Adjust Rustdesk certs

k8s/apps/rustdesk/deployment.yaml

@@ -3,7 +3,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: rustdesk-hbbs
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
@@ -73,7 +72,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: rustdesk-hbbr
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbr
 spec:

k8s/apps/rustdesk/external-secrets.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: rustdesk-keys
+spec:
+  target:
+    name: rustdesk-keys
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        id_ed25519: |-
+          {{ .private_key }}
+        id_ed25519.pub: |-
+          {{ .public_key }}
+  data:
+    - secretKey: private_key
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: fe5d32b3-4205-490d-b896-b0b8438eda34
+        property: notes
+    - secretKey: public_key
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 05a6378a-8ccf-47fa-84ec-99eb5806513e
+        property: notes
+

k8s/apps/rustdesk/ingress.yaml

@@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: rustdesk-web
-  namespace: rustdesk
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd

k8s/apps/rustdesk/kustomization.yaml

@@ -6,8 +6,6 @@ resources:
   - deployment.yaml
   - service.yaml
   - ingress.yaml
-  - secret.yaml
+  - external-secrets.yaml
   - network-policy.yaml
 
-# Убираем Helm chart и делаем нативные манифесты
-

k8s/apps/rustdesk/network-policy.yaml

@@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: rustdesk-network-policy
-  namespace: rustdesk
 spec:
   podSelector:
     matchLabels:
@@ -53,7 +52,6 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: rustdesk-hbbr-network-policy
-  namespace: rustdesk
 spec:
   podSelector:
     matchLabels:

k8s/apps/rustdesk/secret.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rustdesk-keys
-  namespace: rustdesk
-type: Opaque
-data:
-  # Временные захардкоженные ключи (замените на реальные из Bitwarden позже)
-  # Приватный ключ Ed25519 (base64)
-  id_ed25519: |
-    LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUhyVHIvaEVx
-    OXlOMXZXL0JWVlhxZ1JPOVVJU1UwMEhzSzNjeUZjSGI3M0QKLS0tLS1FTkQgUFJJVkFURSBLRVkt
-    LS0tLQo=
-  # Публичный ключ Ed25519 (base64)  
-  id_ed25519.pub: |
-    LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QkNJRUlIclRyL2hFcTl5TjF2
-    Vy9CVlZYcWdSTzlVSVNVMDBIc0szY3lGY0hiNzNECi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=

k8s/apps/rustdesk/service.yaml

@@ -3,7 +3,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-hbbs
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
@@ -30,7 +29,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-hbbs-udp
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:
@@ -49,7 +47,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-hbbr
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbr
 spec:
@@ -69,7 +66,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: rustdesk-web
-  namespace: rustdesk
   labels:
     app: rustdesk-hbbs
 spec:

k8s/apps/rustdesk/values.yaml

@@ -1,79 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: docker.io/rustdesk/rustdesk-server
-  pullPolicy: IfNotPresent
-  tag: 1
-
-nodeSelector:
-  kubernetes.io/hostname: master.tail2fe2d.ts.net
-
-ingress:
-  enabled: true
-  className: "traefik"
-  annotations:
-    ingressClassName: traefik
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
-    acme.cert-manager.io/http01-edit-in-place: "true"
-  hosts:
-  - rd.hexor.cy
-  tls:
-    - secretName: rustdesk-tls
-      hosts:
-        - rd.hexor.cy
-
-service:
-  type: LoadBalancer
-  externalTrafficPolicy: Cluster
-  loadBalancerIP: null
-  enableWebClientSupport: false
-  hbbr:
-    replayPort:
-      port: 21117
-      targetPort: 21117
-    clientPort:
-      port: 21119
-      targetPort: 21119
-  hbbs:
-    natPort:
-      port: 21115
-      targetPort: 21115
-    registryPort:
-      port: 21116
-      targetPort: 21116
-    heartbeatPort:
-      port: 21116
-      targetPort: 21116
-    webPort:
-      port: 21118
-      targetPort: 21118
-
-resources:
-  hbbrResource:
-    requests:
-      memory: "128Mi"
-      cpu: "100m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
-  hbbsResource:
-    requests:
-      memory: "128Mi"
-      cpu: "100m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
-
-  # Additional volumes on the output Deployment definition.
-volume: {}
-
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-