1apiVersion: v1
2kind: Namespace
3metadata:
4 name: vpn
5 labels:
6 workload.edge.ncr.com: platform
7 annotations:
8 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
9 pallet.edge.ncr.com/name: wireguard-store
10 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
11 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
13 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
14---
15apiVersion: v1
16kind: ServiceAccount
17metadata:
18 name: vpn-vnc
19 namespace: vpn
20 labels:
21 app.kubernetes.io/instance: vpn-linkerd-service-account
22 app.kubernetes.io/managed-by: kustomize
23 app.kubernetes.io/name: vpn-linkerd-service-account
24 app.kubernetes.io/part-of: wireguard-store
25 annotations:
26 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
27 pallet.edge.ncr.com/name: wireguard-store
28 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
29 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
30 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
31 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
32---
33apiVersion: v1
34kind: ConfigMap
35metadata:
36 name: nginx-config
37 namespace: vpn
38 labels:
39 app.kubernetes.io/instance: nginx-config-map
40 app.kubernetes.io/managed-by: kustomize
41 app.kubernetes.io/name: nginx-config
42 app.kubernetes.io/part-of: wireguard-store
43 annotations:
44 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
45 pallet.edge.ncr.com/name: wireguard-store
46 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
47 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
48 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
49 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
50data:
51 nginx.conf: |
52 user nginx;
53 worker_processes 1;
54 error_log /var/log/nginx/error.log warn;
55 pid /var/run/nginx.pid;
56 events {
57 worker_connections 1024;
58 }
59 http {
60 include /etc/nginx/mime.types;
61 default_type application/octet-stream;
62 log_format main '$remote_addr - $remote_user [$time_local] '
63 '"$request" $status $body_bytes_sent '
64 '"$http_referer" "$http_user_agent"'
65 ' Proxy host: "$proxy_host"'
66 ' Upstream address: "$upstream_addr"';
67 access_log /var/log/nginx/access.log main;
68 sendfile on;
69 keepalive_timeout 65;
70 server {
71 listen 80;
72 location /novnc {
73 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
74 proxy_set_header Host $host;
75 proxy_set_header Connection "";
76
77 proxy_http_version 1.1;
78 proxy_set_header Upgrade $http_upgrade;
79 proxy_set_header Connection "upgrade";
80 proxy_read_timeout 900s;
81
82 # SERVICE-NAME.NAMESPACE.svc.cluster.local
83 proxy_pass http://novnc.vnc.svc.cluster.local/;
84 # resolver kube-dns.kube-system.svc.cluster.local;
85 }
86 }
87 }
88---
89apiVersion: v1
90kind: ConfigMap
91metadata:
92 name: wireguard-sync
93 namespace: vpn
94 annotations:
95 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
96 pallet.edge.ncr.com/name: wireguard-store
97 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
98 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
99 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
100 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
101 labels: {}
102data:
103 wireguard-sync.sh: "#!/bin/bash\nwhile true;\ndo \n if [[ $(wg) ]];\n then \n wg-quick strip wg0 > /tmp/wg0.conf && wg syncconf wg0 /tmp/wg0.conf\n rm /tmp/wg0.conf -f \n fi\n sleep 30; \ndone\n"
104---
105apiVersion: networking.k8s.io/v1
106kind: NetworkPolicy
107metadata:
108 name: allow-all-egress
109 namespace: vpn
110 labels:
111 app.kubernetes.io/instance: allow-all-egress-network-policy
112 app.kubernetes.io/managed-by: kustomize
113 app.kubernetes.io/name: allow-all-egress
114 app.kubernetes.io/part-of: wireguard-store
115 annotations:
116 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
117 pallet.edge.ncr.com/name: wireguard-store
118 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
119 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
120 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
121 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
122spec:
123 egress:
124 - {}
125 podSelector:
126 matchLabels:
127 app.kubernetes.io/name: wireguard-store
128 policyTypes:
129 - Egress
130---
131apiVersion: networking.k8s.io/v1
132kind: NetworkPolicy
133metadata:
134 name: default-deny-ingress
135 namespace: vpn
136 labels:
137 app.kubernetes.io/instance: default-deny-ingress-network-policy
138 app.kubernetes.io/managed-by: kustomize
139 app.kubernetes.io/name: default-deny-ingress
140 app.kubernetes.io/part-of: wireguard
141 annotations:
142 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
143 pallet.edge.ncr.com/name: wireguard-store
144 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
145 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
146 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
147 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
148spec:
149 ingress:
150 - {}
151 podSelector: {}
152 policyTypes:
153 - Ingress
View as plain text