k8s/apps/mtproxy/daemonset.yaml

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: mtproxy
  labels:
    app: mtproxy
spec:
  selector:
    matchLabels:
      app: mtproxy
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: mtproxy
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: mtproxy
                    operator: Exists
      serviceAccountName: mtproxy
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
        - name: register-proxy
          image: bitnami/kubectl:latest
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: SECRET
            - name: PORT
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: PORT
          command:
            - /bin/bash
            - -c
            - |
              set -e
              NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
              SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
              if [ -z "${SERVER}" ]; then
                echo "ERROR: node ${NODE_NAME} has no mtproxy label"
                exit 1
              fi
              LINK="tg://proxy?server=${SERVER}&port=${PORT}&secret=${SECRET}"
              echo "Registering: ${SERVER} -> ${LINK}"
              if kubectl get secret mtproxy-links -n "${NAMESPACE}" &>/dev/null; then
                kubectl patch secret mtproxy-links -n "${NAMESPACE}" \
                  --type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
              else
                kubectl create secret generic mtproxy-links -n "${NAMESPACE}" \
                  --from-literal="${SERVER}=${LINK}"
              fi
              echo "Done"
      containers:
        - name: mtproxy
          image: telegrammessenger/proxy:latest
          # image: ultradesu/mtproxy:v0.02
          imagePullPolicy: Always
          ports:
            - name: proxy
              containerPort: 30443
              protocol: TCP
          command:
            - /bin/sh
            - -c
            - >-
              cat /etc/*release* && \
              # /usr/bin/curl -s https://core.telegram.org/getProxySecret -o proxy-secret && \
              # /usr/bin/curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf && \
              mtproto-proxy
              -u nobody
              -p 8888
              -H $(PORT)
              -M 1
              -S $(SECRET)
              --aes-pwd proxy-secret
              proxy-multi.conf
          env:
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: SECRET
            - name: PORT
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: PORT
          volumeMounts:
            - name: data
              mountPath: /data
         #resources:
         #  requests:
         #    memory: "128Mi"
         #    cpu: "100m"
         #  limits:
         #    memory: "256Mi"
         #    cpu: "500m"
      volumes:
        - name: data
          emptyDir: {}
Added MTproxy 2026-02-11 12:12:39 +02:00			`---`
			`apiVersion: apps/v1`
Fix mtproxy ports 2026-02-11 17:26:30 +02:00			`kind: DaemonSet`
Added MTproxy 2026-02-11 12:12:39 +02:00			`metadata:`
			`name: mtproxy`
			`labels:`
			`app: mtproxy`
			`spec:`
			`selector:`
			`matchLabels:`
			`app: mtproxy`
Fix mtproxy ports 2026-02-11 17:26:30 +02:00			`updateStrategy:`
			`type: RollingUpdate`
Added MTproxy 2026-02-11 12:12:39 +02:00			`template:`
			`metadata:`
			`labels:`
			`app: mtproxy`
			`spec:`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
Fix mtproxy ports 2026-02-11 20:33:08 +02:00			`- key: mtproxy`
Added MTproxy 2026-02-11 12:12:39 +02:00			`operator: Exists`
Added RBAC mtproxy 2026-02-11 21:37:14 +02:00			`serviceAccountName: mtproxy`
Added hostNetwork mtproxy 2026-02-11 21:02:27 +02:00			`hostNetwork: true`
			`dnsPolicy: ClusterFirstWithHostNet`
Added RBAC mtproxy 2026-02-11 21:37:14 +02:00			`initContainers:`
			`- name: register-proxy`
			`image: bitnami/kubectl:latest`
			`env:`
			`- name: NODE_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
			`- name: SECRET`
			`valueFrom:`
			`secretKeyRef:`
			`name: tgproxy-secret`
			`key: SECRET`
			`- name: PORT`
			`valueFrom:`
			`secretKeyRef:`
			`name: tgproxy-secret`
			`key: PORT`
			`command:`
			`- /bin/bash`
			`- -c`
			`- \|`
			`set -e`
			`NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)`
			`SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')`
			`if [ -z "${SERVER}" ]; then`
			`echo "ERROR: node ${NODE_NAME} has no mtproxy label"`
			`exit 1`
			`fi`
			`LINK="tg://proxy?server=${SERVER}&port=${PORT}&secret=${SECRET}"`
			`echo "Registering: ${SERVER} -> ${LINK}"`
			`if kubectl get secret mtproxy-links -n "${NAMESPACE}" &>/dev/null; then`
			`kubectl patch secret mtproxy-links -n "${NAMESPACE}" \`
			`--type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"`
			`else`
			`kubectl create secret generic mtproxy-links -n "${NAMESPACE}" \`
			`--from-literal="${SERVER}=${LINK}"`
			`fi`
			`echo "Done"`
Added MTproxy 2026-02-11 12:12:39 +02:00			`containers:`
			`- name: mtproxy`
Added RBAC mtproxy 2026-02-12 00:51:21 +02:00			`image: telegrammessenger/proxy:latest`
			`# image: ultradesu/mtproxy:v0.02`
Added MTproxy 2026-02-11 12:12:39 +02:00			`imagePullPolicy: Always`
			`ports:`
			`- name: proxy`
Added dockerfile for mtproxy 2026-02-11 20:55:07 +02:00			`containerPort: 30443`
Added MTproxy 2026-02-11 12:12:39 +02:00			`protocol: TCP`
Added hostNetwork mtproxy 2026-02-11 21:08:37 +02:00			`command:`
			`- /bin/sh`
			`- -c`
			`- >-`
Added RBAC mtproxy 2026-02-12 01:04:56 +02:00			`cat /etc/release && \`
			`# /usr/bin/curl -s https://core.telegram.org/getProxySecret -o proxy-secret && \`
			`# /usr/bin/curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf && \`
Added hostNetwork mtproxy 2026-02-11 21:08:37 +02:00			`mtproto-proxy`
			`-u nobody`
			`-p 8888`
Added secrets 2026-02-11 21:22:13 +02:00			`-H $(PORT)`
Added hostNetwork mtproxy 2026-02-11 21:08:37 +02:00			`-M 1`
			`-S $(SECRET)`
Added RBAC mtproxy 2026-02-12 01:01:01 +02:00			`--aes-pwd proxy-secret`
			`proxy-multi.conf`
Added MTproxy 2026-02-11 12:12:39 +02:00			`env:`
			`- name: SECRET`
Added secrets 2026-02-11 21:22:13 +02:00			`valueFrom:`
			`secretKeyRef:`
			`name: tgproxy-secret`
			`key: SECRET`
			`- name: PORT`
			`valueFrom:`
			`secretKeyRef:`
			`name: tgproxy-secret`
			`key: PORT`
Added MTproxy 2026-02-11 12:12:39 +02:00			`volumeMounts:`
			`- name: data`
			`mountPath: /data`
Added dockerfile for mtproxy 2026-02-11 20:59:00 +02:00			`#resources:`
			`# requests:`
			`# memory: "128Mi"`
			`# cpu: "100m"`
			`# limits:`
			`# memory: "256Mi"`
			`# cpu: "500m"`
Added MTproxy 2026-02-11 12:12:39 +02:00			`volumes:`
			`- name: data`
Fix mtproxy ports 2026-02-11 17:26:30 +02:00			`emptyDir: {}`