|
@@ -0,0 +1,150 @@
|
|
|
|
+registry_secret_data: ewoJImF1dGhzIjogewoJCSJqY3IuaW5mb2NsaW5pY2EucnUiOiB7CgkJCSJhdXRoIjogImNISnZkbWx6YVc5dU9tUmxiVzl6WlhKMlpYSWpjMlJ6TVRJeiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
|
|
|
|
+
|
|
|
|
+openvpn:
|
|
|
|
+ image: "jcr.infoclinica.ru/iru/openvpn-gost"
|
|
|
|
+ tag: "200518041"
|
|
|
|
+ pullPolicy: IfNotPresent
|
|
|
|
+
|
|
|
|
+ mode: server
|
|
|
|
+ ccd_confdir: ccd
|
|
|
|
+
|
|
|
|
+# podAnnotations:
|
|
|
|
+ resources:
|
|
|
|
+ limits:
|
|
|
|
+ cpu: 350m
|
|
|
|
+ memory: 50Mi
|
|
|
|
+ requests:
|
|
|
|
+ cpu: 350m
|
|
|
|
+ memory: 50Mi
|
|
|
|
+ configuration: |-
|
|
|
|
+ dev external
|
|
|
|
+ dev-type tun
|
|
|
|
+ port 1195
|
|
|
|
+ proto tcp
|
|
|
|
+ verb 3
|
|
|
|
+ status /var/log/openvpn-external-status.log
|
|
|
|
+ management localhost 7505
|
|
|
|
+ keepalive 10 120
|
|
|
|
+ persist-key
|
|
|
|
+ persist-tun
|
|
|
|
+ comp-lzo yes
|
|
|
|
+ push comp-lzo yes
|
|
|
|
+ topology subnet
|
|
|
|
+ mssfix
|
|
|
|
+ server 10.9.0.0 255.255.0.0
|
|
|
|
+ push "route 5.200.59.165 255.255.255.255"
|
|
|
|
+ push "route 192.168.200.0 255.255.248.0"
|
|
|
|
+ push "route 192.168.205.0 255.255.255.0"
|
|
|
|
+ push "route 10.1.116.0 255.255.255.0"
|
|
|
|
+ push "route 217.74.42.71 255.255.255.255"
|
|
|
|
+ route 192.168.206.0 255.255.255.0
|
|
|
|
+ route 192.168.201.0 255.255.255.0
|
|
|
|
+ route 192.168.21.0 255.255.255.0
|
|
|
|
+ route 10.10.0.0 255.255.0.0
|
|
|
|
+ crl-verify /etc/openvpn/keys/crl.pem
|
|
|
|
+ client-config-dir /etc/openvpn/ccd
|
|
|
|
+ ccd-exclusive
|
|
|
|
+ engine cryptocom
|
|
|
|
+ auth gost-mac
|
|
|
|
+ cipher gost89
|
|
|
|
+ tls-cipher GOST2012-GOST8912-GOST8912
|
|
|
|
+ ca /etc/openvpn/keys/ca.crt
|
|
|
|
+ cert /etc/openvpn/keys/server.crt
|
|
|
|
+ key /etc/openvpn/keys/server.key
|
|
|
|
+
|
|
|
|
+ keys:
|
|
|
|
+ ca.crt: |-
|
|
|
|
+ -----BEGIN CERTIFICATE-----
|
|
|
|
+ MIICPzCCAeqgAwIBAgIJAL4mALec3gSvMAwGCCqFAwcBAQMCBQAwSTELMAkGA1UE
|
|
|
|
+ BhMCUlUxDzANBgNVBAcTBk1vc2NvdzEOMAwGA1UEChMFU0RTeXMxGTAXBgNVBAMT
|
|
|
|
+ EEVhc3ktR09TVCBDQSB2M2wwHhcNMjAwMzE4MDk1MTE2WhcNMjIwMzE4MDk1MTE2
|
|
|
|
+ WjBJMQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9zY293MQ4wDAYDVQQKEwVTRFN5
|
|
|
|
+ czEZMBcGA1UEAxMQRWFzeS1HT1NUIENBIHYzbDBmMB8GCCqFAwcBAQEBMBMGByqF
|
|
|
|
+ AwICIwEGCCqFAwcBAQICA0MABEAllxmY+xR99A9iyEmgPb9mkm+Wm9jbYe2zOT0O
|
|
|
|
+ tqhAREQUEJPaolixLvNxTxEsySyumqHDihrCD/LXTV9nUhnTo4GrMIGoMB0GA1Ud
|
|
|
|
+ DgQWBBTf9pPnhQwwCC6VD+yCTkhWZpUWEDB5BgNVHSMEcjBwgBTf9pPnhQwwCC6V
|
|
|
|
+ D+yCTkhWZpUWEKFNpEswSTELMAkGA1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEO
|
|
|
|
+ MAwGA1UEChMFU0RTeXMxGTAXBgNVBAMTEEVhc3ktR09TVCBDQSB2M2yCCQC+JgC3
|
|
|
|
+ nN4ErzAMBgNVHRMEBTADAQH/MAwGCCqFAwcBAQMCBQADQQBx4PZpxdGxFiA+3Dgs
|
|
|
|
+ GUr4Urk8+jiQLbmknuD6vWUADO9A7VvMEEdZkWgml0/3Yt2qGs2ZZ56IMmkmwkM4
|
|
|
|
+ Rozv
|
|
|
|
+ -----END CERTIFICATE-----
|
|
|
|
+ server.crt: |-
|
|
|
|
+ -----BEGIN CERTIFICATE-----
|
|
|
|
+ MIICWDCCAgOgAwIBAgIBbjAMBggqhQMHAQEDAgUAMEkxCzAJBgNVBAYTAlJVMQ8w
|
|
|
|
+ DQYDVQQHEwZNb3Njb3cxDjAMBgNVBAoTBVNEU3lzMRkwFwYDVQQDExBFYXN5LUdP
|
|
|
|
+ U1QgQ0EgdjNsMB4XDTIwMDUxNzEzMzQ1NFoXDTIxMDUxNzEzMzQ1NFowSzELMAkG
|
|
|
|
+ A1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEOMAwGA1UEChMFU0RTeXMxCjAIBgNV
|
|
|
|
+ BAsTATIxDzANBgNVBAMTBnNlcnZlcjBmMB8GCCqFAwcBAQEBMBMGByqFAwICIwEG
|
|
|
|
+ CCqFAwcBAQICA0MABEDMynDvbv1HLKFmQc1gdSCzC3XiBZkczzYEG3cGMwe9pPwu
|
|
|
|
+ +XfeErjCnI6L3dZ20bZR7Ad91bwXoUjOVZQnuY88o4HKMIHHMAkGA1UdEwQCMAAw
|
|
|
|
+ HQYDVR0OBBYEFGtYB3CvKR0VqUQRWqmzqwPxFjJCMHkGA1UdIwRyMHCAFN/2k+eF
|
|
|
|
+ DDAILpUP7IJOSFZmlRYQoU2kSzBJMQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9z
|
|
|
|
+ Y293MQ4wDAYDVQQKEwVTRFN5czEZMBcGA1UEAxMQRWFzeS1HT1NUIENBIHYzbIIJ
|
|
|
|
+ AL4mALec3gSvMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIDiDAMBggq
|
|
|
|
+ hQMHAQEDAgUAA0EAlDPHu4InFKvakuz70ISjgfYJddTbSMvnxGV9h9LCuOnyotML
|
|
|
|
+ 2k6/NS/SXEnVm/zaF2i1bMsUlU1mBQX3sxGRqQ==
|
|
|
|
+ -----END CERTIFICATE-----
|
|
|
|
+ server.key: |-
|
|
|
|
+ -----BEGIN PRIVATE KEY-----
|
|
|
|
+ MIGAAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICIwEGCCqFAwcBAQICBCCQsswQzpFL
|
|
|
|
+ 7ecRbAKbTf8V5tZs8hMOnMDp486YomUsoaA4MDYGCCqFAwIJAwgBMSoEKAFsAU0p
|
|
|
|
+ lsQAkisnUOguGeJ96UJQIXzPjpnm/WBFeECPYfeygjbUp10=
|
