---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: mtproxy
  labels:
    app: mtproxy
spec:
  selector:
    matchLabels:
      app: mtproxy
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: mtproxy
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: mtproxy
                    operator: Exists
      serviceAccountName: mtproxy
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
        - name: register-proxy
          image: bitnami/kubectl:latest
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: SECRET
            - name: PORT
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: PORT
          volumeMounts:
            - name: data
              mountPath: /data
          command:
            - /bin/bash
            - -c
            - |
              set -e
              curl -s https://core.telegram.org/getProxySecret -o /data/proxy-secret
              curl -s https://core.telegram.org/getProxyConfig -o /data/proxy-multi.conf
              NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
              SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
              if [ -z "${SERVER}" ]; then
                echo "ERROR: node ${NODE_NAME} has no mtproxy label"
                exit 1
              fi
              LINK="tg://proxy?server=${SERVER}&port=${PORT}&secret=${SECRET}"
              echo "Registering: ${SERVER} -> ${LINK}"
              if kubectl get secret mtproxy-links -n "${NAMESPACE}" &>/dev/null; then
                kubectl patch secret mtproxy-links -n "${NAMESPACE}" \
                  --type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
              else
                kubectl create secret generic mtproxy-links -n "${NAMESPACE}" \
                  --from-literal="${SERVER}=${LINK}"
              fi
              echo "Done"
      containers:
        - name: mtproxy
          image: telegrammessenger/proxy:latest
          # image: ultradesu/mtproxy:v0.02
          imagePullPolicy: Always
          ports:
            - name: proxy
              containerPort: 30443
              protocol: TCP
          command:
            - /bin/sh
            - -c
            - >-
              mtproto-proxy
              -u nobody
              -p 8888
              -H $(PORT)
              -M 1
              -S $(SECRET)
              --aes-pwd /data/proxy-secret
              /data/proxy-multi.conf
          env:
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: SECRET
            - name: PORT
              valueFrom:
                secretKeyRef:
                  name: tgproxy-secret
                  key: PORT
          volumeMounts:
            - name: data
              mountPath: /data
         #resources:
         #  requests:
         #    memory: "128Mi"
         #    cpu: "100m"
         #  limits:
         #    memory: "256Mi"
         #    cpu: "500m"
      volumes:
        - name: data
          emptyDir: {}