| --- |
| apiVersion: v1 |
| kind: Namespace |
| metadata: |
| name: app-nebula |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: nebula |
| namespace: app-nebula |
| spec: |
| type: LoadBalancer |
| selector: |
| app: nebula |
| ports: |
| - name: nebula |
| port: 4242 |
| targetPort: nebula |
| protocol: UDP |
| # --- |
| # apiVersion: networking.k8s.io/v1 |
| # kind: Ingress |
| # metadata: |
| # name: ingress |
| # namespace: app-nebula |
| # annotations: |
| # cert-manager.io/cluster-issuer: "letsencrypt-prod" |
| # acme.cert-manager.io/http01-edit-in-place: "true" |
| # spec: |
| # ingressClassName: nginx |
| # tls: |
| # - hosts: |
| # - woof.lekva.me |
| # secretName: cert-woof.lekva.me |
| # rules: |
| # - host: woof.lekva.me |
| # http: |
| # paths: |
| # - path: / |
| # pathType: Prefix |
| # backend: |
| # service: |
| # name: nebula |
| # port: |
| # name: http |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: nebula |
| namespace: app-nebula |
| spec: |
| selector: |
| matchLabels: |
| app: nebula |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: nebula |
| spec: |
| volumes: |
| - name: lighthouse-cert |
| configMap: |
| name: lighthouse-cert |
| - name: ca-cert |
| configMap: |
| name: ca-cert |
| - name: config |
| configMap: |
| name: lighthouse-config |
| containers: |
| - name: nebula |
| image: giolekva/nebula:latest |
| imagePullPolicy: IfNotPresent |
| securityContext: |
| capabilities: |
| add: |
| - NET_ADMIN |
| privileged: true |
| ports: |
| - name: nebula |
| containerPort: 4242 |
| protocol: UDP |
| command: ["nebula", "--config=/etc/nebula/config/lighthouse.yaml"] |
| volumeMounts: |
| - name: lighthouse-cert |
| mountPath: /etc/nebula/lighthouse |
| - name: ca-cert |
| mountPath: /etc/nebula/ca |
| - name: config |
| mountPath: /etc/nebula/config |