forked from ab/homelab
183 lines
5.8 KiB
YAML
183 lines
5.8 KiB
YAML
|
---
|
||
|
|
apiVersion: v1
|
||
|
|
kind: ConfigMap
|
||
|
|
metadata:
|
||
|
|
name: shadowbox-prometheus-config
|
||
|
|
namespace: vpn
|
||
|
|
data:
|
||
|
|
config.yml: |
|
||
|
|
global:
|
||
|
|
scrape_interval: 1m
|
||
|
|
remote_write:
|
||
|
|
- url: "https://prom.hexor.cy/api/v1/write"
|
||
|
|
basic_auth:
|
||
|
|
username: "_PROM_USER_"
|
||
|
|
password: "_PROM_PASS_"
|
||
|
|
scrape_configs:
|
||
|
|
- job_name: outline_vpn
|
||
|
|
static_configs:
|
||
|
|
- targets:
|
||
|
|
- '127.0.0.1:9092'
|
||
|
|
relabel_configs:
|
||
|
|
- source_labels: [__address__]
|
||
|
|
target_label: instance
|
||
|
|
replacement: "_HOSTNAME_"
|
||
|
|
- target_label: k8s_app
|
||
|
|
replacement: true
|
||
|
|
|
||
|
|
---
|
||
|
|
apiVersion: apps/v1
|
||
|
|
kind: DaemonSet
|
||
|
|
metadata:
|
||
|
|
name: shadowbox
|
||
|
|
namespace: vpn
|
||
|
|
annotations:
|
||
|
|
reloader.stakater.com/auto: "true"
|
||
|
|
spec:
|
||
|
|
selector:
|
||
|
|
matchLabels:
|
||
|
|
app: shadowbox
|
||
|
|
template:
|
||
|
|
metadata:
|
||
|
|
labels:
|
||
|
|
app: shadowbox
|
||
|
|
spec:
|
||
|
|
hostNetwork: true
|
||
|
|
initContainers:
|
||
|
|
- name: cert-generator
|
||
|
|
image: finalgene/openssh:latest
|
||
|
|
command: ["/bin/sh", "-c"]
|
||
|
|
args:
|
||
|
|
- |
|
||
|
|
openssl x509 -noout -fingerprint -sha256 -inform pem -in /certs/shadowbox.crt | sed "s/://g" | sed 's/.*=//' > /cache/certSha256 ;
|
||
|
|
volumeMounts:
|
||
|
|
- name: cert-volume
|
||
|
|
mountPath: /certs
|
||
|
|
- name: server-config-volume
|
||
|
|
mountPath: /cache
|
||
|
|
- name: get-external-ip
|
||
|
|
image: curlimages/curl:latest
|
||
|
|
command: ["/bin/sh", "-c"]
|
||
|
|
args:
|
||
|
|
- |
|
||
|
|
IP=$(curl -s -4 ifconfig.io);
|
||
|
|
echo "External IP is: $IP";
|
||
|
|
echo $IP > /cache/external_ip;
|
||
|
|
volumeMounts:
|
||
|
|
- name: server-config-volume
|
||
|
|
mountPath: /cache
|
||
|
|
- name: manager-config-json
|
||
|
|
image: busybox
|
||
|
|
command: ["/bin/sh", "-c"]
|
||
|
|
env:
|
||
|
|
- name: SB_API_PREFIX
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: SB_API_PREFIX
|
||
|
|
- name: SB_API_PORT
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: SB_API_PORT
|
||
|
|
args:
|
||
|
|
- |
|
||
|
|
OUTLINE_HOSTNAME=$(cat /cache/external_ip);
|
||
|
|
CERT_SHA256=$(cat /cache/certSha256);
|
||
|
|
echo "{
|
||
|
|
\"apiUrl\": \"https://$OUTLINE_HOSTNAME:$SB_API_PORT/$SB_API_PREFIX\",
|
||
|
|
\"certSha256\": \"$CERT_SHA256\"
|
||
|
|
}"
|
||
|
|
volumeMounts:
|
||
|
|
- name: server-config-volume
|
||
|
|
mountPath: /cache
|
||
|
|
affinity:
|
||
|
|
nodeAffinity:
|
||
