From 56d25766665e68193a7990046b8de68101ab0835 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 12 Dec 2024 15:50:20 +0100 Subject: [PATCH] Add team-fortress-2 server --- common/environments.yaml | 2 +- installations/games/helmfile.yaml | 12 +++++ kustomizations/kyverno/pvc-patch.yaml | 4 ++ .../secrets.team-fortress-2.yaml | 47 +++++++++++++++++++ .../values.local-path-provisioner.yaml | 6 +++ values/badhouseplants/values.namespaces.yaml | 1 + .../values.team-fortress-2.yaml | 43 +++++++++++++++++ values/badhouseplants/values.traefik.yaml | 12 +++++ values/common/values.tcp-route.yaml | 17 +++++++ values/common/values.udp-route.yaml | 4 +- 10 files changed, 145 insertions(+), 3 deletions(-) create mode 100644 values/badhouseplants/secrets.team-fortress-2.yaml create mode 100644 values/badhouseplants/values.local-path-provisioner.yaml create mode 100644 values/badhouseplants/values.team-fortress-2.yaml diff --git a/common/environments.yaml b/common/environments.yaml index 7d653be..c611191 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -11,7 +11,7 @@ environments: - backups: enabled: false - localpath: - enabled: false + enabled: true - openebs: enabled: true - postgres17: diff --git a/installations/games/helmfile.yaml b/installations/games/helmfile.yaml index 75e475a..9759786 100644 --- a/installations/games/helmfile.yaml +++ b/installations/games/helmfile.yaml @@ -6,6 +6,9 @@ repositories: url: https://bedag.github.io/helm-charts/ - name: minecraft url: https://itzg.github.io/minecraft-server-charts/ + - name: allangers-charts + url: ghcr.io/allanger/allangers-charts + oci: true releases: - name: minecraft chart: minecraft/minecraft @@ -15,3 +18,12 @@ releases: - template: ext-tcp-routes - template: default-env-values - template: default-env-secrets + + - name: team-fortress-2 + chart: allangers-charts/team-fortress-2 + namespace: team-fortress-2 + version: 0.1.2 + inherit: + - template: ext-tcp-routes + - template: default-env-values + - template: default-env-secrets diff --git a/kustomizations/kyverno/pvc-patch.yaml b/kustomizations/kyverno/pvc-patch.yaml index 7691430..381692d 100644 --- a/kustomizations/kyverno/pvc-patch.yaml +++ b/kustomizations/kyverno/pvc-patch.yaml @@ -10,6 +10,10 @@ spec: - resources: kinds: - PersistentVolumeClaim + namespaces: + - games + - application + - platform mutate: patchStrategicMerge: metadata: diff --git a/values/badhouseplants/secrets.team-fortress-2.yaml b/values/badhouseplants/secrets.team-fortress-2.yaml new file mode 100644 index 0000000..5cafb7f --- /dev/null +++ b/values/badhouseplants/secrets.team-fortress-2.yaml @@ -0,0 +1,47 @@ +env: + secrets: + sensitive: