apiVersion: v1
kind: Pod
metadata:
  name: wireguard4
  labels:
    use-as-service: wireguard4
spec:
  containers:
  - name: alpine
    image: alpine:3.14
    args:
    - sleep
    - "1000000"
    securityContext:
      capabilities:
        # ADMIN for wireguard, RAW for tcpdump
        add: ["NET_ADMIN", "NET_RAW" ]
    ports:
      - containerPort: 51820

---
apiVersion: v1
kind: Service
metadata:
  name: wireguard4
  labels:
    app: wireguard4
spec:
  type: ClusterIP
  ports:
   - protocol: UDP
     port: 51820
     name: wireguard
  selector:
   use-as-service: wireguard4