Add latest video

Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: default-headers
+  namespace: portainer
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 15552000
+    customFrameOptionsValue: SAMEORIGIN
+    customRequestHeaders:
+      X-Forwarded-Proto: https

Kubernetes/Create-manifest-helm/Portainer/ingress.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: portainer
+  namespace: portainer
+  annotations: 
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`www.portainer.yourdomain.com`) # change me
+      kind: Rule
+      services:
+        - name: portainer
+          port: 9443
+    - match: Host(`portainer.yourdomain.com`) # change me
+      kind: Rule
+      services:
+        - name: portainer
+          port: 9443
+          scheme: https
+          passHostHeader: true
+      middlewares:
+        - name: default-headers
+  tls:
+    secretName: yourdomain-tls # change me

Kubernetes/Create-manifest-helm/Portainer/values.yaml

@@ -0,0 +1,10 @@
+nodeSelector: 
+  worker: "true"
+
+service:
+  enabled: true
+  type: LoadBalancer
+  annotations: {}
+  labels: {}
+  loadBalancerSourceRanges: []
+  externalIPs: []

Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: default-headers
+  namespace: wg-easy
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 15552000
+    customFrameOptionsValue: SAMEORIGIN
+    customRequestHeaders:
+      X-Forwarded-Proto: https

Kubernetes/Create-manifest-helm/WireGuard-Easy/deployment.yaml

@@ -0,0 +1,91 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: wg-easy
+    app.kubernetes.io/instance: wg-easy
+    app.kubernetes.io/name: wg-easy
+  name: wg-easy
+  namespace: wg-easy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wg-easy
+  template:
+    metadata:
+      labels:
+        app: wg-easy
+        app.kubernetes.io/name: wg-easy
+    spec:
+      nodeSelector:
+        worker: "true"
+     # securityContext:
+     #   sysctls:
+     #   - name: net.ipv4.ip_forward
+     #     value: "1"
+     #   - name: net.ipv4.conf.all.src_valid_mark
+     #     value: "1"
+      containers:
+        - env:
+            - name: WG_HOST
+              value: "wg.yourdomain.com" # change me
+            - name: PASSWORD
+              value: "password!"
+            - name: WG_DEFAULT_DNS
+              value: "10.43.0.10, wg-easy.svc.cluster.local"
+          image: weejewel/wg-easy
+          imagePullPolicy: Always
+          name: wg-easy
+          ports:
+            - containerPort: 51820
+            - containerPort: 51821
+          resources: {}
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+          volumeMounts:
+            - mountPath: /etc/wireguard
+              name: wg-easy
+      restartPolicy: Always
+      volumes:
+        - name: wg-easy
+          persistentVolumeClaim:
+            claimName: wg-easy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: wg-easy
+  name: wg-easy-udp
+  namespace: wg-easy
+spec:
+  ports:
+  - name: wg-easy-udp
+    port: 51820
+    protocol: UDP
+    targetPort: 51820
+  selector:
+    app: wg-easy
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: wg-easy
+  name: wg-easy-web
+  namespace: wg-easy
+spec:
+  ports:
+  - name: wg-easy-web
+    port: 51821
+    protocol: TCP
+    targetPort: 51821
+  selector:
+    app: wg-easy
+  type: ClusterIP

Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: wg-easy
+  namespace: wg-easy
+  annotations: 
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`www.wg-easy.yourdomain.com`) # change me 
+      kind: Rule
+      services:
+        - name: wg-easy-web
+          port: 51821
+    - match: Host(`wg-easy.yourdomain.com`) # change me
+      kind: Rule
+      services:
+        - name: wg-easy-web
+          port: 51821
+      middlewares:
+        - name: default-headers
+  tls:
+    secretName: yourdomain-tls # change me

Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml

@@ -0,0 +1,14 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteUDP
+metadata:
+  name: wg-easy
+  namespace: wg-easy
+  annotations: 
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - wireguard
+  routes:
+    - services:
+        - name: wg-easy-udp
+          port: 51820