diff --git a/keepalived/keepalived.conf b/keepalived/keepalived.conf index 246e287..fc54666 100644 --- a/keepalived/keepalived.conf +++ b/keepalived/keepalived.conf @@ -20,6 +20,11 @@ vrrp_track_process rabbitmq { weight 90 } +vrrp_track_process hbbs { + process hbbs + weight 90 +} + vrrp_instance ingress-nginx { state BACKUP priority 100 @@ -58,3 +63,16 @@ vrrp_instance rabbitmq { rabbitmq } } + +vrrp_instance hbbs { + state BACKUP + priority 100 + interface ${INTERFACE} + virtual_router_id 54 + virtual_ipaddress { + 172.30.0.150/28 + } + track_process { + hbbs + } +} diff --git a/keepalived/keepalived.yaml b/keepalived/keepalived.yaml index d543ff0..50fcc98 100644 --- a/keepalived/keepalived.yaml +++ b/keepalived/keepalived.yaml @@ -18,7 +18,7 @@ spec: command: - sh - -c - - | + - | # bash printf '$INTERFACE=%s\n' \ $(ip route | awk '/^default via/{print $5}') \ > /run/keepalived.interface @@ -28,7 +28,7 @@ spec: subPath: run containers: - name: keepalived - image: git.pyrocufflink.net/containerimages/keepalived:dev + image: git.pyrocufflink.net/containerimages/keepalived imagePullPolicy: Always command: - keepalived diff --git a/rustdesk/kustomization.yaml b/rustdesk/kustomization.yaml new file mode 100644 index 0000000..018025e --- /dev/null +++ b/rustdesk/kustomization.yaml @@ -0,0 +1,36 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: rustdesk + +labels: +- pairs: + app.kubernetes.io/instance: rustdesk + +resources: +- namespace.yaml +- rustdesk.yaml +- network-policy.yaml + +patches: +- patch: |- + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: rustdesk + spec: + storageClassName: synology-iscsi + +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: rustdesk + spec: + externalIPs: + - 172.30.0.150 + externalTrafficPolicy: Local + +images: +- name: docker.io/rustdesk/rustdesk-server + newTag: 1.1.14 diff --git a/rustdesk/namespace.yaml b/rustdesk/namespace.yaml new file mode 100644 index 0000000..6ec7dc2 --- /dev/null +++ b/rustdesk/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: rustdesk + labels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + app.kubernetes.io/part-of: rustdesk diff --git a/rustdesk/network-policy.yaml b/rustdesk/network-policy.yaml new file mode 100644 index 0000000..e2528e0 --- /dev/null +++ b/rustdesk/network-policy.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: rustdesk + labels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk +spec: + egress: + - to: + - podSelector: + matchLabels: + app.kubernetes.io/part-of: rustdesk + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/component: rustdesk + policyTypes: + - Egress diff --git a/rustdesk/rustdesk.yaml b/rustdesk/rustdesk.yaml new file mode 100644 index 0000000..d213fa5 --- /dev/null +++ b/rustdesk/rustdesk.yaml @@ -0,0 +1,122 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: rustdesk + labels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + app.kubernetes.io/part-of: rustdesk +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: rustdesk + labels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + app.kubernetes.io/part-of: rustdesk +spec: + selector: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + ports: + - port: 21115 + name: nat-t + - port: 21116 + name: hbbs-tcp + protocol: TCP + - port: 21116 + name: hbbs-udp + protocol: UDP + - port: 21118 + name: hbbs-web + - port: 21117 + name: hbbr + - port: 21119 + name: hbbr-web + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: rustdesk + labels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + app.kubernetes.io/part-of: rustdesk +spec: + selector: + matchLabels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + serviceName: rustdesk + template: + metadata: + labels: + app.kubernetes.io/name: rustdesk + app.kubernetes.io/component: rustdesk + app.kubernetes.io/part-of: rustdesk + spec: + containers: + - name: hbbs + image: docker.io/rustdesk/rustdesk-server + imagePullPolicy: IfNotPresent + args: + - hbbs + env: &env + - name: XDG_CONFIG_HOME + value: /etc + - name: XDG_DATA_HOME + value: /var/lib/rustdesk + workingDir: &dir /var/lib/rustdesk + ports: + - containerPort: 21115 + name: nat-t + - containerPort: 21116 + name: hbbs-tcp + protocol: TCP + - containerPort: 21116 + name: hbbs-udp + protocol: UDP + - containerPort: 21118 + name: hbbs-web + securityContext: + readOnlyRootFilesystem: true + volumeMounts: &mounts + - mountPath: /etc/rustdesk + name: rustdesk-data + subPath: config + - mountPath: /var/lib/rustdesk + name: rustdesk-data + subPath: data + - name: hbbr + image: docker.io/rustdesk/rustdesk-server + imagePullPolicy: IfNotPresent + env: *env + workingDir: *dir + args: + - hbbr + ports: + - containerPort: 21117 + name: hbbr + - containerPort: 21119 + name: hbbr-web + securityContext: + readOnlyRootFilesystem: true + volumeMounts: *mounts + securityContext: + runAsNonRoot: true + runAsUser: 21115 + runAsGroup: 21115 + fsGroup: 21115 + volumes: + - name: rustdesk-data + persistentVolumeClaim: + claimName: rustdesk