Added rustdesk

.gitignore

@@ -58,3 +58,4 @@ tags
 # Persistent undo
 [._]*.un~
 
+.DS_Store

k8s/apps/rustdesk/deployment.yaml

@@ -0,0 +1,129 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rustdesk-hbbs
+  namespace: rustdesk
+  labels:
+    app: rustdesk-hbbs
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rustdesk-hbbs
+  template:
+    metadata:
+      labels:
+        app: rustdesk-hbbs
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+      - name: hbbs
+        image: rustdesk/rustdesk-server:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        command: ["hbbs"]
+        args:
+          - "-r"
+          - "rd.hexor.cy:21117"  # Relay сервер
+          - "-k"
+          - "_"  # Использовать ключи из файлов
+          - "-p"
+          - "21115"
+          - "-w"
+          - "21118"  # Веб-порт
+        ports:
+        - name: nat
+          containerPort: 21115
+          protocol: TCP
+        - name: registry
+          containerPort: 21116
+          protocol: TCP
+        - name: web
+          containerPort: 21118
+          protocol: TCP
+        volumeMounts:
+        - name: keys
+          mountPath: /root
+          readOnly: true
+        env:
+        - name: RUST_LOG
+          value: "info"
+      volumes:
+      - name: keys
+        secret:
+          secretName: rustdesk-keys
+          items:
+          - key: id_ed25519
+            path: id_ed25519
+            mode: 0600
+          - key: id_ed25519.pub
+            path: id_ed25519.pub
+            mode: 0644
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rustdesk-hbbr
+  namespace: rustdesk
+  labels:
+    app: rustdesk-hbbr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rustdesk-hbbr
+  template:
+    metadata:
+      labels:
+        app: rustdesk-hbbr
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+      - name: hbbr
+        image: rustdesk/rustdesk-server:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        command: ["hbbr"]
+        args:
+          - "-k"
+          - "_"  # Использовать ключи из файлов
+          - "-p"
+          - "21117"
+        ports:
+        - name: relay
+          containerPort: 21117
+          protocol: TCP
+        volumeMounts:
+        - name: keys
+          mountPath: /root
+          readOnly: true
+        env:
+        - name: RUST_LOG
+          value: "info"
+      volumes:
+      - name: keys
+        secret:
+          secretName: rustdesk-keys
+          items:
+          - key: id_ed25519
+            path: id_ed25519
+            mode: 0600
+          - key: id_ed25519.pub
+            path: id_ed25519.pub
+            mode: 0644

k8s/apps/rustdesk/ingress.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: rustdesk-web
+  namespace: rustdesk
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - rd.hexor.cy
+    secretName: rustdesk-tls
+  rules:
+  - host: rd.hexor.cy
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: rustdesk-web
+            port:
+              number: 21118

k8s/apps/rustdesk/kustomization.yaml

@@ -3,14 +3,11 @@ kind: Kustomization
 
 resources:
   - app.yaml
-  #- external-secrets.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - secret.yaml
+  - network-policy.yaml
 
-helmCharts:
+# Убираем Helm chart и делаем нативные манифесты
-  - name: rustdesk-server-oss
-    repo: https://schich.tel/helm-charts
-    version: 0.2.2
-    releaseName: rustdesk
-    namespace: rustdesk
-    valuesFile: values.yaml
-    includeCRDs: true
 

k8s/apps/rustdesk/network-policy.yaml

@@ -0,0 +1,85 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: rustdesk-network-policy
+  namespace: rustdesk
+spec:
+  podSelector:
+    matchLabels:
+      app: rustdesk-hbbs
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  # Разрешаем все входящие подключения на RustDesk порты
+  - from: []
+    ports:
+    - protocol: TCP
+      port: 21115
+    - protocol: TCP
+      port: 21116
+    - protocol: UDP
+      port: 21116
+    - protocol: TCP
+      port: 21118
+  # Разрешаем Traefik ingress для веб-интерфейса
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          name: kube-system
+    ports:
+    - protocol: TCP
+      port: 21118
+  egress:
+  # Разрешаем DNS
+  - to: []
+    ports:
+    - protocol: UDP
+      port: 53
+    - protocol: TCP
+      port: 53
+  # Разрешаем связь между HBBS и HBBR
+  - to:
+    - podSelector:
+        matchLabels:
+          app: rustdesk-hbbr
+    ports:
+    - protocol: TCP
+      port: 21117
+
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: rustdesk-hbbr-network-policy
+  namespace: rustdesk
+spec:
+  podSelector:
+    matchLabels:
+      app: rustdesk-hbbr
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  # Разрешаем все входящие подключения на relay порт
+  - from: []
+    ports:
+    - protocol: TCP
+      port: 21117
+  # Разрешаем подключения от HBBS
+  - from:
+    - podSelector:
+        matchLabels:
+          app: rustdesk-hbbs
+    ports:
+    - protocol: TCP
+      port: 21117
+  egress:
+  # Разрешаем DNS
+  - to: []
+    ports:
+    - protocol: UDP
+      port: 53
+    - protocol: TCP
+      port: 53

k8s/apps/rustdesk/secret.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rustdesk-keys
+  namespace: rustdesk
+type: Opaque
+data:
+  # Временные захардкоженные ключи (замените на реальные из Bitwarden позже)
+  # Приватный ключ Ed25519 (base64)
+  id_ed25519: |
+    LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUhyVHIvaEVx
+    OXlOMXZXL0JWVlhxZ1JPOVVJU1UwMEhzSzNjeUZjSGI3M0QKLS0tLS1FTkQgUFJJVkFURSBLRVkt
+    LS0tLQo=
+  # Публичный ключ Ed25519 (base64)  
+  id_ed25519.pub: |
+    LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QkNJRUlIclRyL2hFcTl5TjF2
+    Vy9CVlZYcWdSTzlVSVNVMDBIc0szY3lGY0hiNzNECi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=

k8s/apps/rustdesk/service.yaml

@@ -0,0 +1,83 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rustdesk-hbbs
+  namespace: rustdesk
+  labels:
+    app: rustdesk-hbbs
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  selector:
+    app: rustdesk-hbbs
+  ports:
+  - name: nat
+    port: 21115
+    targetPort: 21115
+    protocol: TCP
+  - name: registry-tcp
+    port: 21116
+    targetPort: 21116
+    protocol: TCP
+  - name: web
+    port: 21118
+    targetPort: 21118
+    protocol: TCP
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rustdesk-hbbs-udp
+  namespace: rustdesk
+  labels:
+    app: rustdesk-hbbs
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  selector:
+    app: rustdesk-hbbs
+  ports:
+  - name: registry-udp
+    port: 21116
+    targetPort: 21116
+    protocol: UDP
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rustdesk-hbbr
+  namespace: rustdesk
+  labels:
+    app: rustdesk-hbbr
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  selector:
+    app: rustdesk-hbbr
+  ports:
+  - name: relay
+    port: 21117
+    targetPort: 21117
+    protocol: TCP
+
+---
+# ClusterIP сервис для веб-интерфейса (используется через Ingress)
+apiVersion: v1
+kind: Service
+metadata:
+  name: rustdesk-web
+  namespace: rustdesk
+  labels:
+    app: rustdesk-hbbs
+spec:
+  type: ClusterIP
+  selector:
+    app: rustdesk-hbbs
+  ports:
+  - name: web
+    port: 21118
+    targetPort: 21118
+    protocol: TCP