Gluetun VPN Gateway
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 8 | Yesterday |
juju deploy gluetun-k8s --channel edge
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
-
cluster-cidrs | string
Comma-separated pod/service CIDRs excluded from VPN routing. Example: "10.1.0.0/16,10.152.183.0/24" (MicroK8s)
-
custom-overrides | string
JSON object of extra environment variables to set on the gluetun container. Values are merged on top of the charm's built-in environment and take precedence on conflict (e.g. setting DOT here overrides dns-over-tls config).
When set, config validation is relaxed (e.g. openvpn is allowed) and the charm runs in override mode with no config sanity guarantees.
Example: '{"VPN_TYPE": "openvpn", "OPENVPN_USER": "foo", "OPENVPN_PASSWORD": "bar"}'
-
dns-over-tls | boolean
Enable gluetun's internal DNS server with DNS-over-TLS.
WARNING: Broken with pod-gateway sidecar. Gluetun binds its DNS server to port 53 on all interfaces, conflicting with pod-gateway's dnsmasq which binds to the VXLAN interface (172.16.0.1:53). This causes bind errors and connection instability. Keep disabled.
-
server-cities | string
Comma-separated preferred server cities.
-
server-countries | string
Comma-separated preferred server countries.
-
vpn-endpoint-ip | string
VPN server IP address (custom provider).
-
vpn-endpoint-port | int
Default: 51820
VPN server port (custom provider).
-
vpn-provider | string
VPN provider (nordvpn, mullvad, protonvpn, pia, surfshark, ivpn, windscribe, custom).
-
vpn-type | string
Default: wireguard
VPN protocol (wireguard only in v1).
-
vxlan-id | int
Default: 42
VXLAN tunnel ID (1-16777215).
Unique ID for each gluetun-k8s instance in the cluster. If not running multiple instances, change the default only if you know what you're doing.
-
wireguard-addresses | string
WireGuard interface address in CIDR format. Example: "10.64.222.21/32"
-
wireguard-private-key-secret | secret
Juju secret with 'private-key' attribute containing WireGuard private key.
juju add-secret vpn-key private-key="wOEI9rqqbDwnN8/..." juju grant-secret vpn-key gluetun juju config gluetun wireguard-private-key-secret=secret:vpn-key
-
wireguard-public-key | string
Server's WireGuard public key (custom provider).