sdsys
/
openvpn


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
							# Image registry secret. Required if authorization is needed on registry access.
# Value of $(base64 ~/.docker/config.json).
# For more info see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
# registry_secret_data:

# Settings for main openvpn deployment
openvpn:
  image: "jcr.infoclinica.ru/sys/openvpn-rsa"
  tag: "200207025"
  pullPolicy: IfNotPresent

  podAnnotations: {}
  resources:
    limits:
      cpu: 350m
      memory: 50Mi
    requests:
      cpu: 350m
      memory: 50Mi
  # Openvpn config file
  configuration: |-
    dev             openvpn-tun
    dev-type        tun
    port            1194
    proto           udp
    verb            3
    status /var/log/openvpn-status.log
    management localhost 7505
    keepalive       10 120
    persist-key
    persist-tun
    comp-lzo       yes
    push comp-lzo  yes
    topology subnet
    mssfix
    server  10.100.0.0 255.255.0.0
    crl-verify /etc/openvpn/keys/crl.pem
    client-config-dir /etc/openvpn/ccd
    ccd-exclusive
    ca              /etc/openvpn/keys/ca.crt
    cert            /etc/openvpn/keys/server.crt
    key             /etc/openvpn/keys/server.key

  # Openvpn keys
  keys:
    ca.crt: |-
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    server.crt: |-
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    server.key: |-
      -----BEGIN PRIVATE KEY-----
      -----END PRIVATE KEY-----
    crl.pem: |-
      -----BEGIN X509 CRL-----
      -----END X509 CRL-----

  # Openvn healthcheck script
  # healthcheck: |-
  #   #!/bin/bash
  #   echo state | nc localhost 7505 | grep -i connected

service: {}
  # Loadbalancer IP and port
  # ip, port and protocol for loadbalancer service, in case it's a server
  # ip: 192.168.21.75
  # must be same, as port in openvpn config
  # port: 1194
  # must be same, as proto in openvpn config
  # proto: UDP
  # annotations
  # annotations: {}
  #  metallb.universe.tf/allow-shared-ip: openvpn-ip

# Virtual flow ip for openvpn service
virtIP_addr: {}
# 192.168.21.71
virtIP_dev: {}
# team0

# Create additional NetworkAttachmentDefinition for multus deployment
multus: {}
  # masterIface: team0
  # internalIP: 10.215.0.10/24
  # internalGW: 10.215.0.1
  # externalIP: 217.74.42.168/32
  # dnsIP: 192.168.215.100

# Networks CIDR which has to be routed through openvpn
netOpenvpn: {}
  # - 10.10.0.0/16
  # - 10.1.200.0/24

# CCD configmap
ccd: {}
#  test: |-
#    ifconfig-push 10.10.10.10 255.255.0.0
#    iroute 10.1.200.0 255.255.255.0
#    push "route 192.168.200.0 255.255.248.0"

# Router container
router: {}
  # image: "images.sdsys.ru/sys/ovpn-rsa" #nicolaka/netshoot
  # tag: "200207025"
  # pullPolicy: IfNotPresent
  # resources:
  #   limits:
  #     cpu: 50m
  #     memory: 50Mi
  #   requests:
  #     cpu: 50m
  #     memory: 50Mi