diff --git a/kubernetes/00-namespace.yaml b/kubernetes/00-namespace.yaml
new file mode 100644
index 0000000..46c1474
--- /dev/null
+++ b/kubernetes/00-namespace.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: vpn
+
diff --git a/kubernetes/01-deploy.yaml b/kubernetes/01-deploy.yaml
new file mode 100644
index 0000000..3915da5
--- /dev/null
+++ b/kubernetes/01-deploy.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+ name: vpn
+ namespace: vpn
+ labels:
+ app: ipsec-vpn-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ipsec-vpn-server
+ template:
+ metadata:
+ labels:
+ app: ipsec-vpn-server
+ spec:
+ containers:
+ - image: hwdsl2/ipsec-vpn-server
+ name: vpn
+ imagePullPolicy: Always
+# Uncomment if you need your own rules
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command:
+ # - "sh"
+ # - "-c"
+ # - |
+ # ip route add 192.168.99.0/24 dev eth0;
+ # ip route add 192.168.98.0/24 dev eth0;
+ securityContext:
+ privileged: true
+ resources:
+ limits:
+ cpu: 600m
+ memory: 650Mi
+ requests:
+ cpu: 200m
+ memory: 300Mi
+ ports:
+ - name: vpnisakmp
+ containerPort: 500
+ protocol: UDP
+ - name: vpnike
+ containerPort: 4500
+ protocol: UDP
+ env:
+ - name: "VPN_IPSEC_PSK"
+ value: "SuperDuperPSK"
+ - name: "VPN_USER"
+ value: "vpnuser"
+ - name: "VPN_PASSWORD"
+ value: "VPN-SuperMegaPassword.1!"
\ No newline at end of file
diff --git a/kubernetes/02-service.yaml b/kubernetes/02-service.yaml
new file mode 100644
index 0000000..3af86fc
--- /dev/null
+++ b/kubernetes/02-service.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: vpn
+ name: ipsec-vpn-server-aws-nlb
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/path: /metrics
+ prometheus.io/port: '9100'
+ service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "environment=dev,owner=SRE,job=ipsec-vpn-server"
+ service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+ service.beta.kubernetes.io/aws-load-balancer-type: nlb
+ service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+ service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "6"
+ service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: "20"
+ service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: "5"
+ service.kubernetes.io/local-svc-only-bind-node-with-pod: "true"
+ service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+ labels:
+ app: ipsec-vpn-server
+spec:
+ type: LoadBalancer
+ ports:
+ - name: vpnisakmp
+ port: 500
+ targetPort: 500
+ protocol: UDP
+ - name: vpnike
+ port: 4500
+ targetPort: 4500
+ protocol: UDP
+ - name: port1701
+ port: 1701
+ targetPort: 1701
+ protocol: UDP
+ selector:
+ app: ipsec-vpn-server
diff --git a/kubernetes/POD-VPN.jpeg b/kubernetes/POD-VPN.jpeg
new file mode 100644
index 0000000..ffd08c9
Binary files /dev/null and b/kubernetes/POD-VPN.jpeg differ
diff --git a/kubernetes/README.md b/kubernetes/README.md
new file mode 100644
index 0000000..99be015
--- /dev/null
+++ b/kubernetes/README.md
@@ -0,0 +1,80 @@
+# VPN on Kubernetes Pod
+
+### How to Run
+
+
+kubectl apply -f .
+ namespace/vpn created
+ deployment.apps/vpn created
+ service/ipsec-vpn-server-aws-nlb created
+
+
+
+### Architecture
+
+
+
+
+
+
+
+
+
+
+
+### Configure your system
+
+
+
+
+
+
+
+### kubectl get all -n vpn
+
+
+NAME READY STATUS RESTARTS AGE
+pod/vpn-7477d97f87-7jfvj 1/1 Running 0 28m
+
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+service/ipsec-vpn-server-aws-nlb LoadBalancer 5.5.5.5 foobar.elb.z.amazonaws.com 500:32399/UDP,4500:31327/UDP,1701:31028/UDP 27m
+
+NAME READY UP-TO-DATE AVAILABLE AGE
+deployment.apps/vpn 1/1 1 1 28m
+
+NAME DESIRED CURRENT READY AGE
+replicaset.apps/vpn-7477d97f87 1 1 1 28m
+
+
+
+### netcat
+
+
+$ nc -vzu foobar.elb.z.amazonaws.com 500
+Connection to oobar.elb.z.amazonaws.com 500 port [udp/isakmp] succeeded!
+
+
+
+
+
+### tcpdump -i eth0 udp (in the Pod)
+
+
+19:36:14.046396 IP 1-1-1-1.kubelet.kube-system.svc.cluster.local.55912 > vpn-7477d97f87-7jfvj.500: |isakmp|
+19:36:14.046734 IP vpn-7477d97f87-7jfvj.50692 > kube-dns.kube-system.svc.cluster.local.53: 40024+ PTR? 2.2.2.2.in-addr.arpa. (44) 19:36:14.046895 IP kube-dns.kube-system.svc.cluster.local.53 > vpn-7477d97f87-7jfvj.50692: 40024*- 1/0/0 PTR 1-1-1-1.kubelet.kube-system.svc.cluster.local. (135)
+19:36:14.046986 IP vpn-7477d97f87-7jfvj.39097 > kube-dns.kube-system.svc.cluster.local.53: 51793+ PTR? 3.3.3.3.in-addr.arpa. (42)
+19:36:14.047109 IP kube-dns.kube-system.svc.cluster.local.53 > vpn-7477d97f87-7jfvj.39097: 51793*- 1/0/0 PTR kube-dns.kube-system.svc.cluster.local. (118)
+19:36:14.050323 IP 1-1-1-1.kubelet.kube-system.svc.cluster.local.55912 > vpn-7477d97f87-7jfvj.500: |isakmp|
+19:36:15.047801 IP 1-1-1-1.kubelet.kube-system.svc.cluster.local.55912 > vpn-7477d97f87-7jfvj.500: |isakmp|
+19:36:16.047829 IP 1-1-1-1.kubelet.kube-system.svc.cluster.local.55912 > vpn-7477d97f87-7jfvj.500: |isakmp|
+19:36:17.046943 IP 1-1-1-1.kubelet.kube-system.svc.cluster.local.55912 > vpn-7477d97f87-7jfvj.500: |isakmp|
+
+
+
diff --git a/kubernetes/aws-R53.png b/kubernetes/aws-R53.png
new file mode 100644
index 0000000..871645d
Binary files /dev/null and b/kubernetes/aws-R53.png differ
diff --git a/kubernetes/config-vpn-01.png b/kubernetes/config-vpn-01.png
new file mode 100644
index 0000000..d08598a
Binary files /dev/null and b/kubernetes/config-vpn-01.png differ
diff --git a/kubernetes/config-vpn-02.png b/kubernetes/config-vpn-02.png
new file mode 100644
index 0000000..be5eeb8
Binary files /dev/null and b/kubernetes/config-vpn-02.png differ