diff --git a/k8s/apps/vpn/config.yaml b/k8s/apps/vpn/config.yaml new file mode 100644 index 0000000..c1e65d1 --- /dev/null +++ b/k8s/apps/vpn/config.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: outfleet-rs-config +data: + config.toml: |- + [database] + url = "postgres://outfleet_rs:FMj#bA0XW14Pd2@psql.psql.svc:5432/outfleet_rs" + + [web] + host = "0.0.0.0" + port = 8080 + base_url = "https://vpn.hexor.cy" + + [telegram] + enabled = false + admin_chat_ids = [] + allowed_users = [] + + [xray] + config_path = "./templates" + + [log] + level = "debug" + diff --git a/k8s/apps/vpn/deployment.yaml b/k8s/apps/vpn/deployment.yaml new file mode 100644 index 0000000..1757d37 --- /dev/null +++ b/k8s/apps/vpn/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: outfleet-rs + labels: + app: outfleet-rs + annotations: + reloader.stakater.com/auto: "true" +spec: + selector: + matchLabels: + app: outfleet-rs + replicas: 1 + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: outfleet-rs + spec: + hostname: outfleet-rs + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + containers: + - name: outfleet-rs + image: 'ultradesu/outfleet:rs-0.2' + imagePullPolicy: Always + command: ["/bin/sh"] + args: + - "-c" + - | + set -x + /app/xray-admin --host 0.0.0.0 --port 8080 + ports: + - name: http + containerPort: 8080 + protocol: TCP + env: + - name: RUST_LOG + value: "info" + volumeMounts: + - name: outfleet-config + mountPath: /app/config.toml # <-- target path inside container + subPath: config.toml # <-- use the specific key as a file + readOnly: true + volumes: + - name: outfleet-config + configMap: + name: outfleet-rs-config + items: + - key: config.toml + path: config.toml + +--- +apiVersion: v1 +kind: Service +metadata: + name: outfleet-rs +spec: + selector: + app: outfleet-rs + ports: + - protocol: TCP + port: 80 + targetPort: 8080 diff --git a/k8s/apps/vpn/kustomization.yaml b/k8s/apps/vpn/kustomization.yaml index 606d55f..7f923b7 100644 --- a/k8s/apps/vpn/kustomization.yaml +++ b/k8s/apps/vpn/kustomization.yaml @@ -3,7 +3,10 @@ kind: Kustomization resources: - ./app.yaml - - ./external-secrets.yaml - - ./outfleet.yaml - - ./shadowsocks.yaml +# - ./external-secrets.yaml +# - ./outfleet.yaml +# - ./shadowsocks.yaml + - ./deployment.yaml + - ./config.yaml + - ./xray.yaml diff --git a/k8s/apps/vpn/xray.yaml b/k8s/apps/vpn/xray.yaml new file mode 100644 index 0000000..41c80bd --- /dev/null +++ b/k8s/apps/vpn/xray.yaml @@ -0,0 +1,209 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: xray-config-template +data: + config.json.template: | + { + "log": { + "loglevel": "warning" + }, + "api": { + "tag": "api", + "listen": "TAILSCALE_IP:10086", + "services": [ + "HandlerService", + "StatsService", + "LoggerService", + "RoutingService", + "ReflectionService" + ] + }, + "stats": {}, + "policy": { + "system": { + "statsInboundDownlink": true, + "statsInboundUplink": true, + "statsOutboundDownlink": true, + "statsOutboundUplink": true + } + }, + "inbounds": [], + "outbounds": [ + { + "tag": "direct", + "protocol": "freedom", + "settings": {} + } + ], + "routing": { + "rules": [] + } + } + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: xray-init-script +data: + init.sh: | + #!/bin/sh + set -e + + echo "Starting Xray configuration setup..." + + # Find xray binary location + XRAY_BIN="" + for path in /usr/bin/xray /usr/local/bin/xray /bin/xray /opt/xray/xray; do + if [ -x "$path" ]; then + XRAY_BIN="$path" + echo "Found Xray binary at: $XRAY_BIN" + break + fi + done + + if [ -z "$XRAY_BIN" ]; then + echo "Error: Xray binary not found" + echo "Available files in common locations:" + ls -la /usr/bin/xray* 2>/dev/null || echo "No xray in /usr/bin/" + ls -la /usr/local/bin/xray* 2>/dev/null || echo "No xray in /usr/local/bin/" + ls -la /bin/xray* 2>/dev/null || echo "No xray in /bin/" + exit 1 + fi + + # Get Tailscale IP address + TAILSCALE_IP="" + + # Try different ways to get Tailscale IP + if command -v ip >/dev/null 2>&1; then + TAILSCALE_IP=$(ip addr show tailscale0 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1 | head -n1) + fi + + # Fallback: try to find any interface with 100.x.x.x IP (typical Tailscale range) + if [ -z "$TAILSCALE_IP" ]; then + TAILSCALE_IP=$(ip route get 8.8.8.8 2>/dev/null | grep -o 'src [0-9\.]*' | grep '100\.' | awk '{print $2}' | head -n1) + fi + + # Another fallback: check all interfaces for 100.x.x.x + if [ -z "$TAILSCALE_IP" ]; then + TAILSCALE_IP=$(ip addr show 2>/dev/null | grep -o 'inet 100\.[0-9\.]*' | awk '{print $2}' | head -n1) + fi + + # Final fallback: use localhost if no Tailscale IP found + if [ -z "$TAILSCALE_IP" ]; then + echo "Warning: Could not find Tailscale IP, using 127.0.0.1" + TAILSCALE_IP="127.0.0.1" + else + echo "Found Tailscale IP: $TAILSCALE_IP" + fi + + # Create config directory + mkdir -p /usr/local/etc/xray + + # Replace TAILSCALE_IP placeholder in config template + sed "s/TAILSCALE_IP/$TAILSCALE_IP/g" /config-template/config.json.template > /usr/local/etc/xray/config.json + + echo "Generated Xray config:" + cat /usr/local/etc/xray/config.json + + # Increase file descriptor limits + ulimit -n 65536 2>/dev/null || echo "Warning: Could not increase file descriptor limit" + + echo "Starting Xray with binary: $XRAY_BIN" + exec "$XRAY_BIN" run -c /usr/local/etc/xray/config.json + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: xray-daemon + labels: + app: xray +spec: + selector: + matchLabels: + app: xray + template: + metadata: + labels: + app: xray + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + xray: "true" + tolerations: + - operator: Exists + effect: NoSchedule + containers: + - name: xray + image: teddysun/xray:latest + command: ["/bin/sh"] + args: ["/scripts/init.sh"] + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + volumeMounts: + - name: config-template + mountPath: /config-template + readOnly: true + - name: init-script + mountPath: /scripts + readOnly: true + - name: xray-config + mountPath: /usr/local/etc/xray + ports: + - containerPort: 10086 + protocol: TCP + name: api + livenessProbe: + tcpSocket: + port: 10086 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + tcpSocket: + port: 10086 + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + limits: + memory: "512Mi" + cpu: "500m" + requests: + memory: "256Mi" + cpu: "250m" + volumes: + - name: config-template + configMap: + name: xray-config-template + defaultMode: 0644 + - name: init-script + configMap: + name: xray-init-script + defaultMode: 0755 + - name: xray-config + emptyDir: {} + restartPolicy: Always + +--- +apiVersion: v1 +kind: Service +metadata: + name: xray-api-service + labels: + app: xray +spec: + type: ClusterIP + ports: + - port: 10086 + targetPort: 10086 + protocol: TCP + name: api + selector: + app: xray