Kubernetes Wireguard Pakai Wg Easy dengan cara mengganti DNS di konfirgurasi client.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
selector:
matchLabels:
app: adguardhome
template:
metadata:
labels:
app: adguardhome
spec:
containers:
- name: adguardhome
image: adguard/adguardhome:latest
securityContext:
privileged: false
allowPrivilegeEscalation: false
ports:
- containerPort: 3000
protocol: TCP
- containerPort: 53
protocol: UDP
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
readinessProbe:
httpGet:
path: /
port: 3000
livenessProbe:
httpGet:
path: /
port: 3000
volumeMounts:
- name: adguardhome-config
mountPath: /opt/adguardhome/conf
- name: adguardhome-logs
mountPath: /opt/adguardhome/work
volumes:
- name: adguardhome-config
persistentVolumeClaim:
claimName: adguardhome
- name: adguardhome-logs
emptyDir: {}
---
# Persistent volume claim to store all AdGuard Home configuration data
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
spec:
storageClassName: openebs-data
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
# Service definition for the AdGuard Home web interface and DNS port
apiVersion: v1
kind: Service
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
spec:
type: ClusterIP
selector:
app: adguardhome
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: adguard-dashboard
- port: 53
targetPort: 53
protocol: UDP
name: adguard-dns
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
annotations:
cert-manager.io/cluster-issuer: "production-issuer"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: adguardhome.your-domain.tld
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: adguardhome
port:
number: 3000
tls:
- hosts:
- adguardhome.your-domain.tld
secretName: adguardhome.your-domain.tld-cert
Contoh penggunaan untuk peer wireguard, dapatkan cluster ip dari service adguardhome:
sumar@lab0:~$ kubectl -n adguardhome get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
adguardhome ClusterIP 10.110.161.113 <none> 3000/TCP,53/UDP 34m
Masukan cluster ip tsb ke konfigurasi wireguard klien
[Interface]
PrivateKey = <redacted>
Address = 10.8.0.3/24
# pakai dns adguardhome
DNS = 10.110.161.113
[Peer]
PublicKey = <redacted>
PresharedKey = <redacted>
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Endpoint = <redacted>