IPsec Server with Docker & K8s

IPsec Server with Docker & k8s#

# Prepare env file
vim env
VPN_IPSEC_PSK=$( uuidgen | tr -s "-" "w")
VPN_USER=your_vpn_username
VPN_PASSWORD=your_vpn_password

VPN_ADDL_USERS=additional_username_1 additional_username_2
VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2

# run docker 
docker run --name ipsec \
-itd --restart=unless-stopped \
--env-file ./env -p 500:500/udp  \
-p 4500:4500/udp \
--privileged  \
hwdsl2/ipsec-vpn-server

reference:
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server

k8s deploy#

vim ipsec-vpn.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "2"
  generation: 2
  labels:
    k8s-app: ipsec-vpn-server
  name: ipsec-vpn-server
  namespace: default
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: ipsec-vpn-server
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      annotations:
        edge.tke.cloud.tencent.com/cpu: "1"
        edge.tke.cloud.tencent.com/mem: 2Gi
      creationTimestamp: null
      labels:
        k8s-app: ipsec-vpn-server
    spec:
      containers:
      - env:
        - name: VPN_IPSEC_PSK #IPsec PSK，预共享密钥
          value: "your_ipsec_pre_shared_key"
        - name: VPN_USER   #用户名
          value: your_user_name
        - name: VPN_PASSWORD  #密码
          value: "you_password"
        - name: VPN_SETUP_IKEV2 #启用IKEv2协议，推荐
          value: "yes"
        image: hwdsl2/ipsec-vpn-server
        imagePullPolicy: Always
        name: ipsec-vpn-server
        resources:
          limits:
            cpu: 500m
            memory: 1Gi
          requests:
            cpu: 250m
            memory: 256Mi
        securityContext:
          privileged: true #开启特级权限
      dnsPolicy: ClusterFirst
      hostNetwork: true  #使用Host网络
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
kubectl create -f ipsec-vpn.yaml