# kubectl create cm openvpn-config --from-file=vpn.conf=$HOME/Downloads/us6902.nordvpn.com.udp.ovpn # kubectl create secret generic openvpn-auth --from-literal=VPN_AUTH='abcdefghijklmnop12345678;qrstuvwxyz0987654321abcd' --- apiVersion: v1 kind: Namespace metadata: name: nordproxy --- apiVersion: apps/v1 kind: Deployment metadata: namespace: nordproxy name: nordproxy spec: replicas: 1 selector: matchLabels: app: nordproxy strategy: type: Recreate template: metadata: labels: app: nordproxy spec: terminationGracePeriodSeconds: 0 containers: - image: ginuerzh/gost name: socks5 command: - gost - -L - socks5://0.0.0.0:1080 - image: ginuerzh/gost name: gost-auto command: - gost - -L - auto://0.0.0.0:4080 - image: ginuerzh/gost name: http command: - gost - -L - http://0.0.0.0:8080 - image: ginuerzh/gost name: dns command: - gost - -L - dns://:5353?mode=udp&dns=https://cloudflare-dns.com/dns-query - image: dperson/openvpn-client:latest name: vpn command: ["/bin/sh", "-c"] args: - | mkdir -p /dev/net mknod /dev/net/tun c 10 200 openvpn.sh env: - name: DNS value: "yes" envFrom: - secretRef: name: openvpn-auth volumeMounts: - mountPath: /vpn/vpn.conf name: config subPath: vpn.conf securityContext: capabilities: add: ["NET_ADMIN","SYS_TIME"] volumes: - configMap: defaultMode: 420 name: openvpn-config name: config restartPolicy: Always --- apiVersion: v1 kind: Service metadata: annotations: metallb.universe.tf/allow-shared-ip: 172.16.17.180 metallb.universe.tf/loadBalancerIPs: 172.16.17.180 labels: app: nordproxy name: nordproxy namespace: nordproxy spec: ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: dns port: 53 protocol: UDP targetPort: 5353 - name: socks port: 1080 protocol: TCP targetPort: 1080 - name: gost-auto port: 4080 protocol: TCP targetPort: 4080 - name: http port: 8080 protocol: TCP targetPort: 8080 selector: app: nordproxy sessionAffinity: None type: LoadBalancer