homelab/k8s/apps/vpn/xray.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: xray-config-template
data:
  config.json.template: |
    {
      "log": {
        "loglevel": "warning"
      },
      "api": {
        "tag": "api",
        "listen": "TAILSCALE_IP:10086",
        "services": [
          "HandlerService",
          "StatsService",
          "LoggerService",
          "RoutingService",
          "ReflectionService"
        ]
      },
      "stats": {},
      "policy": {
        "system": {
          "statsInboundDownlink": true,
          "statsInboundUplink": true,
          "statsOutboundDownlink": true,
          "statsOutboundUplink": true
        }
      },
      "inbounds": [],
      "outbounds": [
        {
          "tag": "direct",
          "protocol": "freedom",
          "settings": {}
        }
      ],
      "routing": {
        "rules": []
      }
    }

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: xray-init-script
data:
  init.sh: |
    #!/bin/sh
    set -e
    
    echo "Starting Xray configuration setup..."
    
    # Find xray binary location
    XRAY_BIN=""
    for path in /usr/bin/xray /usr/local/bin/xray /bin/xray /opt/xray/xray; do
        if [ -x "$path" ]; then
            XRAY_BIN="$path"
            echo "Found Xray binary at: $XRAY_BIN"
            break
        fi
    done
    
    if [ -z "$XRAY_BIN" ]; then
        echo "Error: Xray binary not found"
        echo "Available files in common locations:"
        ls -la /usr/bin/xray* 2>/dev/null || echo "No xray in /usr/bin/"
        ls -la /usr/local/bin/xray* 2>/dev/null || echo "No xray in /usr/local/bin/"
        ls -la /bin/xray* 2>/dev/null || echo "No xray in /bin/"
        exit 1
    fi
    
    # Get Tailscale IP address
    TAILSCALE_IP=""
    
    # Try different ways to get Tailscale IP
    if command -v ip >/dev/null 2>&1; then
        TAILSCALE_IP=$(ip addr show tailscale0 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1 | head -n1)
    fi
    
    # Fallback: try to find any interface with 100.x.x.x IP (typical Tailscale range)
    if [ -z "$TAILSCALE_IP" ]; then
        TAILSCALE_IP=$(ip route get 8.8.8.8 2>/dev/null | grep -o 'src [0-9\.]*' | grep '100\.' | awk '{print $2}' | head -n1)
    fi
    
    # Another fallback: check all interfaces for 100.x.x.x
    if [ -z "$TAILSCALE_IP" ]; then
        TAILSCALE_IP=$(ip addr show 2>/dev/null | grep -o 'inet 100\.[0-9\.]*' | awk '{print $2}' | head -n1)
    fi
    
    # Final fallback: use localhost if no Tailscale IP found
    if [ -z "$TAILSCALE_IP" ]; then
        echo "Warning: Could not find Tailscale IP, using 127.0.0.1"
        TAILSCALE_IP="127.0.0.1"
    else
        echo "Found Tailscale IP: $TAILSCALE_IP"
    fi
    
    # Create config directory
    mkdir -p /usr/local/etc/xray
    
    # Replace TAILSCALE_IP placeholder in config template
    sed "s/TAILSCALE_IP/$TAILSCALE_IP/g" /config-template/config.json.template > /usr/local/etc/xray/config.json
    
    echo "Generated Xray config:"
    cat /usr/local/etc/xray/config.json
    
    # Increase file descriptor limits
    ulimit -n 65536 2>/dev/null || echo "Warning: Could not increase file descriptor limit"
    
    echo "Starting Xray with binary: $XRAY_BIN"
    exec "$XRAY_BIN" run -c /usr/local/etc/xray/config.json

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: xray-daemon
  labels:
    app: xray
spec:
  selector:
    matchLabels:
      app: xray
  template:
    metadata:
      labels:
        app: xray
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      nodeSelector:
        xray: "true"
      tolerations:
      - operator: Exists
        effect: NoSchedule
      containers:
      - name: xray
        image: teddysun/xray:latest
        command: ["/bin/sh"]
        args: ["/scripts/init.sh"]
        securityContext:
          privileged: true
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
        volumeMounts:
        - name: config-template
          mountPath: /config-template
          readOnly: true
        - name: init-script
          mountPath: /scripts
          readOnly: true
        - name: xray-config
          mountPath: /usr/local/etc/xray
        ports:
        - containerPort: 10086
          protocol: TCP
          name: api
        livenessProbe:
          tcpSocket:
            port: 10086
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          tcpSocket:
            port: 10086
          initialDelaySeconds: 5
          periodSeconds: 5
        resources:
          limits:
            memory: "512Mi"
            cpu: "500m"
          requests:
            memory: "256Mi"
            cpu: "250m"
      volumes:
      - name: config-template
        configMap:
          name: xray-config-template
          defaultMode: 0644
      - name: init-script
        configMap:
          name: xray-init-script
          defaultMode: 0755
      - name: xray-config
        emptyDir: {}
      restartPolicy: Always

---
apiVersion: v1
kind: Service
metadata:
  name: xray-api-service
  labels:
    app: xray
spec:
  type: ClusterIP
  ports:
  - port: 10086
    targetPort: 10086
    protocol: TCP
    name: api
  selector:
    app: xray