ab/homelab
1
1
Fork 1
Code Pull Requests 155 Actions Packages Wiki Activity

Added telemt
All checks were successful
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 20s
Details
Check with kubeconform / lint (push) Successful in 16s
Details
Auto-update README / Generate README and Create MR (push) Successful in 11s
Details

Browse Source
This commit is contained in:
Ultradesu
2026-04-06 11:52:36 +01:00
parent 3b94cc92ea
commit b032852dd8
3 changed files with 168 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
k8s/apps/mtproxy/kustomization.yaml
View File

@@ -5,7 +5,9 @@ resources:
- ./app.yaml
- ./rbac.yaml
- ./daemonset.yaml
- ./telemt-daemonset.yaml
- ./external-secrets.yaml
- ./telemt-external-secrets.yaml
- ./service.yaml
- ./secret-reader.yaml
# - ./storage.yaml

109
k8s/apps/mtproxy/telemt-daemonset.yaml Normal file
View File

@@ -0,0 +1,109 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: telemt
labels:
app: telemt
spec:
selector:
matchLabels:
app: telemt
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: telemt
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: mtproxy
operator: Exists
serviceAccountName: mtproxy
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
- name: register-proxy
image: bitnami/kubectl:latest
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: SECRET
valueFrom:
secretKeyRef:
name: tgproxy-secret
key: SECRET
- name: TELEMT_PORT
valueFrom:
secretKeyRef:
name: telemt-secret
key: PORT
command:
- /bin/bash
- -c
- |
set -e
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
if [ -z "${SERVER}" ]; then
echo "ERROR: node ${NODE_NAME} has no mtproxy label"
exit 1
fi
# Build dd-prefixed secret for TLS mode: dd + secret + hex(tls_domain)
DOMAIN_HEX=$(echo -n 'ya.ru' | xxd -p | tr -d '\n')
DD_SECRET="dd${SECRET}${DOMAIN_HEX}"
LINK="tg://proxy?server=${SERVER}&port=${TELEMT_PORT}&secret=${DD_SECRET}"
echo "Registering telemt: ${SERVER} -> ${LINK}"
if kubectl get secret telemt-links -n "${NAMESPACE}" &>/dev/null; then
kubectl patch secret telemt-links -n "${NAMESPACE}" \
--type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
else
kubectl create secret generic telemt-links -n "${NAMESPACE}" \
--from-literal="${SERVER}=${LINK}"
fi
echo "Done"
containers:
- name: telemt
image: ghcr.io/telemt/telemt:latest
imagePullPolicy: Always
ports:
- name: proxy
containerPort: 30444
protocol: TCP
- name: api
containerPort: 9091
protocol: TCP
workingDir: /run/telemt
env:
- name: RUST_LOG
value: info
volumeMounts:
- name: workdir
mountPath: /run/telemt
- name: config
mountPath: /run/telemt/config.toml
subPath: config.toml
readOnly: true
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
volumes:
- name: config
secret:
secretName: telemt-secret
items:
- key: config.toml
path: config.toml
- name: workdir
emptyDir:
medium: Memory
sizeLimit: 1Mi

57
k8s/apps/mtproxy/telemt-external-secrets.yaml Normal file
View File

@@ -0,0 +1,57 @@
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: telemt-secret
spec:
target:
name: telemt-secret
deletionPolicy: Delete
template:
type: Opaque
data:
SECRET: |-
{{ .secret }}
PORT: "30444"
config.toml: |
[general]
use_middle_proxy = true
log_level = "normal"
[general.modes]
classic = false
secure = false
tls = true
[general.links]
show = "*"
public_port = 30444
[server]
port = 30444
[server.api]
enabled = true
listen = "0.0.0.0:9091"
whitelist = ["0.0.0.0/0"]
[[server.listeners]]
ip = "0.0.0.0"
[censorship]
tls_domain = "ya.ru"
mask = true
tls_emulation = true
tls_front_dir = "tlsfront"
[access.users]
user = "{{ .secret }}"
data:
- secretKey: secret
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 58a37daf-72d8-430d-86bd-6152aa8f888d
property: fields[0].value