rustdesk: Initial deployment

Rust Desk is a remote assistance software solution.  The open source
edition is sufficient for what I want to do with it, namely: help Mom
and Dad troubleshoot issues on their PCs.  Mom is currently having
trouble with the Nextcloud sync client, so I need to be able to help her
with that.

rustdesk/kustomization.yaml

@@ -0,0 +1,36 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: rustdesk
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: rustdesk
+
+resources:
+- namespace.yaml
+- rustdesk.yaml
+- network-policy.yaml
+
+patches:
+- patch: |-
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: rustdesk
+    spec:
+      storageClassName: synology-iscsi
+
+- patch: |-
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: rustdesk
+    spec:
+      externalIPs:
+      - 172.30.0.150
+      externalTrafficPolicy: Local
+
+images:
+- name: docker.io/rustdesk/rustdesk-server
+  newTag: 1.1.14

rustdesk/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk

rustdesk/network-policy.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+spec:
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/part-of: rustdesk
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: kube-system
+      podSelector:
+        matchLabels:
+          k8s-app: kube-dns
+    ports:
+    - port: 53
+      protocol: UDP
+    - port: 53
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: rustdesk
+  policyTypes:
+  - Egress

rustdesk/rustdesk.yaml

@@ -0,0 +1,122 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk
+spec:
+  selector:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+  ports:
+  - port: 21115
+    name: nat-t
+  - port: 21116
+    name: hbbs-tcp
+    protocol: TCP
+  - port: 21116
+    name: hbbs-udp
+    protocol: UDP
+  - port: 21118
+    name: hbbs-web
+  - port: 21117
+    name: hbbr
+  - port: 21119
+    name: hbbr-web
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: rustdesk
+      app.kubernetes.io/component: rustdesk
+  serviceName: rustdesk
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: rustdesk
+        app.kubernetes.io/component: rustdesk
+        app.kubernetes.io/part-of: rustdesk
+    spec:
+      containers:
+      - name: hbbs
+        image: docker.io/rustdesk/rustdesk-server
+        imagePullPolicy: IfNotPresent
+        args:
+        - hbbs
+        env: &env
+        - name: XDG_CONFIG_HOME
+          value: /etc
+        - name: XDG_DATA_HOME
+          value: /var/lib/rustdesk
+        workingDir: &dir /var/lib/rustdesk
+        ports:
+        - containerPort: 21115
+          name: nat-t
+        - containerPort: 21116
+          name: hbbs-tcp
+          protocol: TCP
+        - containerPort: 21116
+          name: hbbs-udp
+          protocol: UDP
+        - containerPort: 21118
+          name: hbbs-web
+        securityContext:
+          readOnlyRootFilesystem: true
+        volumeMounts: &mounts
+        - mountPath: /etc/rustdesk
+          name: rustdesk-data
+          subPath: config
+        - mountPath: /var/lib/rustdesk
+          name: rustdesk-data
+          subPath: data
+      - name: hbbr
+        image: docker.io/rustdesk/rustdesk-server
+        imagePullPolicy: IfNotPresent
+        env: *env
+        workingDir: *dir
+        args:
+        - hbbr
+        ports:
+        - containerPort: 21117
+          name: hbbr
+        - containerPort: 21119
+          name: hbbr-web
+        securityContext:
+          readOnlyRootFilesystem: true
+        volumeMounts: *mounts
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 21115
+        runAsGroup: 21115
+        fsGroup: 21115
+      volumes:
+      - name: rustdesk-data
+        persistentVolumeClaim:
+          claimName: rustdesk