apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: openvpn-as
  namespace: tools
spec:
  serviceName: openvpn-as  # 对应 Headless Service 名称（即使不用也建议保留）
  replicas: 1
  selector:
    matchLabels:
      app: openvpn-as
  template:
    metadata:
      labels:
        app: openvpn-as
    spec:
      terminationGracePeriodSeconds: 30  # 优雅终止时间（OpenVPN 需要时间保存状态）
      containers:
        - name: openvpn-as
          image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/openvpn-as:latest
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
          ports:
            - containerPort: 943
              protocol: TCP
            - containerPort: 443
              protocol: TCP
            - containerPort: 1194
              protocol: UDP
          volumeMounts:
            - name: openvpn-data
              mountPath: /openvpn
          env:
            - name: TZ
              value: Asia/Shanghai
  volumeClaimTemplates:
    - metadata:
        name: openvpn-data
      spec:
        storageClassName: alicloud-disk-efficiency
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
  name: openvpn-as
  namespace: tools
spec:
  type: NodePort
  ports:
    - name: web-ui
      port: 943
      targetPort: 943
      protocol: TCP
    - name: https-client
      port: 443
      targetPort: 443
      protocol: TCP
    - name: openvpn-udp
      port: 1194
      targetPort: 1194
      protocol: UDP
  selector:
    app: openvpn-as