Merge branch 'rustdesk'

keepalived/keepalived.conf

@@ -20,6 +20,11 @@ vrrp_track_process rabbitmq {
     weight 90
 }
 
+vrrp_track_process hbbs {
+    process hbbs
+    weight 90
+}
+
 vrrp_instance ingress-nginx {
     state BACKUP
     priority 100
@@ -58,3 +63,16 @@ vrrp_instance rabbitmq {
         rabbitmq
     }
 }
+
+vrrp_instance hbbs {
+    state BACKUP
+    priority 100
+    interface ${INTERFACE}
+    virtual_router_id 54
+    virtual_ipaddress {
+        172.30.0.150/28
+    }
+    track_process {
+        hbbs
+    }
+}

keepalived/keepalived.yaml

@@ -18,7 +18,7 @@ spec:
         command:
         - sh
         - -c
-        - |
+        - | # bash
           printf '$INTERFACE=%s\n' \
             $(ip route | awk '/^default via/{print $5}') \
             > /run/keepalived.interface
@@ -28,7 +28,7 @@ spec:
           subPath: run
       containers:
       - name: keepalived
-        image: git.pyrocufflink.net/containerimages/keepalived:dev
+        image: git.pyrocufflink.net/containerimages/keepalived
         imagePullPolicy: Always
         command:
         - keepalived

rustdesk/kustomization.yaml

@@ -0,0 +1,36 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: rustdesk
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: rustdesk
+
+resources:
+- namespace.yaml
+- rustdesk.yaml
+- network-policy.yaml
+
+patches:
+- patch: |-
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: rustdesk
+    spec:
+      storageClassName: synology-iscsi
+
+- patch: |-
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: rustdesk
+    spec:
+      externalIPs:
+      - 172.30.0.150
+      externalTrafficPolicy: Local
+
+images:
+- name: docker.io/rustdesk/rustdesk-server
+  newTag: 1.1.14

rustdesk/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk

rustdesk/network-policy.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+spec:
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/part-of: rustdesk
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: kube-system
+      podSelector:
+        matchLabels:
+          k8s-app: kube-dns
+    ports:
+    - port: 53
+      protocol: UDP
+    - port: 53
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: rustdesk
+  policyTypes:
+  - Egress

rustdesk/rustdesk.yaml

@@ -0,0 +1,122 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk
+spec:
+  selector:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+  ports:
+  - port: 21115
+    name: nat-t
+  - port: 21116
+    name: hbbs-tcp
+    protocol: TCP
+  - port: 21116
+    name: hbbs-udp
+    protocol: UDP
+  - port: 21118
+    name: hbbs-web
+  - port: 21117
+    name: hbbr
+  - port: 21119
+    name: hbbr-web
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: rustdesk
+  labels:
+    app.kubernetes.io/name: rustdesk
+    app.kubernetes.io/component: rustdesk
+    app.kubernetes.io/part-of: rustdesk
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: rustdesk
+      app.kubernetes.io/component: rustdesk
+  serviceName: rustdesk
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: rustdesk
+        app.kubernetes.io/component: rustdesk
+        app.kubernetes.io/part-of: rustdesk
+    spec:
+      containers:
+      - name: hbbs
+        image: docker.io/rustdesk/rustdesk-server
+        imagePullPolicy: IfNotPresent
+        args:
+        - hbbs
+        env: &env
+        - name: XDG_CONFIG_HOME
+          value: /etc
+        - name: XDG_DATA_HOME
+          value: /var/lib/rustdesk
+        workingDir: &dir /var/lib/rustdesk
+        ports:
+        - containerPort: 21115
+          name: nat-t
+        - containerPort: 21116
+          name: hbbs-tcp
+          protocol: TCP
+        - containerPort: 21116
+          name: hbbs-udp
+          protocol: UDP
+        - containerPort: 21118
+          name: hbbs-web
+        securityContext:
+          readOnlyRootFilesystem: true
+        volumeMounts: &mounts
+        - mountPath: /etc/rustdesk
+          name: rustdesk-data
+          subPath: config
+        - mountPath: /var/lib/rustdesk
+          name: rustdesk-data
+          subPath: data
+      - name: hbbr
+        image: docker.io/rustdesk/rustdesk-server
+        imagePullPolicy: IfNotPresent
+        env: *env
+        workingDir: *dir
+        args:
+        - hbbr
+        ports:
+        - containerPort: 21117
+          name: hbbr
+        - containerPort: 21119
+          name: hbbr-web
+        securityContext:
+          readOnlyRootFilesystem: true
+        volumeMounts: *mounts
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 21115
+        runAsGroup: 21115
+        fsGroup: 21115
+      volumes:
+      - name: rustdesk-data
+        persistentVolumeClaim:
+          claimName: rustdesk