Deployed outfleet-rs

k8s/apps/vpn/xray.yaml

@@ -0,0 +1,209 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: xray-config-template
+data:
+  config.json.template: |
+    {
+      "log": {
+        "loglevel": "warning"
+      },
+      "api": {
+        "tag": "api",
+        "listen": "TAILSCALE_IP:10086",
+        "services": [
+          "HandlerService",
+          "StatsService",
+          "LoggerService",
+          "RoutingService",
+          "ReflectionService"
+        ]
+      },
+      "stats": {},
+      "policy": {
+        "system": {
+          "statsInboundDownlink": true,
+          "statsInboundUplink": true,
+          "statsOutboundDownlink": true,
+          "statsOutboundUplink": true
+        }
+      },
+      "inbounds": [],
+      "outbounds": [
+        {
+          "tag": "direct",
+          "protocol": "freedom",
+          "settings": {}
+        }
+      ],
+      "routing": {
+        "rules": []
+      }
+    }
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: xray-init-script
+data:
+  init.sh: |
+    #!/bin/sh
+    set -e
+    
+    echo "Starting Xray configuration setup..."
+    
+    # Find xray binary location
+    XRAY_BIN=""
+    for path in /usr/bin/xray /usr/local/bin/xray /bin/xray /opt/xray/xray; do
+        if [ -x "$path" ]; then
+            XRAY_BIN="$path"
+            echo "Found Xray binary at: $XRAY_BIN"
+            break
+        fi
+    done
+    
+    if [ -z "$XRAY_BIN" ]; then
+        echo "Error: Xray binary not found"
+        echo "Available files in common locations:"
+        ls -la /usr/bin/xray* 2>/dev/null || echo "No xray in /usr/bin/"
+        ls -la /usr/local/bin/xray* 2>/dev/null || echo "No xray in /usr/local/bin/"
+        ls -la /bin/xray* 2>/dev/null || echo "No xray in /bin/"
+        exit 1
+    fi
+    
+    # Get Tailscale IP address
+    TAILSCALE_IP=""
+    
+    # Try different ways to get Tailscale IP
+    if command -v ip >/dev/null 2>&1; then
+        TAILSCALE_IP=$(ip addr show tailscale0 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1 | head -n1)
+    fi
+    
+    # Fallback: try to find any interface with 100.x.x.x IP (typical Tailscale range)
+    if [ -z "$TAILSCALE_IP" ]; then
+        TAILSCALE_IP=$(ip route get 8.8.8.8 2>/dev/null | grep -o 'src [0-9\.]*' | grep '100\.' | awk '{print $2}' | head -n1)
+    fi
+    
+    # Another fallback: check all interfaces for 100.x.x.x
+    if [ -z "$TAILSCALE_IP" ]; then
+        TAILSCALE_IP=$(ip addr show 2>/dev/null | grep -o 'inet 100\.[0-9\.]*' | awk '{print $2}' | head -n1)
+    fi
+    
+    # Final fallback: use localhost if no Tailscale IP found
+    if [ -z "$TAILSCALE_IP" ]; then
+        echo "Warning: Could not find Tailscale IP, using 127.0.0.1"
+        TAILSCALE_IP="127.0.0.1"
+    else
+        echo "Found Tailscale IP: $TAILSCALE_IP"
+    fi
+    
+    # Create config directory
+    mkdir -p /usr/local/etc/xray
+    
+    # Replace TAILSCALE_IP placeholder in config template
+    sed "s/TAILSCALE_IP/$TAILSCALE_IP/g" /config-template/config.json.template > /usr/local/etc/xray/config.json
+    
+    echo "Generated Xray config:"
+    cat /usr/local/etc/xray/config.json
+    
+    # Increase file descriptor limits
+    ulimit -n 65536 2>/dev/null || echo "Warning: Could not increase file descriptor limit"
+    
+    echo "Starting Xray with binary: $XRAY_BIN"
+    exec "$XRAY_BIN" run -c /usr/local/etc/xray/config.json
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: xray-daemon
+  labels:
+    app: xray
+spec:
+  selector:
+    matchLabels:
+      app: xray
+  template:
+    metadata:
+      labels:
+        app: xray
+    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      nodeSelector:
+        xray: "true"
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: xray
+        image: teddysun/xray:latest
+        command: ["/bin/sh"]
+        args: ["/scripts/init.sh"]
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+        volumeMounts:
+        - name: config-template
+          mountPath: /config-template
+          readOnly: true
+        - name: init-script
+          mountPath: /scripts
+          readOnly: true
+        - name: xray-config
+          mountPath: /usr/local/etc/xray
+        ports:
+        - containerPort: 10086
+          protocol: TCP
+          name: api
+        livenessProbe:
+          tcpSocket:
+            port: 10086
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          tcpSocket:
+            port: 10086
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        resources:
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+      volumes:
+      - name: config-template
+        configMap:
+          name: xray-config-template
+          defaultMode: 0644
+      - name: init-script
+        configMap:
+          name: xray-init-script
+          defaultMode: 0755
+      - name: xray-config
+        emptyDir: {}
+      restartPolicy: Always
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: xray-api-service
+  labels:
+    app: xray
+spec:
+  type: ClusterIP
+  ports:
+  - port: 10086
+    targetPort: 10086
+    protocol: TCP
+    name: api
+  selector:
+    app: xray