Compare commits
1 Commits
auto-updat
...
auto-updat
| Author | SHA1 | Date | |
|---|---|---|---|
|
b3ea42d039 |
@@ -5,11 +5,7 @@ resources:
|
||||
- ./app.yaml
|
||||
- ./rbac.yaml
|
||||
- ./daemonset.yaml
|
||||
- ./telemt-daemonset.yaml
|
||||
- ./external-secrets.yaml
|
||||
- ./telemt-external-secrets.yaml
|
||||
- ./telemt-service.yaml
|
||||
- ./telemt-servicemonitor.yaml
|
||||
- ./service.yaml
|
||||
- ./secret-reader.yaml
|
||||
# - ./storage.yaml
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- "--secrets"
|
||||
- "mtproxy-links,telemt-links"
|
||||
- "mtproxy-links"
|
||||
- "--namespace"
|
||||
- "mtproxy"
|
||||
- "--port"
|
||||
|
||||
@@ -1,114 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: telemt
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: telemt
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: mtproxy
|
||||
operator: Exists
|
||||
serviceAccountName: mtproxy
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
initContainers:
|
||||
- name: register-proxy
|
||||
image: bitnami/kubectl:latest
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tgproxy-secret
|
||||
key: SECRET
|
||||
- name: TELEMT_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: telemt-secret
|
||||
key: PORT
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -e
|
||||
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
|
||||
SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
|
||||
if [ -z "${SERVER}" ]; then
|
||||
echo "ERROR: node ${NODE_NAME} has no mtproxy label"
|
||||
exit 1
|
||||
fi
|
||||
# Build ee-prefixed secret for secure mode
|
||||
EE_SECRET="ee${SECRET}"
|
||||
LINK="tg://proxy?server=${SERVER}&port=${TELEMT_PORT}&secret=${EE_SECRET}"
|
||||
echo "Registering telemt: ${SERVER} -> ${LINK}"
|
||||
if kubectl get secret telemt-links -n "${NAMESPACE}" &>/dev/null; then
|
||||
kubectl patch secret telemt-links -n "${NAMESPACE}" \
|
||||
--type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
|
||||
else
|
||||
kubectl create secret generic telemt-links -n "${NAMESPACE}" \
|
||||
--from-literal="${SERVER}=${LINK}"
|
||||
fi
|
||||
echo "Done"
|
||||
containers:
|
||||
- name: telemt
|
||||
image: ghcr.io/telemt/telemt:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: proxy
|
||||
containerPort: 30444
|
||||
protocol: TCP
|
||||
- name: api
|
||||
containerPort: 9091
|
||||
protocol: TCP
|
||||
workingDir: /run/telemt
|
||||
env:
|
||||
- name: RUST_LOG
|
||||
value: info
|
||||
volumeMounts:
|
||||
- name: workdir
|
||||
mountPath: /run/telemt
|
||||
- name: config
|
||||
mountPath: /run/telemt/config.toml
|
||||
subPath: config.toml
|
||||
readOnly: true
|
||||
- name: etcdir
|
||||
mountPath: /etc/telemt
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: telemt-secret
|
||||
items:
|
||||
- key: config.toml
|
||||
path: config.toml
|
||||
- name: workdir
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
sizeLimit: 1Mi
|
||||
- name: etcdir
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
sizeLimit: 1Mi
|
||||
@@ -1,59 +0,0 @@
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: telemt-secret
|
||||
spec:
|
||||
target:
|
||||
name: telemt-secret
|
||||
deletionPolicy: Delete
|
||||
template:
|
||||
type: Opaque
|
||||
data:
|
||||
SECRET: |-
|
||||
{{ .secret }}
|
||||
PORT: "30444"
|
||||
config.toml: |
|
||||
[general]
|
||||
use_middle_proxy = true
|
||||
log_level = "normal"
|
||||
|
||||
[general.modes]
|
||||
classic = false
|
||||
secure = false
|
||||
tls = true
|
||||
|
||||
[general.links]
|
||||
show = "*"
|
||||
public_port = 30444
|
||||
|
||||
[server]
|
||||
port = 30444
|
||||
metrics_port = 9090
|
||||
metrics_whitelist = ["0.0.0.0/0"]
|
||||
|
||||
[server.api]
|
||||
enabled = true
|
||||
listen = "0.0.0.0:9091"
|
||||
whitelist = ["0.0.0.0/0"]
|
||||
|
||||
[[server.listeners]]
|
||||
ip = "0.0.0.0"
|
||||
|
||||
[censorship]
|
||||
tls_domain = "ya.ru"
|
||||
mask = true
|
||||
tls_emulation = true
|
||||
tls_front_dir = "tlsfront"
|
||||
|
||||
[access.users]
|
||||
user = "{{ .secret }}"
|
||||
data:
|
||||
- secretKey: secret
|
||||
sourceRef:
|
||||
storeRef:
|
||||
name: vaultwarden-login
|
||||
kind: ClusterSecretStore
|
||||
remoteRef:
|
||||
key: 58a37daf-72d8-430d-86bd-6152aa8f888d
|
||||
property: fields[0].value
|
||||
@@ -1,17 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: telemt-metrics
|
||||
labels:
|
||||
app: telemt
|
||||
spec:
|
||||
type: ClusterIP
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: telemt
|
||||
ports:
|
||||
- port: 9090
|
||||
targetPort: 9090
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
@@ -1,21 +0,0 @@
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: telemt-metrics
|
||||
labels:
|
||||
app: telemt
|
||||
release: prometheus
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: telemt
|
||||
endpoints:
|
||||
- port: metrics
|
||||
path: /metrics
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
honorLabels: true
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- mtproxy
|
||||
Reference in New Issue
Block a user