From ae516a79eb1ab4c205f89f90cbc81371c8def2ac Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Fri, 18 Jul 2025 15:01:42 +0300
Subject: [PATCH] Adjust Rustdesk certs

---
 k8s/apps/rustdesk/deployment.yaml       |  2 -
 k8s/apps/rustdesk/external-secrets.yaml | 34 +++++++++++
 k8s/apps/rustdesk/ingress.yaml          |  1 -
 k8s/apps/rustdesk/kustomization.yaml    |  4 +-
 k8s/apps/rustdesk/network-policy.yaml   |  2 -
 k8s/apps/rustdesk/secret.yaml           | 18 ------
 k8s/apps/rustdesk/service.yaml          |  4 --
 k8s/apps/rustdesk/values.yaml           | 79 -------------------------
 8 files changed, 35 insertions(+), 109 deletions(-)
 create mode 100644 k8s/apps/rustdesk/external-secrets.yaml
 delete mode 100644 k8s/apps/rustdesk/secret.yaml
 delete mode 100644 k8s/apps/rustdesk/values.yaml

diff --git a/k8s/apps/rustdesk/deployment.yaml b/k8s/apps/rustdesk/deployment.yaml
index d91ddd1..eddf8b6 100644
--- a/k8s/apps/rustdesk/deployment.yaml
+++ b/k8s/apps/rustdesk/deployment.yaml
@@ -3,7 +3,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: rustdesk-hbbs
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
@@ -73,7 +72,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: rustdesk-hbbr
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbr
 spec:
diff --git a/k8s/apps/rustdesk/external-secrets.yaml b/k8s/apps/rustdesk/external-secrets.yaml
new file mode 100644
index 0000000..10dbec2
--- /dev/null
+++ b/k8s/apps/rustdesk/external-secrets.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: rustdesk-keys
+spec:
+  target:
+    name: rustdesk-keys
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        id_ed25519: |-
+          {{ .private_key }}
+        id_ed25519.pub: |-
+          {{ .public_key }}
+  data:
+    - secretKey: private_key
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: fe5d32b3-4205-490d-b896-b0b8438eda34
+        property: notes
+    - secretKey: public_key
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 05a6378a-8ccf-47fa-84ec-99eb5806513e
+        property: notes
+
diff --git a/k8s/apps/rustdesk/ingress.yaml b/k8s/apps/rustdesk/ingress.yaml
index 6f3455b..f049129 100644
--- a/k8s/apps/rustdesk/ingress.yaml
+++ b/k8s/apps/rustdesk/ingress.yaml
@@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: rustdesk-web
-  namespace: rustdesk
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
diff --git a/k8s/apps/rustdesk/kustomization.yaml b/k8s/apps/rustdesk/kustomization.yaml
index 791642c..39314d0 100644
--- a/k8s/apps/rustdesk/kustomization.yaml
+++ b/k8s/apps/rustdesk/kustomization.yaml
@@ -6,8 +6,6 @@ resources:
   - deployment.yaml
   - service.yaml
   - ingress.yaml
-  - secret.yaml
+  - external-secrets.yaml
   - network-policy.yaml
 
-# Убираем Helm chart и делаем нативные манифесты
-
diff --git a/k8s/apps/rustdesk/network-policy.yaml b/k8s/apps/rustdesk/network-policy.yaml
index a1afe3a..440d3d8 100644
--- a/k8s/apps/rustdesk/network-policy.yaml
+++ b/k8s/apps/rustdesk/network-policy.yaml
@@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: rustdesk-network-policy
-  namespace: rustdesk
 spec:
   podSelector:
     matchLabels:
@@ -53,7 +52,6 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: rustdesk-hbbr-network-policy
-  namespace: rustdesk
 spec:
   podSelector:
     matchLabels:
diff --git a/k8s/apps/rustdesk/secret.yaml b/k8s/apps/rustdesk/secret.yaml
deleted file mode 100644
index bb2e594..0000000
--- a/k8s/apps/rustdesk/secret.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rustdesk-keys
-  namespace: rustdesk
-type: Opaque
-data:
-  # Временные захардкоженные ключи (замените на реальные из Bitwarden позже)
-  # Приватный ключ Ed25519 (base64)
-  id_ed25519: |
-    LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUhyVHIvaEVx
-    OXlOMXZXL0JWVlhxZ1JPOVVJU1UwMEhzSzNjeUZjSGI3M0QKLS0tLS1FTkQgUFJJVkFURSBLRVkt
-    LS0tLQo=
-  # Публичный ключ Ed25519 (base64)  
-  id_ed25519.pub: |
-    LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QkNJRUlIclRyL2hFcTl5TjF2
-    Vy9CVlZYcWdSTzlVSVNVMDBIc0szY3lGY0hiNzNECi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
diff --git a/k8s/apps/rustdesk/service.yaml b/k8s/apps/rustdesk/service.yaml
index 268ff71..8dbd2b8 100644
--- a/k8s/apps/rustdesk/service.yaml
+++ b/k8s/apps/rustdesk/service.yaml
@@ -3,7 +3,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-hbbs
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
@@ -30,7 +29,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-hbbs-udp
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
@@ -49,7 +47,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-hbbr
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbr
 spec:
@@ -69,7 +66,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-web
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
diff --git a/k8s/apps/rustdesk/values.yaml b/k8s/apps/rustdesk/values.yaml
deleted file mode 100644
index b150b23..0000000
--- a/k8s/apps/rustdesk/values.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: docker.io/rustdesk/rustdesk-server
-  pullPolicy: IfNotPresent
-  tag: 1
-
-nodeSelector:
-  kubernetes.io/hostname: master.tail2fe2d.ts.net
-
-ingress:
-  enabled: true
-  className: "traefik"
-  annotations:
-    ingressClassName: traefik
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
-    acme.cert-manager.io/http01-edit-in-place: "true"
-  hosts:
-  - rd.hexor.cy
-  tls:
-    - secretName: rustdesk-tls
-      hosts:
-        - rd.hexor.cy
-
-service:
-  type: LoadBalancer
-  externalTrafficPolicy: Cluster
-  loadBalancerIP: null
-  enableWebClientSupport: false
-  hbbr:
-    replayPort:
-      port: 21117
-      targetPort: 21117
-    clientPort:
-      port: 21119
-      targetPort: 21119
-  hbbs:
-    natPort:
-      port: 21115
-      targetPort: 21115
-    registryPort:
-      port: 21116
-      targetPort: 21116
-    heartbeatPort:
-      port: 21116
-      targetPort: 21116
-    webPort:
-      port: 21118
-      targetPort: 21118
-
-resources:
-  hbbrResource:
-    requests:
-      memory: "128Mi"
-      cpu: "100m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
-  hbbsResource:
-    requests:
-      memory: "128Mi"
-      cpu: "100m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
-
-  # Additional volumes on the output Deployment definition.
-volume: {}
-
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-