apiVersion: v1 kind: Namespace metadata: name: vpn labels: workload.edge.ncr.com: platform annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: wireguard-store pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: v1 kind: ServiceAccount metadata: name: vpn-vnc namespace: vpn labels: app.kubernetes.io/instance: vpn-linkerd-service-account app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: vpn-linkerd-service-account app.kubernetes.io/part-of: wireguard-store annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: wireguard-store pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: v1 kind: ConfigMap metadata: name: nginx-config namespace: vpn labels: app.kubernetes.io/instance: nginx-config-map app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: nginx-config app.kubernetes.io/part-of: wireguard-store annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: wireguard-store pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a data: nginx.conf: | user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"' ' Proxy host: "$proxy_host"' ' Upstream address: "$upstream_addr"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; location /novnc { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 900s; # SERVICE-NAME.NAMESPACE.svc.cluster.local proxy_pass http://novnc.vnc.svc.cluster.local/; # resolver kube-dns.kube-system.svc.cluster.local; } } } --- apiVersion: v1 kind: ConfigMap metadata: name: wireguard-sync namespace: vpn annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: wireguard-store pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} data: wireguard-sync.sh: "#!/bin/bash\nwhile true;\ndo \n if [[ $(wg) ]];\n then \n wg-quick strip wg0 > /tmp/wg0.conf && wg syncconf wg0 /tmp/wg0.conf\n rm /tmp/wg0.conf -f \n fi\n sleep 30; \ndone\n" --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all-egress namespace: vpn labels: app.kubernetes.io/instance: allow-all-egress-network-policy app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: allow-all-egress app.kubernetes.io/part-of: wireguard-store annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: wireguard-store pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: egress: - {} podSelector: matchLabels: app.kubernetes.io/name: wireguard-store policyTypes: - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-ingress namespace: vpn labels: app.kubernetes.io/instance: default-deny-ingress-network-policy app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: default-deny-ingress app.kubernetes.io/part-of: wireguard annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: wireguard-store pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: ingress: - {} podSelector: {} policyTypes: - Ingress