apiVersion: apps/v1
kind: Deployment
metadata:
  name: wg-easy
  namespace: wireguard
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wg-easy
  template:
    metadata:
      labels:
        app: wg-easy
    spec:
      containers:
      - name: wg-easy
        image: ghcr.io/wg-easy/wg-easy
        env:
          - name: WG_HOST
            value: "wireguard.c2et.net"
          - name: WG_PORT
            value: "51819"
          - name: WG_DEFAULT_ADDRESS
            value: "192.168.254.x"
          - name: WG_DEFAULT_ALLOWEDIPS
            value: "192.168.0.0/24,10.42.0.0/16"
          - name: WG_DEFAULT_DNS
            value: "192.168.0.1"
          - name: PASSWORD_HASH
            valueFrom:
              secretKeyRef:
                name: wg-easy-secret
                key: PASSWORD_HASH
        ports:
          - containerPort: 51819
            protocol: UDP
          - containerPort: 51821
            protocol: TCP
        volumeMounts:
          - name: config
            mountPath: /etc/wireguard
        securityContext:
          capabilities:
            add: ["NET_ADMIN", "SYS_MODULE"]
      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: wg-easy-config