hcgonzalezpr/wireguard-tunnel-deployment.yaml

## wireguard-tunnel-deployment.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: wireguard-configmap
data:
  PUID: "1000"
  PGID: "1000"
  TZ: "America/Chicago"
---
apiVersion: v1
kind: Service
metadata:
  name: web-service
spec:
  selector:
    app: wireguard
  ports:
    - port: 80
      targetPort: 5000
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: wg-configmap
data:
  wg0.conf: |
    [Interface]
    Address = 192.168.1.20/24
    ListenPort = 51820
    PrivateKey = [PrivateKeyHostGoesHere]
    PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.20.32:80;iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;
    PostDown  = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.20.32:80;iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;

    [Peer]
    PublicKey = [PublicKeyOfPeerGoesHere]
    AllowedIPs = 192.168.1.1/32, 192.168.20.32/32
    Endpoint = EnpointIP:51820
    PersistentKeepalive = 10
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wireguard
  labels:
    app: wireguard
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wireguard
  template:
    metadata:
      labels:
        app: wireguard
    spec:
      containers:
      - name: wireguard
        image: ghcr.io/linuxserver/wireguard
        envFrom:
        - configMapRef:
            name: wireguard-configmap
        securityContext:
          capabilities:
            add:
              - NET_ADMIN
              - SYS_MODULE
          privileged: true
        volumeMounts:
          - name: cfgmap
            mountPath: /config/wg0.conf
            subPath: wg0.conf
          - name: host-volumes
            mountPath: /lib/modules
        ports:
        - containerPort: 5000
        resources:
          requests:
            memory: "64Mi"
            cpu: "100m"
          limits:
            memory: "128Mi"
            cpu: "200m"
      volumes:
        - name: cfgmap
          configMap:
            name: wg-configmap
        - name: host-volumes
          hostPath:
            path: /lib/modules
            type: Directory
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: wireguard-configmap
	data:
	PUID: "1000"
	PGID: "1000"
	TZ: "America/Chicago"
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: web-service
	spec:
	selector:
	app: wireguard
	ports:
	- port: 80
	targetPort: 5000
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: wg-configmap
	data:
	wg0.conf: \|
	[Interface]
	Address = 192.168.1.20/24
	ListenPort = 51820
	PrivateKey = [PrivateKeyHostGoesHere]
	PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.20.32:80;iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;
	PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.20.32:80;iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;

	[Peer]
	PublicKey = [PublicKeyOfPeerGoesHere]
	AllowedIPs = 192.168.1.1/32, 192.168.20.32/32
	Endpoint = EnpointIP:51820
	PersistentKeepalive = 10
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: wireguard
	labels:
	app: wireguard
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: wireguard
	template:
	metadata:
	labels:
	app: wireguard
	spec:
	containers:
	- name: wireguard
	image: ghcr.io/linuxserver/wireguard
	envFrom:
	- configMapRef:
	name: wireguard-configmap
	securityContext:
	capabilities:
	add:
	- NET_ADMIN
	- SYS_MODULE
	privileged: true
	volumeMounts:
	- name: cfgmap
	mountPath: /config/wg0.conf
	subPath: wg0.conf
	- name: host-volumes
	mountPath: /lib/modules
	ports:
	- containerPort: 5000
	resources:
	requests:
	memory: "64Mi"
	cpu: "100m"
	limits:
	memory: "128Mi"
	cpu: "200m"
	volumes:
	- name: cfgmap
	configMap:
	name: wg-configmap
	- name: host-volumes
	hostPath:
	path: /lib/modules
	type: Directory