# Image registry secret. Required if authorization is needed on registry access. # Value of $(base64 ~/.docker/config.json). # For more info see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ # registry_secret_data: # Settings for main openvpn deployment openvpn: image: "jcr.infoclinica.ru/sys/openvpn-rsa" tag: "200207025" pullPolicy: IfNotPresent podAnnotations: {} resources: limits: cpu: 350m memory: 50Mi requests: cpu: 350m memory: 50Mi # Openvpn config file configuration: |- dev openvpn-tun dev-type tun port 1194 proto udp verb 3 status /var/log/openvpn-status.log management localhost 7505 keepalive 10 120 persist-key persist-tun comp-lzo yes push comp-lzo yes topology subnet mssfix server 10.100.0.0 255.255.0.0 crl-verify /etc/openvpn/keys/crl.pem client-config-dir /etc/openvpn/ccd ccd-exclusive ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # Openvpn keys keys: ca.crt: |- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- server.crt: |- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- server.key: |- -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- crl.pem: |- -----BEGIN X509 CRL----- -----END X509 CRL----- # Openvn healthcheck script # healthcheck: |- # #!/bin/bash # echo state | nc localhost 7505 | grep -i connected service: {} # Loadbalancer IP and port # ip, port and protocol for loadbalancer service, in case it's a server # ip: 192.168.21.75 # must be same, as port in openvpn config # port: 1194 # must be same, as proto in openvpn config # proto: UDP # annotations # annotations: {} # metallb.universe.tf/allow-shared-ip: openvpn-ip # Virtual flow ip for openvpn service virtIP_addr: {} # 192.168.21.71 virtIP_dev: {} # team0 # Create additional NetworkAttachmentDefinition for multus deployment multus: {} # masterIface: team0 # internalIP: 10.215.0.10/24 # internalGW: 10.215.0.1 # externalIP: 217.74.42.168/32 # dnsIP: 192.168.215.100 # Networks CIDR which has to be routed through openvpn netOpenvpn: {} # - 10.10.0.0/16 # - 10.1.200.0/24 # CCD configmap ccd: {} # test: |- # ifconfig-push 10.10.10.10 255.255.0.0 # iroute 10.1.200.0 255.255.255.0 # push "route 192.168.200.0 255.255.248.0" # Router container router: {} # image: "images.sdsys.ru/sys/ovpn-rsa" #nicolaka/netshoot # tag: "200207025" # pullPolicy: IfNotPresent # resources: # limits: # cpu: 50m # memory: 50Mi # requests: # cpu: 50m # memory: 50Mi