diff --git a/k8s/apps/mtproxy/deployment.yaml b/k8s/apps/mtproxy/daemonset.yaml similarity index 82% rename from k8s/apps/mtproxy/deployment.yaml rename to k8s/apps/mtproxy/daemonset.yaml index cd30ab7..cf06ade 100644 --- a/k8s/apps/mtproxy/deployment.yaml +++ b/k8s/apps/mtproxy/daemonset.yaml @@ -40,14 +40,22 @@ spec: mtproto-proxy -u nobody -p 8888 - -H 30443 + -H $(PORT) -M 1 -S $(SECRET) --aes-pwd /etc/mtproxy/proxy-secret /etc/mtproxy/proxy-multi.conf env: - name: SECRET - value: "4ef8819478eb9c8928ab741300235a8e" + valueFrom: + secretKeyRef: + name: tgproxy-secret + key: SECRET + - name: PORT + valueFrom: + secretKeyRef: + name: tgproxy-secret + key: PORT volumeMounts: - name: data mountPath: /data diff --git a/k8s/apps/mtproxy/external-secrets.yaml b/k8s/apps/mtproxy/external-secrets.yaml new file mode 100644 index 0000000..f60e412 --- /dev/null +++ b/k8s/apps/mtproxy/external-secrets.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tgproxy-secret +spec: + target: + name: tgproxy-secret + deletionPolicy: Delete + template: + type: Opaque + data: + SECRET: |- + {{ .secret }} + PORT: "30443" + data: + - secretKey: secret + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 58a37daf-72d8-430d-86bd-6152aa8f888d + property: fields[0].value + diff --git a/k8s/apps/mtproxy/kustomization.yaml b/k8s/apps/mtproxy/kustomization.yaml index 7691f9f..faa2752 100644 --- a/k8s/apps/mtproxy/kustomization.yaml +++ b/k8s/apps/mtproxy/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - ./app.yaml - - ./deployment.yaml + - ./daemonset.yaml + - ./external-secrets.yaml # - ./storage.yaml # - ./service.yaml