziawg-endpoints -n "${NAMESPACE}" \
--from-literal="${NODE_NAME}=${VALUE}"
fi
containers:
- name: amneziawg
image: amneziavpn/amneziawg-go:latest
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
command:
- /bin/bash
- /scripts/run.sh
ports:
- name: awg
containerPort: 5847
protocol: UDP
readinessProbe:
exec:
command:
- /bin/bash
- -lc
- awg show awg0 >/dev/null 2>&1
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
livenessProbe:
exec:
command:
- /bin/bash
- -lc
- awg show awg0 >/dev/null 2>&1
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
volumeMounts:
- name: server-config
mountPath: /etc/amnezia/server
readOnly: true
- name: client-config
mountPath: /etc/amnezia/clients
readOnly: true
- name: scripts
mountPath: /scripts
readOnly: true
- name: runtime-config
mountPath: /run/amnezia
- name: dev-net-tun
mountPath: /dev/net/tun
volumes:
- name: server-config
secret:
secretName: amneziawg-server
defaultMode: 0600
items:
- key: awg0.conf
path: awg0.conf
- name: client-config
secret:
secretName: amneziawg-clients
optional: true
defaultMode: 0600
- name: scripts
configMap:
name: amneziawg-scripts
defaultMode: 0755
- name: runtime-config
emptyDir: {}
- name: dev-net-tun
hostPath:
path: /dev/net/tun
type: CharDevice
Reference in New Issue View Git Blame Copy Permalink