Compare commits
1 Commits
auto-updat
...
auto-updat
| Author | SHA1 | Date | |
|---|---|---|---|
|
e419f4a369 |
@@ -20,8 +20,6 @@ spec:
|
||||
{{ .session_secret }}
|
||||
PG_STRING: |-
|
||||
postgres://furumi_dev:{{ .pg_pass }}@psql.psql.svc:5432/furumi_dev
|
||||
PLAYER_API_KEY: |-
|
||||
{{ .player_api_key }}
|
||||
data:
|
||||
- secretKey: client_id
|
||||
sourceRef:
|
||||
@@ -47,14 +45,6 @@ spec:
|
||||
remoteRef:
|
||||
key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
|
||||
property: fields[2].value
|
||||
- secretKey: player_api_key
|
||||
sourceRef:
|
||||
storeRef:
|
||||
name: vaultwarden-login
|
||||
kind: ClusterSecretStore
|
||||
remoteRef:
|
||||
key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
|
||||
property: fields[3].value
|
||||
- secretKey: pg_pass
|
||||
sourceRef:
|
||||
storeRef:
|
||||
|
||||
@@ -51,11 +51,6 @@ spec:
|
||||
secretKeyRef:
|
||||
name: furumi-ng-creds
|
||||
key: PG_STRING
|
||||
- name: FURUMI_PLAYER_API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: furumi-ng-creds
|
||||
key: PLAYER_API_KEY
|
||||
- name: FURUMI_PLAYER_STORAGE_DIR
|
||||
value: "/media"
|
||||
- name: RUST_LOG
|
||||
|
||||
@@ -5,9 +5,7 @@ resources:
|
||||
- ./app.yaml
|
||||
- ./rbac.yaml
|
||||
- ./daemonset.yaml
|
||||
- ./telemt-daemonset.yaml
|
||||
- ./external-secrets.yaml
|
||||
- ./telemt-external-secrets.yaml
|
||||
- ./service.yaml
|
||||
- ./secret-reader.yaml
|
||||
# - ./storage.yaml
|
||||
|
||||
@@ -1,109 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: telemt
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: telemt
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: mtproxy
|
||||
operator: Exists
|
||||
serviceAccountName: mtproxy
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
initContainers:
|
||||
- name: register-proxy
|
||||
image: bitnami/kubectl:latest
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tgproxy-secret
|
||||
key: SECRET
|
||||
- name: TELEMT_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: telemt-secret
|
||||
key: PORT
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -e
|
||||
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
|
||||
SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
|
||||
if [ -z "${SERVER}" ]; then
|
||||
echo "ERROR: node ${NODE_NAME} has no mtproxy label"
|
||||
exit 1
|
||||
fi
|
||||
# Build dd-prefixed secret for TLS mode: dd + secret + hex(tls_domain)
|
||||
DOMAIN_HEX=$(echo -n 'ya.ru' | xxd -p | tr -d '\n')
|
||||
DD_SECRET="dd${SECRET}${DOMAIN_HEX}"
|
||||
LINK="tg://proxy?server=${SERVER}&port=${TELEMT_PORT}&secret=${DD_SECRET}"
|
||||
echo "Registering telemt: ${SERVER} -> ${LINK}"
|
||||
if kubectl get secret telemt-links -n "${NAMESPACE}" &>/dev/null; then
|
||||
kubectl patch secret telemt-links -n "${NAMESPACE}" \
|
||||
--type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
|
||||
else
|
||||
kubectl create secret generic telemt-links -n "${NAMESPACE}" \
|
||||
--from-literal="${SERVER}=${LINK}"
|
||||
fi
|
||||
echo "Done"
|
||||
containers:
|
||||
- name: telemt
|
||||
image: ghcr.io/telemt/telemt:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: proxy
|
||||
containerPort: 30444
|
||||
protocol: TCP
|
||||
- name: api
|
||||
containerPort: 9091
|
||||
protocol: TCP
|
||||
workingDir: /run/telemt
|
||||
env:
|
||||
- name: RUST_LOG
|
||||
value: info
|
||||
volumeMounts:
|
||||
- name: workdir
|
||||
mountPath: /run/telemt
|
||||
- name: config
|
||||
mountPath: /run/telemt/config.toml
|
||||
subPath: config.toml
|
||||
readOnly: true
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: telemt-secret
|
||||
items:
|
||||
- key: config.toml
|
||||
path: config.toml
|
||||
- name: workdir
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
sizeLimit: 1Mi
|
||||
@@ -1,57 +0,0 @@
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: telemt-secret
|
||||
spec:
|
||||
target:
|
||||
name: telemt-secret
|
||||
deletionPolicy: Delete
|
||||
template:
|
||||
type: Opaque
|
||||
data:
|
||||
SECRET: |-
|
||||
{{ .secret }}
|
||||
PORT: "30444"
|
||||
config.toml: |
|
||||
[general]
|
||||
use_middle_proxy = true
|
||||
log_level = "normal"
|
||||
|
||||
[general.modes]
|
||||
classic = false
|
||||
secure = false
|
||||
tls = true
|
||||
|
||||
[general.links]
|
||||
show = "*"
|
||||
public_port = 30444
|
||||
|
||||
[server]
|
||||
port = 30444
|
||||
|
||||
[server.api]
|
||||
enabled = true
|
||||
listen = "0.0.0.0:9091"
|
||||
whitelist = ["0.0.0.0/0"]
|
||||
|
||||
[[server.listeners]]
|
||||
ip = "0.0.0.0"
|
||||
|
||||
[censorship]
|
||||
tls_domain = "ya.ru"
|
||||
mask = true
|
||||
tls_emulation = true
|
||||
tls_front_dir = "tlsfront"
|
||||
|
||||
[access.users]
|
||||
user = "{{ .secret }}"
|
||||
data:
|
||||
- secretKey: secret
|
||||
sourceRef:
|
||||
storeRef:
|
||||
name: vaultwarden-login
|
||||
kind: ClusterSecretStore
|
||||
remoteRef:
|
||||
key: 58a37daf-72d8-430d-86bd-6152aa8f888d
|
||||
property: fields[0].value
|
||||
Reference in New Issue
Block a user