|
|
|
+ -----END PRIVATE KEY-----
|
|
|
|
+ crl.pem: |-
|
|
|
|
+ -----BEGIN X509 CRL-----
|
|
|
|
+ MIIBMTCB3TAMBggqhQMHAQEDAgUAMEkxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZN
|
|
|
|
+ b3Njb3cxDjAMBgNVBAoTBVNEU3lzMRkwFwYDVQQDExBFYXN5LUdPU1QgQ0EgdjNs
|
|
|
|
+ Fw0yMDAzMjMwODAyMDJaFw0zMDAzMjEwODAyMDJaMGQwEgIBIxcNMTkxMjI1MTEz
|
|
|
|
+ MjQwWjASAgElFw0yMDAzMjMwODAyMDFaMBICASoXDTIwMDIyODE1NDA0MVowEgIB
|
|
|
|
+ MRcNMjAwMzExMDk1NjQ2WjASAgFAFw0yMDAzMTkxMTI4MTVaMAwGCCqFAwcBAQMC
|
|
|
|
+ BQADQQDsLtvVArTSNUu58siBrFJnIFneV17SB8RzvB/NFsmqlDYKAcC5YlSuPeX0
|
|
|
|
+ 4NsLD/VSPLD1eJEZotycJgubXQhq
|
|
|
|
+ -----END X509 CRL-----
|
|
|
|
+
|
|
|
|
+ scripts:
|
|
|
|
+ startscript.sh: |-
|
|
|
|
+ _SERVERKEY_="MZCP-EU87-PNM9-E985"
|
|
|
|
+ cp -r /tmp/server/.magprocryptopack /root
|
|
|
|
+ chmod -R 700 /root/.magprocryptopack
|
|
|
|
+ echo ${_SERVERKEY_} | /opt/cryptopack3/ssl/misc/getlicense.sh
|
|
|
|
+ touch /tmp/lic
|
|
|
|
+ mkdir /dev/net
|
|
|
|
+ mknod /dev/net/tun c 10 200
|
|
|
|
+ exec "/opt/openvpn-gost/sbin/openvpn" "--config" "/etc/openvpn/configuration/openvpn.conf"
|
|
|
|
+ healthcheck.sh: |-
|
|
|
|
+ #!/bin/bash
|
|
|
|
+ update_lic() {
|
|
|
|
+ /opt/cryptopack3/bin/updater -l /opt/cryptopack3/ssl/cryptocom.lic
|
|
|
|
+ touch /tmp/lic
|
|
|
|
+ }
|
|
|
|
+ file=`find /tmp -name lic -type f -mtime +1`
|
|
|
|
+ if [[ -z ${file} ]];then echo "Обновление лицензии не требуется"; else update_lic;fi
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+# Inbound IP and port
|
|
|
|
+inbound_IP: 10.1.116.14
|
|
|
|
+inbound_port: 1195
|
|
|
|
+
|
|
|
|
+dev_name: external
|
|
|
|
+net: 10.9.0.0
|
|
|
|
+mask: 255.255.0.0
|
|
|
|
+
|
|
|
|
+ccd:
|
|
|
|
+ client: ifconfig-push 10.9.10.2 255.255.0.0
|
|
|
|
+ someclient: |-
|
|
|
|
+ ifconfig-push 10.9.10.2 255.255.0.0
|
|
|
|
+ iroute 192.168.250.0 255.255.255.0
|
|
|
|
+
|
|
|
|
+router:
|
|
|
|
+ image: "jcr.infoclinica.ru/sdsys/kubectl"
|
|
|
|
+ tag: "1.18.9-3"
|
|
|
|
+ pullPolicy: IfNotPresent
|
|
|
|
+ resources:
|
|
|
|
+ limits:
|
|
|
|
+ cpu: 50m
|
|
|
|
+ memory: 50Mi
|
|
|
|
+ requests:
|
|
|
|
+ cpu: 50m
|
|
|
|
+ memory: 50Mi
|
|
|
|
+
|