From b57b7b31c15c012262007ae36fa5f20ef6fc3a6c Mon Sep 17 00:00:00 2001 From: James Turland Date: Tue, 7 Nov 2023 12:16:39 +0000 Subject: [PATCH] Add latest video --- .../Portainer/default-headers.yaml | 16 ++++ .../Portainer/ingress.yaml | 28 ++++++ .../Portainer/values.yaml | 10 ++ .../WireGuard-Easy/default-headers.yaml | 16 ++++ .../WireGuard-Easy/deployment.yaml | 91 +++++++++++++++++++ .../WireGuard-Easy/ingress.yaml | 26 ++++++ .../WireGuard-Easy/ingressRouteUDP.yaml | 14 +++ Kubernetes/Create-manifest-helm/readme.md | 0 8 files changed, 201 insertions(+) create mode 100644 Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml create mode 100644 Kubernetes/Create-manifest-helm/Portainer/ingress.yaml create mode 100644 Kubernetes/Create-manifest-helm/Portainer/values.yaml create mode 100644 Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml create mode 100644 Kubernetes/Create-manifest-helm/WireGuard-Easy/deployment.yaml create mode 100644 Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml create mode 100644 Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml create mode 100644 Kubernetes/Create-manifest-helm/readme.md diff --git a/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml b/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml new file mode 100644 index 0000000..fd09585 --- /dev/null +++ b/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: default-headers + namespace: portainer +spec: + headers: + browserXssFilter: true + contentTypeNosniff: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https \ No newline at end of file diff --git a/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml b/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml new file mode 100644 index 0000000..f1517af --- /dev/null +++ b/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: portainer + namespace: portainer + annotations: + kubernetes.io/ingress.class: traefik-external +spec: + entryPoints: + - websecure + routes: + - match: Host(`www.portainer.yourdomain.com`) # change me + kind: Rule + services: + - name: portainer + port: 9443 + - match: Host(`portainer.yourdomain.com`) # change me + kind: Rule + services: + - name: portainer + port: 9443 + scheme: https + passHostHeader: true + middlewares: + - name: default-headers + tls: + secretName: yourdomain-tls # change me diff --git a/Kubernetes/Create-manifest-helm/Portainer/values.yaml b/Kubernetes/Create-manifest-helm/Portainer/values.yaml new file mode 100644 index 0000000..0045a0a --- /dev/null +++ b/Kubernetes/Create-manifest-helm/Portainer/values.yaml @@ -0,0 +1,10 @@ +nodeSelector: + worker: "true" + +service: + enabled: true + type: LoadBalancer + annotations: {} + labels: {} + loadBalancerSourceRanges: [] + externalIPs: [] diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml new file mode 100644 index 0000000..4b9de97 --- /dev/null +++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: default-headers + namespace: wg-easy +spec: + headers: + browserXssFilter: true + contentTypeNosniff: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https \ No newline at end of file diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/deployment.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/deployment.yaml new file mode 100644 index 0000000..93f384b --- /dev/null +++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/deployment.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: wg-easy + app.kubernetes.io/instance: wg-easy + app.kubernetes.io/name: wg-easy + name: wg-easy + namespace: wg-easy +spec: + replicas: 1 + selector: + matchLabels: + app: wg-easy + template: + metadata: + labels: + app: wg-easy + app.kubernetes.io/name: wg-easy + spec: + nodeSelector: + worker: "true" + # securityContext: + # sysctls: + # - name: net.ipv4.ip_forward + # value: "1" + # - name: net.ipv4.conf.all.src_valid_mark + # value: "1" + containers: + - env: + - name: WG_HOST + value: "wg.yourdomain.com" # change me + - name: PASSWORD + value: "password!" + - name: WG_DEFAULT_DNS + value: "10.43.0.10, wg-easy.svc.cluster.local" + image: weejewel/wg-easy + imagePullPolicy: Always + name: wg-easy + ports: + - containerPort: 51820 + - containerPort: 51821 + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + volumeMounts: + - mountPath: /etc/wireguard + name: wg-easy + restartPolicy: Always + volumes: + - name: wg-easy + persistentVolumeClaim: + claimName: wg-easy +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: wg-easy + name: wg-easy-udp + namespace: wg-easy +spec: + ports: + - name: wg-easy-udp + port: 51820 + protocol: UDP + targetPort: 51820 + selector: + app: wg-easy + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: wg-easy + name: wg-easy-web + namespace: wg-easy +spec: + ports: + - name: wg-easy-web + port: 51821 + protocol: TCP + targetPort: 51821 + selector: + app: wg-easy + type: ClusterIP diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml new file mode 100644 index 0000000..4130ba9 --- /dev/null +++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: wg-easy + namespace: wg-easy + annotations: + kubernetes.io/ingress.class: traefik-external +spec: + entryPoints: + - websecure + routes: + - match: Host(`www.wg-easy.yourdomain.com`) # change me + kind: Rule + services: + - name: wg-easy-web + port: 51821 + - match: Host(`wg-easy.yourdomain.com`) # change me + kind: Rule + services: + - name: wg-easy-web + port: 51821 + middlewares: + - name: default-headers + tls: + secretName: yourdomain-tls # change me diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml new file mode 100644 index 0000000..b2f7d90 --- /dev/null +++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteUDP +metadata: + name: wg-easy + namespace: wg-easy + annotations: + kubernetes.io/ingress.class: traefik-external +spec: + entryPoints: + - wireguard + routes: + - services: + - name: wg-easy-udp + port: 51820 \ No newline at end of file diff --git a/Kubernetes/Create-manifest-helm/readme.md b/Kubernetes/Create-manifest-helm/readme.md new file mode 100644 index 0000000..e69de29