replicaCount: 1

image:
  repository: qmcgaw/gluetun
  tag: latest
  pullPolicy: IfNotPresent

env:
  - name: VPN_SERVICE_PROVIDER
    value: "airvpn"
  - name: VPN_TYPE
    value: "wireguard"
  - name: WIREGUARD_PRIVATE_KEY
    valueFrom:
      secretKeyRef:
        name: gluetun-wireguard
        key: WIREGUARD_PRIVATE_KEY
  - name: WIREGUARD_PRESHARED_KEY
    valueFrom:
      secretKeyRef:
        name: gluetun-wireguard
        key: WIREGUARD_PRESHARED_KEY
  - name: WIREGUARD_ADDRESSES
    value: "REPLACE_ME"
  - name: SERVER_COUNTRIES
    value: "REPLACE_ME"
  - name: HTTPPROXY
    value: "on"
  - name: HTTPPROXY_LOG
    value: "off"
  - name: FIREWALL_INPUT_PORTS
    value: "8888"
  - name: TZ
    value: "Europe/Amsterdam"

secret:
  create: true
  name: gluetun-wireguard
  privateKey: "REPLACE_ME"
  presharedKey: "REPLACE_ME"

service:
  type: ClusterIP
  port: 8888

ingress:
  enabled: false
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
  path: /
  hosts:
    - gluetun.example.org
  tls:
    - secretName: gluetun-example-org
      hosts:
        - gluetun.example.org

volumes:
  - name: dev-tun
    hostPath:
      path: /dev/net/tun

volumeMounts:
  - name: dev-tun
    mountPath: "/dev/net/tun"

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    add:
      - NET_ADMIN

livenessProbe:
  tcpSocket:
    port: 8888
  initialDelaySeconds: 10
  periodSeconds: 20
  timeoutSeconds: 2
  failureThreshold: 3

readinessProbe:
  tcpSocket:
    port: 8888
  initialDelaySeconds: 5
  periodSeconds: 10
  timeoutSeconds: 2
  failureThreshold: 3

resources:
  requests:
    memory: 128Mi
    cpu: 100m
  limits:
    memory: 512Mi
    cpu: 500m

nodeSelector: {}

tolerations: []

affinity: {}