ENC[AES256_GCM,data:QKu+Xg==,iv:eAP8PIvxGq7UOwNJQnyHOYE+mKLnbjEUrZSFk8uPqyA=,tag:htZqjETH91yEhAX/6Xgl/w==,type:bool] + enabled: ENC[AES256_GCM,data:hGszyg==,iv:xqmXykt3WPrVDwxMNxm6BZhJTbIpD+G8/eQv8MG7HI4=,tag:IJn6m6+hPD4eM1WwTLxLYA==,type:bool] + data: + SRCDS_TOKEN: ENC[AES256_GCM,data:2ilNJSRy8F1kl1GMr2Ad8bnK2ZHbgpDZqPEUfb/0J/0=,iv:0IJeLqOT9m3q2Lief6TLxHqRFJeMr5m6MEClziQfOZ4=,tag:i3czXPc5EhARHYt1HbhHnw==,type:str] + SRCDS_WORKSHOP_AUTHKEY: ENC[AES256_GCM,data:hOUKQ5+qulrM4iqbZhzYM/bU09eB5B4pyLZ0EhbtT+c=,iv:zL82fYER9gA7zVRxoagMad2UNjusSuLVlbGaUrirvbg=,tag:2VDaRFeWo1dci/hQIhS/+w==,type:str] + SRCDS_RCONPW: ENC[AES256_GCM,data:cwvHxhCZ6Wk=,iv:LVklzE2DY5JZH5QTd73f6HERrUVH6+Ee/r+Mo2lVe+8=,tag:yUYF8a25KjUabvOO1nWp8g==,type:str] + SRCDS_PW: ENC[AES256_GCM,data:IxgvQ+tj5Ss=,iv:jYA07esoyKfUfc5fCllehoM+wkjVZOOaEu3g+xNp8tI=,tag:dsgr+UGU/dXuqliiBn8erw==,type:str] +files: + servercfg: + sensitive: ENC[AES256_GCM,data:/2rGjA==,iv:0+CWB1FdaI7e95NlyjZ5sZs9U/7J5JYZx+WcFfj4CQM=,tag:lzO9Gmeoz38gsiYu9eLMsQ==,type:bool] + entries: + server.cfg: + data: ENC[AES256_GCM,data:dZBrwvsHXMq5TEb4ctGWKuNQGmifv9ylgJ9ffwf08TglE5Rhxs6pzu+GApEG8wo4xm/rkZZ34bVViuXSiqmtELToj4zuk3mlApQeSgixEngKDYceZwxdsZwFYrE6T9P8x4JfL8S+DbupD+hMV8qRVeceAcaXBm9Y/ZgD8yCt5r4YCrlgWcvEnG6PyG4SAsS5M18VpB25Qhb9JaVYj/MiwkgX1500igFDHlWdFEfvRPBQYQ2kEZsK/aSB1PvEnlflhFgOKnqW1aGWHQdJ3u9PhWh4LLM2j7hydb6sGLlDg2hiDw7qVUbI2taRhzjTYCPnumvpsGoscCQKJE3n8wQ5qcfbB0WBhjnrHWWEXOPNFS3coFpHEXV4A73drairYSoZIQIvsgiyB1Fo4tqbkFUOYrUpCn9a4+rvOgmdr88i7V4U9FwckQ0KUYSHT6UjiAUHwTm2/SqLGEZPq7RX+asU6vRPrPYu4VMzFOOy6//Z9sfEcEGEE4AXBrintJ07HxBsLi2C8twWUuMyu9CJIBl/p0Fijsbxvz0jXBvnPbsH4BkBk66Dp/9tkiZPjh15OCBB7TtPTDnYuLCXJUN1DwpC+HEEpbgD5phTsuBeMPJ+8zv9U46P8y/OYweXfD8w0O/rWUyw+ocohBjkYvMBr3UDzPmNr1p5AGFqhbNOZJPxQ3ciEv/J3GZZn5iq88Kj0Vo4TM8lmPHAZVqCqDW4aUsnCCqJQ7GkPpNz6IS60l+JXNSBPtL+80serwNXwBccgpyB9fFRixLdGAbGcG847/g0q3Rk3IDkipzYyIiZX2lR5+0ov8WkZUXAUHpqFAEu0rZpFuc3HtuozVqjw4Mibrd2WjaSa6O3zVwvMrdUVXyLLzSIp8TH2GvdbH1VcKj+AhMzK7r01IllNaumA6BAH/RKh6XWOwyrlL0fGZloaQYcD1vz7krMjXwe0DXsWr0srHbr9yqTY6508jI7YUI9byvYsjfe4DxJJkiZo4LHDSaXnvZLKePcRFaipNgZWxGwCkaH/OW72ySM0zleuAhsAygFl6fgL48onv6M+S0jx5QAr8KG593XyLiCoh7afHCBZ1j+EiQ7AHW9e4MDsR7COjHUe2AHSNyGMCwoR43sY4c6vBtpoZHBKoevJEpLICsbAjkVB5yYkxzDR9u7+wmXzMS8109hViF2YtXeQ9/H+h1/eGohUvHeu2PWFQmW16NCCzPt8ZJASagmAOz1nSUz+owCva5UOahPm9VRckUYriRfcLazrC0IyrBJyNLDiXkvD7iXWVuUm2VwdPXefhlrIn0ZungssiyalxZHkEUAGDbc7CBLmwiB5fEDDaTokVpPZnJOx57mdMADcxA6+qKW4Ooi4IbFHsuxFMYGpXD3csmSFDc8Nmbau+RATz5NsjiDBmyGRGpSFG/79awjeihQHBL65jyKP3zrLUJHDeP+0Inkk/XXKNmVw+YNSvpNu+ga4PANkOZFk9fhrZg+sD2HOHzKIwXxihyZHIHDMUzv1a1jLKpTACa1i+0mdih/rtbNg8D/5uIpAuSUMZo=,iv:yakHdGa4RzyPeDfbiCZoGTFhnFgxCNcdwUtP1dsGhms=,tag:MyOtEHAfPDmlinQwS8JNQw==,type:str] + motd: + sensitive: