1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: wireguard-store
5 namespace: vpn
6 labels:
7 platform.edge.ncr.com/component: wireguard-store
8spec:
9 replicas: 1
10 selector:
11 matchLabels:
12 platform.edge.ncr.com/component: wireguard-store
13 template:
14 metadata:
15 labels:
16 platform.edge.ncr.com/component: wireguard-store
17 annotations:
18 config.linkerd.io/skip-subnets: 172.16.16.0/20
19 spec:
20 serviceAccountName: wireguard-vnc
21 serviceAccount: wireguard-vnc
22 priorityClassName: edge-p4-operability-services
23 containers:
24 - name: nginx
25 image: bzl://hack/deps:nginx_container_push
26 ports:
27 - protocol: TCP
28 containerPort: 80
29 resources:
30 limits:
31 cpu: "15m"
32 memory: 100Mi
33 requests:
34 cpu: 5m
35 memory: 50Mi
36 volumeMounts:
37 - name: nginx-config
38 mountPath: /etc/nginx/nginx.conf
39 subPath: nginx.conf
40 imagePullPolicy: IfNotPresent
41 - name: wireguard
42 image: bzl://cmd/sds/remoteaccess/wireguard:container_push
43 command:
44 - /bin/bash
45 args:
46 - -c
47 - /entrypoint/wg-sync.sh
48 ports:
49 - protocol: TCP
50 containerPort: 51820
51 resources:
52 limits:
53 cpu: "15m"
54 memory: 100Mi
55 requests:
56 cpu: 5m
57 memory: 50Mi
58 volumeMounts:
59 - name: wireguard-config
60 readOnly: true
61 mountPath: /etc/wireguard/secret/
62 imagePullPolicy: IfNotPresent
63 securityContext:
64 capabilities:
65 add:
66 - NET_ADMIN
67 - NET_RAW
68 - SYS_MODULE
69 drop:
70 - all
71 volumes:
72 - name: nginx-config
73 configMap:
74 name: nginx-config
75 - name: wireguard-config
76 secret:
77 optional: true
78 secretName: wireguard-store
79 imagePullSecrets:
80 - name: edge-docker-pull-secret
View as plain text