Added telemt
This commit is contained in:
Ultradesu
109
k8s/apps/mtproxy/telemt-daemonset.yaml
Normal file
109
k8s/apps/mtproxy/telemt-daemonset.yaml
Normal file
@@ -0,0 +1,109 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: telemt
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: telemt
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: mtproxy
|
||||
operator: Exists
|
||||
serviceAccountName: mtproxy
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
initContainers:
|
||||
- name: register-proxy
|
||||
image: bitnami/kubectl:latest
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tgproxy-secret
|
||||
key: SECRET
|
||||
- name: TELEMT_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: telemt-secret
|
||||
key: PORT
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -e
|
||||
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
|
||||
SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
|
||||
if [ -z "${SERVER}" ]; then
|
||||
echo "ERROR: node ${NODE_NAME} has no mtproxy label"
|
||||
exit 1
|
||||
fi
|
||||
# Build dd-prefixed secret for TLS mode: dd + secret + hex(tls_domain)
|
||||
DOMAIN_HEX=$(echo -n 'ya.ru' | xxd -p | tr -d '\n')
|
||||
DD_SECRET="dd${SECRET}${DOMAIN_HEX}"
|
||||
LINK="tg://proxy?server=${SERVER}&port=${TELEMT_PORT}&secret=${DD_SECRET}"
|
||||
echo "Registering telemt: ${SERVER} -> ${LINK}"
|
||||
if kubectl get secret telemt-links -n "${NAMESPACE}" &>/dev/null; then
|
||||
kubectl patch secret telemt-links -n "${NAMESPACE}" \
|
||||
--type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
|
||||
else
|
||||
kubectl create secret generic telemt-links -n "${NAMESPACE}" \
|
||||
--from-literal="${SERVER}=${LINK}"
|
||||
fi
|
||||
echo "Done"
|
||||
containers:
|
||||
- name: telemt
|
||||
image: ghcr.io/telemt/telemt:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: proxy
|
||||
containerPort: 30444
|
||||
protocol: TCP
|
||||
- name: api
|
||||
containerPort: 9091
|
||||
protocol: TCP
|
||||
workingDir: /run/telemt
|
||||
env:
|
||||
- name: RUST_LOG
|
||||
value: info
|
||||
volumeMounts:
|
||||
- name: workdir
|
||||
mountPath: /run/telemt
|
||||
- name: config
|
||||
mountPath: /run/telemt/config.toml
|
||||
subPath: config.toml
|
||||
readOnly: true
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: telemt-secret
|
||||
items:
|
||||
- key: config.toml
|
||||
path: config.toml
|
||||
- name: workdir
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
sizeLimit: 1Mi
|
||||
Reference in New Issue
Block a user