ENC[AES256_GCM,data:t5cbqiE=,iv:WwHSfvG5eQURQTVP2KQ9OFvCKw9vqtlzZbEmn/lv+cg=,tag:OuPlOUptQOChYcC1Ept3PA==,type:bool] + enabled: ENC[AES256_GCM,data:4EEw/Q==,iv:cv3ixxGCCn3bLd5RR36ZhdDp1F3s03YIAjmyuDZenkE=,tag:wQi2l6GUI9OklirAlY1gaw==,type:bool] + entries: + motd.txt: + data: ENC[AES256_GCM,data:4zcQEGgc/wIkrJnYBw+ZxkNb7Prnch1zFiMOR0lDDR6/raeY4/e1lEeKGot1ZB98RXzohvZirHCPeQ==,iv:uvIW4dLDP3zWyOTSCIN/hb0GIHtIAEYy97dhCp6Y+b8=,tag:vS7/CXWK5SQu4IjLOXDuGQ==,type:str] + maps: + sensitive: ENC[AES256_GCM,data:7WsG5R0=,iv:HdTgsE4DhX0knJYdXbQ2T9Q21YucYwVM4DrcAhiFyK0=,tag:LqVuR20023UEa1V4AE0LWA==,type:bool] + enabled: ENC[AES256_GCM,data:JPpi+A==,iv:chn+v7RCtEJ+MfEAu66OHc1Nbl6nU3GS+ieTmT7G7dA=,tag:/7tBL/TIPDGvxObE2rAvvQ==,type:bool] + entries: + pl_maps.txt: + data: ENC[AES256_GCM,data:WN/YFxdUy4/WYYrzywYYpMA7EEVPlb95Hz+asvV1myFzAJJ2ew27s8D5nIcg0S9eZyyvzTV2qoI3fkXYR5e9F7ItVAuEgZIT7rKLFczr2m1K5r8by8fH+oHvCxmfbK6WuqY9mDwdYZEYn1iBpOyfb+qvEEr2g6rjNYESnpu0Bf25EHWZq2L84qaoYjLDa4m0BBMlvy9xdKl0fOrqHAPQR4hzCMSRdSLRbKBMLhNybhzytgbWV+1sw+oyNs4iEmAayz+AglHgHketzDSXEwEVMA/zfFqv22lBpPjSzmm/QRdIjXI6i77u2W+mNn+OZ/6m16QEKBHM4EdMoJE96Eu8cC3KnrdYvwyqoiz5t9HcaL6ucp9Sbqq0tvfp8U1X3gEo093yonxtcXIy79/PBJAboo8frzg6mMqntYgNEigsrk73dL754Qgs7b9bHRA2DpWqin8LF4lS4zMKiREFGaQb1fGlNVgpM5ES3TEQ4JyhnVTQHXjnr97On+ebri0u5YOxYoyTpiXEdNwM3lxlb1mEiEFr8k1h67yixrFFZOcM9XUGnQBpYdwXY+bWpwgtulTRKI/iVGaof4uKsaZvkOZGkESR1IOZHlm4NOdshGP1etnprBMTozsrnA3/R2Z/JWVISRlAdgwLDuNawgY2GKn9Bbe3nWU+a8FwifTpKnIk/AB9BwZE4dSvpz7GqY80BVtG7PHj4RiKY8nDO4e1y3wZO7yCPXW4wum6dsmtcR2m2MB+lCDUEbFKLIiuCu2YDo6yvDs2FOF4ht+WmfZnQZmSPa1e1In8IKMbpUvyXp+odVjHqgdGBVv1+M+4VDIHE0Xb4HTm5bpn6/cGi5xQQQtj,iv:+PG9OEQKYZE8dcWtdtXZ6qhsr1P3iTB8XqLVtqHqDgY=,tag:cU1TNcFmarl0e/JtLYPNpg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcXNQRjZCQUpka0RFYXNm + RVRsQU0wWFBKQXpMcGIwZnEwUFJoUkdWL1RJCjhoWTBjSEdwUktINm5XcFQ0TFZ6 + QmxIN0Z1c3hiVGFhNWRwVHRmWUlNR00KLS0tIERJemJTNENXM29xb2d3cVRkRzRZ + Zkg5QUhtM3lLeWZGbCt5WldXRVljemsKT4DIMJfAVRpedIcjUoA1QWz0AoWcwM3T + GEoeTRyzxM/913pQ2TzVfl99ilg+AXJddr/P5Av9NebU5SBRRL0/AA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-07T15:50:40Z" + mac: ENC[AES256_GCM,data:aaQG5T1nOmp8uaC0UDfXRNOsxRc+5D3ctQ1rU3GL3Tzm+xdRNgGI0JNPoihZv3/lkZACGWJe68/y6aEGw14AMMzEjVVw0tvuHdvkVblSBkE9guvkrCzv7uDvbei5Miy0vBpdmTN0AeiQ52l/OYa5Dkb6MhDDDyd6X89dxtAq+P8=,iv:KnDue0Qv/tjNapFeZ91drHi+shXvWjTQJd45mpHPxUI=,tag:ntmZ8u3qCwbjPygLv3PAZw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/values/badhouseplants/values.local-path-provisioner.yaml b/values/badhouseplants/values.local-path-provisioner.yaml new file mode 100644 index 0000000..d266c87 --- /dev/null +++ b/values/badhouseplants/values.local-path-provisioner.yaml @@ -0,0 +1,6 @@ +storageClass: + create: true + defaultClass: false + defaultVolumeType: local + reclaimPolicy: