kube-cascade/nordproxy/deployment.yaml

# kubectl create cm openvpn-config --from-file=vpn.conf=$HOME/Downloads/us6902.nordvpn.com.udp.ovpn
# kubectl create secret generic openvpn-auth --from-literal=VPN_AUTH='abcdefghijklmnop12345678;qrstuvwxyz0987654321abcd'
---
apiVersion: v1
kind: Namespace
metadata:
  name: nordproxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: nordproxy
  name: nordproxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nordproxy
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nordproxy
    spec:
      terminationGracePeriodSeconds: 0
      containers:
        - image: ginuerzh/gost
          name: socks5
          command:
          - gost
          - -L
          - socks5://0.0.0.0:1080
        - image: ginuerzh/gost
          name: gost-auto
          command:
          - gost
          - -L
          - auto://0.0.0.0:4080
        - image: ginuerzh/gost
          name: http
          command:
          - gost
          - -L
          - http://0.0.0.0:8080
        - image: ginuerzh/gost
          name: dns
          command:
          - gost
          - -L
          - dns://:5353?mode=udp&dns=https://cloudflare-dns.com/dns-query
        - image: dperson/openvpn-client:latest
          name: vpn
          command: ["/bin/sh", "-c"]
          args:
          - |
              mkdir -p /dev/net
              mknod /dev/net/tun c 10 200
              openvpn.sh              
          env:
          - name: DNS
            value: "yes"
          envFrom:
          - secretRef:
              name: openvpn-auth
          volumeMounts:
          - mountPath: /vpn/vpn.conf
            name: config
            subPath: vpn.conf
          securityContext:
            capabilities:
              add: ["NET_ADMIN","SYS_TIME"]
      volumes:
      - configMap:
          defaultMode: 420
          name: openvpn-config
        name: config
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    metallb.universe.tf/allow-shared-ip: 172.16.17.180
    metallb.universe.tf/loadBalancerIPs: 172.16.17.180
  labels:
    app: nordproxy
  name: nordproxy
  namespace: nordproxy
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: dns
    port: 53
    protocol: UDP
    targetPort: 5353
  - name: socks
    port: 1080
    protocol: TCP
    targetPort: 1080
  - name: gost-auto
    port: 4080
    protocol: TCP
    targetPort: 4080
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: nordproxy
  sessionAffinity: None
  type: LoadBalancer