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
|
nodeSelectorTerms:
|
||
|
|
- matchExpressions:
|
||
|
|
- key: outline-server
|
||
|
|
operator: Exists
|
||
|
|
containers:
|
||
|
|
- name: prom
|
||
|
|
image: prom/prometheus
|
||
|
|
command: ["/bin/sh", "-c"]
|
||
|
|
env:
|
||
|
|
- name: PROM_USER
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: PROM_USER
|
||
|
|
- name: PROM_PASS
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: PROM_PASS
|
||
|
|
args:
|
||
|
|
- |
|
||
|
|
cat /prometheus/config.yml | sed -e "s/_HOSTNAME_/${HOSTNAME}/g" -e "s/_PROM_PASS_/${PROM_PASS}/g" -e "s/_PROM_USER_/${PROM_USER}/g" > /prometheus/real_config.yml &&
|
||
|
|
exec prometheus --config.file=/prometheus/real_config.yml --log.level=info --web.enable-lifecycle --web.enable-admin-api --web.listen-address=127.0.0.1:3478
|
||
|
|
volumeMounts:
|
||
|
|
- name: prometheus-config-volume
|
||
|
|
mountPath: /prometheus/config.yml
|
||
|
|
subPath: config.yml
|
||
|
|
- name: shadowbox
|
||
|
|
image: ultradesu/shadowbox:latest
|
||
|
|
ports:
|
||
|
|
- containerPort: 1257
|
||
|
|
protocol: TCP
|
||
|
|
- containerPort: 1285
|
||
|
|
protocol: TCP
|
||
|
|
env:
|
||
|
|
- name: SB_API_PREFIX
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: SB_API_PREFIX
|
||
|
|
- name: SB_API_PORT
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: SB_API_PORT
|
||
|
|
- name: SB_CLIENT_PORT
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: outline-config
|
||
|
|
key: SB_CLIENT_PORT
|
||
|
|
- name: SB_CERTIFICATE_FILE
|
||
|
|
value: /certs/shadowbox.crt
|
||
|
|
- name: SB_PRIVATE_KEY_FILE
|
||
|
|
value: /certs/shadowbox.key
|
||
|
|
lifecycle:
|
||
|
|
postStart:
|
||
|
|
exec:
|
||
|
|
command:
|
||
|
|
- /bin/sh
|
||
|
|
- "-c"
|
||
|
|
- >-
|
||
|
|
OUTLINE_HOSTNAME=$(cat /cache/external_ip); echo '{"rollouts":[{"id":"single-port","enabled":true}],"portForNewAccessKeys":1257,"hostname":"'"$OUTLINE_HOSTNAME"'"}' > /root/shadowbox/persisted-state/shadowbox_server_config.json;
|
||
|
|
volumeMounts:
|
||
|
|
- name: server-config-volume
|
||
|
|
mountPath: /opt/outline
|
||
|
|
- name: server-config-volume
|
||
|
|
mountPath: /root/shadowbox/persisted-state
|
||
|
|
- name: server-config-volume
|
||
|
|
mountPath: /cache
|
||
|
|
- name: cert-volume
|
||
|
|
mountPath: /certs/
|
||
|
|
volumes:
|
||
|
|
- name: server-config-volume
|
||
|
|
emptyDir: {}
|
||
|
|
- name: cert-volume
|
||
|
|
secret:
|
||
|
|
secretName: outline-config
|
||
|
|
items:
|
||
|
|
- key: shadowbox.crt
|
||
|
|
path: shadowbox.crt
|
||
|
|
- key: shadowbox.key
|
||
|
|
path: shadowbox.key
|
||
|
|
- name: prometheus-config-volume
|
||
|
|
configMap:
|
||
|
|
name: shadowbox-prometheus-config
|
||
|
|
|