Delete + volumeBindingMode: Immediate diff --git a/values/badhouseplants/values.namespaces.yaml b/values/badhouseplants/values.namespaces.yaml index 00a79dd..3a32bd4 100644 --- a/values/badhouseplants/values.namespaces.yaml +++ b/values/badhouseplants/values.namespaces.yaml @@ -6,5 +6,6 @@ namespaces: - name: applications - name: platform - name: games + - name: team-fortress-2 - name: pipelines - name: public-xray diff --git a/values/badhouseplants/values.team-fortress-2.yaml b/values/badhouseplants/values.team-fortress-2.yaml new file mode 100644 index 0000000..7e0eff3 --- /dev/null +++ b/values/badhouseplants/values.team-fortress-2.yaml @@ -0,0 +1,43 @@ +workload: + kind: Deployment + containers: + tf2: + mounts: + files: + maps: + mode: 420 + path: /home/steam/tf-dedicated/tf/cfg/pl_maps.txt + subPath: pl_maps.txt + motd: + mode: 420 + path: /home/steam/tf-dedicated/tf/cfg/motd.txt + subPath: motd.txt + +traefik: + enabled: true + tcpRoutes: + - name: team-fortress-2 + service: team-fortress-2-rcon + match: HostSNI(`*`) + entrypoint: tf2-rcon + port: 27015 + udpRoutes: + - name: team-fortress-2 + service: team-fortress-2-tf2 + match: HostSNI(`*`) + entrypoint: tf2 + port: 27015 + +storage: + data: + storageClassName: local-path + size: 19G + annotations: + volume.kubernetes.io/selected-node: bordeaux + +env: + environment: + sensitive: false + data: + SRCDS_STARTMAP: "pl_goldrush" + SRCDS_HOSTNAME: "I hate CS2" diff --git a/values/badhouseplants/values.traefik.yaml b/values/badhouseplants/values.traefik.yaml index 7a8425d..5fd7a62 100644 --- a/values/badhouseplants/values.traefik.yaml +++ b/values/badhouseplants/values.traefik.yaml @@ -113,3 +113,15 @@ ports: exposedPort: 8388 expose: default: true + tf2: + port: 37015 + protocol: UDP + exposedPort: 37015 + expose: + default: true + tf2-rcon: + port: 37015 + protocol: TCP + exposedPort: 37015 + expose: + default: true diff --git a/values/common/values.tcp-route.yaml b/values/common/values.tcp-route.yaml index ef1564c..95d55e9 100644 --- a/values/common/values.tcp-route.yaml +++ b/values/common/values.tcp-route.yaml @@ -21,3 +21,20 @@ traefik: version: {{ .proxyProtocolVersion }} {{- end }} {{- end }} + - | + {{ range .Values.udpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteUDP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- end }} diff --git a/values/common/values.udp-route.yaml b/values/common/values.udp-route.yaml index 099a09b..d77ca7f 100644 --- a/values/common/values.udp-route.yaml +++ b/values/common/values.udp-route.yaml @@ -1,7 +1,7 @@ -traefik-udp: +traefik: templates: - | - {{ range .Values.tcpRoutes }} + {{ range .Values.udpRoutes }} --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteUDP