Skip to content

Instantly share code, notes, and snippets.

@HoKim98

HoKim98/softether-vpn-server-on-kubernetes.yaml

Last active November 4, 2023 12:56
Show Gist options
  • Save HoKim98/5c2480dfcdc99cb212bcc4d2b6267f75 to your computer and use it in GitHub Desktop.
Save HoKim98/5c2480dfcdc99cb212bcc4d2b6267f75 to your computer and use it in GitHub Desktop.
Download ZIP
Softether VPN Server on Kubernetes
Raw
softether-vpn-server-on-kubernetes.yaml
# 개빡치네 왜 VPN을 막아두는거지?
# 하지만 쿠버네티스와 함께라면 조금은 버틸 수 있어..
#
# 사용법:
# 1. 아래 코드에서 다음 문자열을 용도에 맞게 치환: __ADMIN_PASSWORD__, __LOADBALANCER_IP__
# 2. 배포 ㄱㄱ
#
# 주의사항:
# 1. 아래 코드는 여러번의 테스트와 수십번의 보안 강화를 통해야 여러명이 돌려쓰기에 충분할듯.
# 2. 특히, 관리자 비밀번호 (HPW, SPW)와 Resource Limits를 장비 상황에 맞게 잘 조절해주도록 한다.
# 3. LoadBalancerIP는 외부 IP를 써야 접속이 가능하겠죠.. 없으면 못씁니다.
# 4. 그래도 개인이 쓰기에는 적당히 구성했다고 생각합니다..
---
apiVersion: v1
kind: Namespace
metadata:
name: vpn-softether
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: softether
namespace: vpn-softether
spec:
selector:
matchLabels:
app: softether
template:
metadata:
labels:
app: softether
spec:
containers:
- name: server
image: docker.io/siomiz/softethervpn:latest
env:
- name: HPW
value: __ADMIN_PASSWORD__
- name: USERS
value: openark:__ADMIN_PASSWORD__
- name: SPW
value: __ADMIN_PASSWORD__
ports:
- name: openvpn-tcp
protocol: TCP
containerPort: 443
- name: openvpn
protocol: UDP
containerPort: 1194
resources:
limits:
cpu: 500m
memory: 128Mi
securityContext:
capabilities:
add:
- NET_ADMIN
---
apiVersion: v1
kind: Service
metadata:
name: softether
namespace: vpn-softether
spec:
selector:
app: softether
ports:
- name: openvpn-tcp
port: 443
protocol: TCP
targetPort: 443
- name: openvpn
protocol: UDP
port: 1194
targetPort: 1194
type: LoadBalancer
loadBalancerIP: __LOADBALANCER_IP__
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment