2021-11-29 18:28:08 +08:00
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: DaemonSet
|
|
|
|
metadata:
|
|
|
|
name: netclient-1
|
|
|
|
labels:
|
|
|
|
app: netclient-1
|
|
|
|
spec:
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
app: netclient-1
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
app: netclient-1
|
|
|
|
spec:
|
|
|
|
hostNetwork: true
|
|
|
|
containers:
|
|
|
|
- name: netclient-1
|
2021-12-13 07:26:49 +08:00
|
|
|
image: gravitl/netclient:0.9.2-doks
|
2021-11-29 18:28:08 +08:00
|
|
|
env:
|
|
|
|
- name: NETCLIENT_ROAMING
|
|
|
|
value: "no"
|
|
|
|
- name: NETCLIENT_PORT
|
|
|
|
value: "51821"
|
|
|
|
- name: NETCLIENT_IS_STATIC
|
|
|
|
value: "yes"
|
|
|
|
- name: NETCLIENT_ENDPOINT
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: status.hostIP
|
|
|
|
- name: TOKEN
|
|
|
|
value: "<token>"
|
|
|
|
volumeMounts:
|
|
|
|
- mountPath: /etc/netclient
|
|
|
|
name: etc-netclient
|
|
|
|
- mountPath: /usr/bin/wg
|
|
|
|
name: wg
|
|
|
|
securityContext:
|
|
|
|
privileged: true
|
|
|
|
volumes:
|
|
|
|
- hostPath:
|
|
|
|
path: /etc/netclient
|
|
|
|
type: DirectoryOrCreate
|
|
|
|
name: etc-netclient
|
|
|
|
- hostPath:
|
|
|
|
path: /usr/bin/wg
|
|
|
|
type: File
|
|
|
|
name: wg
|
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: DaemonSet
|
|
|
|
metadata:
|
|
|
|
name: wireguard-controller
|
|
|
|
labels:
|
|
|
|
app: wireguard-controller
|
|
|
|
spec:
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
app: wireguard-controller
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
app: wireguard-controller
|
|
|
|
spec:
|
|
|
|
hostNetwork: true
|
|
|
|
containers:
|
2021-12-13 07:26:49 +08:00
|
|
|
- image: gravitl/netclient:0.9.2-doks
|
2021-11-29 18:28:08 +08:00
|
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
name: wg-installer
|
|
|
|
command: ['bash', '-c']
|
|
|
|
args:
|
|
|
|
- while [ 1 ];
|
|
|
|
do if ! command -v wg &> /dev/null;
|
|
|
|
then echo "wireguard not installed, installing";
|
|
|
|
echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list;
|
|
|
|
apt update;
|
|
|
|
sudo apt -y install linux-headers-$(uname --kernel-release);
|
|
|
|
apt -y install wireguard wireguard-tools;
|
|
|
|
else echo "wireguard installed";
|
|
|
|
sleep 300;
|
|
|
|
fi;
|
|
|
|
done
|
|
|
|
securityContext:
|
|
|
|
privileged: true
|
|
|
|
volumeMounts:
|
|
|
|
- name: rootfolder
|
|
|
|
mountPath: /
|
|
|
|
volumes:
|
|
|
|
- hostPath:
|
|
|
|
path: /
|
|
|
|
type: ""
|
|
|
|
name: rootfolder
|
|
|
|
|