Deployed outfleet-rs

k8s/apps/vpn/config.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: outfleet-rs-config
+data:
+  config.toml: |-
+    [database]
+    url = "postgres://outfleet_rs:FMj#bA0XW14Pd2@psql.psql.svc:5432/outfleet_rs"
+
+    [web]
+    host = "0.0.0.0"
+    port = 8080
+    base_url = "https://vpn.hexor.cy"
+
+    [telegram]
+    enabled = false
+    admin_chat_ids = []
+    allowed_users = []
+
+    [xray]
+    config_path = "./templates"
+
+    [log]
+    level = "debug"
+

k8s/apps/vpn/deployment.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: outfleet-rs
+  labels:
+    app: outfleet-rs
+  annotations:
+    reloader.stakater.com/auto: "true"
+spec:
+  selector:
+    matchLabels:
+      app: outfleet-rs
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: outfleet-rs
+    spec:
+      hostname: outfleet-rs
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: outfleet-rs
+          image: 'ultradesu/outfleet:rs-0.2'
+          imagePullPolicy: Always
+          command: ["/bin/sh"]
+          args:
+            - "-c"
+            - |
+              set -x
+              /app/xray-admin --host 0.0.0.0 --port 8080
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          env:
+            - name: RUST_LOG
+              value: "info"
+          volumeMounts:
+            - name: outfleet-config
+              mountPath: /app/config.toml    # <-- target path inside container
+              subPath: config.toml           # <-- use the specific key as a file
+              readOnly: true
+      volumes:
+        - name: outfleet-config
+          configMap:
+            name: outfleet-rs-config
+            items:
+              - key: config.toml
+                path: config.toml
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: outfleet-rs
+spec:
+  selector:
+    app: outfleet-rs
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

k8s/apps/vpn/kustomization.yaml

@@ -3,7 +3,10 @@ kind: Kustomization
 
 resources:
   - ./app.yaml
-  - ./external-secrets.yaml
-  - ./outfleet.yaml
-  - ./shadowsocks.yaml
+# - ./external-secrets.yaml
+# - ./outfleet.yaml
+# - ./shadowsocks.yaml
+  - ./deployment.yaml
+  - ./config.yaml
+  - ./xray.yaml
 

k8s/apps/vpn/xray.yaml

@@ -0,0 +1,209 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: xray-config-template
+data:
+  config.json.template: |
+    {
+      "log": {
+        "loglevel": "warning"
+      },
+      "api": {
+        "tag": "api",
+        "listen": "TAILSCALE_IP:10086",
+        "services": [
+          "HandlerService",
+          "StatsService",
+          "LoggerService",
+          "RoutingService",
+          "ReflectionService"
+        ]
+      },
+      "stats": {},
+      "policy": {
+        "system": {
+          "statsInboundDownlink": true,
+          "statsInboundUplink": true,
+          "statsOutboundDownlink": true,
+          "statsOutboundUplink": true
+        }
+      },
+      "inbounds": [],
+      "outbounds": [
+        {
+          "tag": "direct",
+          "protocol": "freedom",
+          "settings": {}
+        }
+      ],
+      "routing": {
+        "rules": []
+      }
+    }
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: xray-init-script
+data:
+  init.sh: |
+    #!/bin/sh
+    set -e
+    
+    echo "Starting Xray configuration setup..."
+    
+    # Find xray binary location
+    XRAY_BIN=""
+    for path in /usr/bin/xray /usr/local/bin/xray /bin/xray /opt/xray/xray; do
+        if [ -x "$path" ]; then
+            XRAY_BIN="$path"
+            echo "Found Xray binary at: $XRAY_BIN"
+            break
+        fi
+    done
+    
+    if [ -z "$XRAY_BIN" ]; then
+        echo "Error: Xray binary not found"
+        echo "Available files in common locations:"
+        ls -la /usr/bin/xray* 2>/dev/null || echo "No xray in /usr/bin/"
+        ls -la /usr/local/bin/xray* 2>/dev/null || echo "No xray in /usr/local/bin/"
+        ls -la /bin/xray* 2>/dev/null || echo "No xray in /bin/"
+        exit 1
+    fi
+    
+    # Get Tailscale IP address
+    TAILSCALE_IP=""
+    
+    # Try different ways to get Tailscale IP
+    if command -v ip >/dev/null 2>&1; then
+        TAILSCALE_IP=$(ip addr show tailscale0 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1 | head -n1)
+    fi
+    
+    # Fallback: try to find any interface with 100.x.x.x IP (typical Tailscale range)
+    if [ -z "$TAILSCALE_IP" ]; then
+        TAILSCALE_IP=$(ip route get 8.8.8.8 2>/dev/null | grep -o 'src [0-9\.]*' | grep '100\.' | awk '{print $2}' | head -n1)
+    fi
+    
+    # Another fallback: check all interfaces for 100.x.x.x
+    if [ -z "$TAILSCALE_IP" ]; then
+        TAILSCALE_IP=$(ip addr show 2>/dev/null | grep -o 'inet 100\.[0-9\.]*' | awk '{print $2}' | head -n1)
+    fi
+    
+    # Final fallback: use localhost if no Tailscale IP found
+    if [ -z "$TAILSCALE_IP" ]; then
+        echo "Warning: Could not find Tailscale IP, using 127.0.0.1"
+        TAILSCALE_IP="127.0.0.1"
+    else
+        echo "Found Tailscale IP: $TAILSCALE_IP"
+    fi
+    
+    # Create config directory
+    mkdir -p /usr/local/etc/xray
+    
+    # Replace TAILSCALE_IP placeholder in config template
+    sed "s/TAILSCALE_IP/$TAILSCALE_IP/g" /config-template/config.json.template > /usr/local/etc/xray/config.json
+    
+    echo "Generated Xray config:"
+    cat /usr/local/etc/xray/config.json
+    
+    # Increase file descriptor limits
+    ulimit -n 65536 2>/dev/null || echo "Warning: Could not increase file descriptor limit"
+    
+    echo "Starting Xray with binary: $XRAY_BIN"
+    exec "$XRAY_BIN" run -c /usr/local/etc/xray/config.json
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: xray-daemon
+  labels:
+    app: xray
+spec:
+  selector:
+    matchLabels:
+      app: xray
+  template:
+    metadata:
+      labels:
+        app: xray
+    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      nodeSelector:
+        xray: "true"
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: xray
+        image: teddysun/xray:latest
+        command: ["/bin/sh"]
+        args: ["/scripts/init.sh"]
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+        volumeMounts:
+        - name: config-template
+          mountPath: /config-template
+          readOnly: true
+        - name: init-script
+          mountPath: /scripts
+          readOnly: true
+        - name: xray-config
+          mountPath: /usr/local/etc/xray
+        ports:
+        - containerPort: 10086
+          protocol: TCP
+          name: api
+        livenessProbe:
+          tcpSocket:
+            port: 10086
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          tcpSocket:
+            port: 10086
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        resources:
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+      volumes:
+      - name: config-template
+        configMap:
+          name: xray-config-template
+          defaultMode: 0644
+      - name: init-script
+        configMap:
+          name: xray-init-script
+          defaultMode: 0755
+      - name: xray-config
+        emptyDir: {}
+      restartPolicy: Always
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: xray-api-service
+  labels:
+    app: xray
+spec:
+  type: ClusterIP
+  ports:
+  - port: 10086
+    targetPort: 10086
+    protocol: TCP
+    name: api
+  selector:
+    app: xray