badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 8 Actions Packages Projects Releases Activity

Configuring xray

Browse Source 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
This commit is contained in:
Nikolai Rodionov 2025-05-13 10:24:31 +02:00
parent 88f2e90119
commit e5114fcbb3
7 changed files with 71 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
kustomizations/external-service-xray/service.yaml
View File

@ -3,7 +3,7 @@ kind: Service
metadata: metadata:
name: xray-external-proxy name: xray-external-proxy
spec: spec:
externalName: xray-public.badhouseplants.net externalName: apfelkuchen.badhouseplants.net
sessionAffinity: None sessionAffinity: None
type: ExternalName type: ExternalName
--- ---
@ -19,5 +19,4 @@ spec:
services: services:
- name: xray-external-proxy - name: xray-external-proxy
nativeLB: true nativeLB: true
port: 27015 port: 443

17
manifests/external-dns/external-dns.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: xray-public-edge
namespace: platform
spec:
endpoints:
- dnsName: apfelkuchen.badhouseplants.net
recordTTL: 60
recordType: A
targets:
- 195.201.249.91
- dnsName: tiramisu.badhouseplants.net
recordTTL: 60
recordType: A
targets:
- 195.201.249.91

20
values/badhouseplants/public-xray/server-xray-public-edge/secrets.yaml
View File

File diff suppressed because one or more lines are too long

258
values/badhouseplants/public-xray/server-xray-public-edge/values.yaml
View File

@ -1,13 +1,13 @@
certificate: certificate:
enabled: true enabled: true
certificate: certificate:
- name: xray-public-edge.badhouseplants.net - name: apfelkuchen.badhouseplants.net
secretName: xray-public-edge.badhouseplants.net secretName: apfelkuchen.badhouseplants.net
issuer: issuer:
kind: ClusterIssuer kind: ClusterIssuer
name: badhouseplants-issuer-http01 name: badhouseplants-issuer-http01
dnsNames: dnsNames:
- xray-public-edge.badhouseplants.net - apfelkuchen.badhouseplants.net
workload: workload:
replicas: 1 replicas: 1
containers: containers:
@ -19,27 +19,30 @@ workload:
traefik: traefik:
enabled: true enabled: true
tcpRoutes: tcpRoutes:
- name: server-xray-public-edge - name: server-apfelkuchen
service: server-xray-public-edge-xray-https service: server-xray-public-edge-xray-https
match: HostSNI(`*`) match: HostSNI(`apfelkuchen.badhouseplants.net`)
entrypoint: xray-edge entrypoint: websecure
port: 443 port: 443
tls:
secretName: apfelkuchen.badhouseplants.net
passthrough: true
- name: server-shadowsocks-public-edge-tcp - name: server-shadowsocks-public-edge-tcp
service: server-xray-public-edge-shadowsocks-tcp service: server-apfelkuchen-shadowsocks-tcp
match: HostSNI(`*`) match: HostSNI(`*`)
entrypoint: ssocks-etcp entrypoint: ssocks-etcp
port: 8443 port: 8443
udpRoutes: udpRoutes:
- name: server-shadowsocks-public-edge-udp - name: server-shadowsocks-public-edge-udp
service: server-xray-public-edge-shadowsocks-udp service: server-apfelkuchen-shadowsocks-udp
match: HostSNI(`*`) match: HostSNI(`*`)
entrypoint: ssocks-eudp entrypoint: ssocks-eudp
port: 8443 port: 8443
shortcuts: shortcuts:
hostname: xray-public-edge.badhouseplants.net hostname: apfelkuchen.badhouseplants.net
ingress: ingress:
main: main:
enabled: true enabled: false
annotations: annotations:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
@ -49,7 +52,7 @@ ingress:
extraVolumes: extraVolumes:
certs: certs:
secret: secret:
secretName: xray-public-edge.badhouseplants.net secretName: apfelkuchen.badhouseplants.net
service: service:
shadowsocks-tcp: shadowsocks-tcp:
enabled: true enabled: true
@ -67,236 +70,3 @@ service:
port: 8443 port: 8443
targetPort: 8443 targetPort: 8443
protocol: UDP protocol: UDP
ext-cilium:
enabled: false
ciliumNetworkPolicies:
- name: xray-public
endpointSelectors:
app.kubernetes.io/instance: server-xray-public-edge
app.kubernetes.io/name: server-xray
egress:
- toEntities:
- cluster
- toPorts:
- ports:
- port: "53"
protocol: ANY
- toEntities:
- world
egressDeny:
- toEntities:
- cluster
- toCIDR:
- 93.158.213.92/32
- 93.158.213.92/32
- 185.243.218.213/32
- 91.216.110.53/32
- 23.157.120.14/32
- 94.243.222.100/32
- 208.83.20.20/32
- 156.234.201.18/32
- 209.141.59.16/32
- 34.89.51.235/32
- 109.201.134.183/32
- 83.102.180.21/32
- 185.230.4.150/32
- 45.9.60.30/32
- 5.181.156.41/32
- 156.234.201.18/32
- 34.89.51.235/32
- 83.6.102.25/32
- 51.222.82.36/32
- 125.227.79.123/32
- 193.42.111.57/32
- 135.125.202.143/32
- 176.56.7.44/32
- 185.87.45.163/32
- 181.214.58.63/32
- 143.198.64.177/32
- 5.255.124.190/32
- 52.58.128.163/32
- 15.204.57.168/32
- 34.94.76.146/32
- 211.23.142.127/32
- 64.23.195.62/32
- 23.153.248.83/32
- 82.156.24.219/32
- 37.235.176.37/32
- 176.123.1.180/32
- 35.227.59.57/32
- 62.210.114.129/32
- 185.216.179.62/32
- 34.94.76.146/32
- 121.199.16.229/32
- 23.163.56.66/32
- 176.99.7.59/32
- 207.241.231.226/32
- 207.241.226.111/32
- 27.151.84.136/32
- 104.244.77.14/32
- 5.102.159.190/32
- 184.61.17.58/32
- 125.227.79.123/32
- 181.214.58.63/32
- 95.217.167.10/32
- 159.148.57.222/32
- 15.204.57.168/32
- 211.23.142.127/32
- 34.94.76.146/32
- 187.56.163.73/32
- 109.71.253.37/32
- 5.182.86.242/32
- 104.244.77.14/32
- 190.146.242.81/32
- 89.110.76.229/32
- 138.124.183.78/32
- 209.126.11.233/32
- 167.99.185.219/32
- 37.59.48.81/32
- 27.151.84.136/32
- 142.132.183.104/32
- 193.53.126.151/32
- 74.48.17.122/32
- 93.158.213.92/32
- 156.234.201.18/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 184.61.17.58/32
- 125.227.79.123/32
- 104.21.58.176/32
- 172.67.162.102/32
- 181.214.58.63/32
- 93.185.165.29/32
- 95.217.167.10/32
- 159.148.57.222/32
- 15.204.57.168/32
- 211.75.210.220/32
- 125.227.79.123/32
- 211.23.142.127/32
- 172.67.165.72/32
- 104.21.57.182/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 187.56.163.73/32
- 109.71.253.37/32
- 5.182.86.242/32
- 104.244.77.14/32
- 193.53.126.151/32
- 104.19.22.31/32
- 104.19.22.22/32
- 104.19.22.27/32
- 104.19.22.23/32
- 104.19.22.30/32
- 104.19.22.24/32
- 104.19.22.26/32
- 104.19.22.29/32
- 104.19.22.32/32
- 104.19.22.28/32
- 104.19.22.25/32
- 74.48.17.122/32
- 184.61.17.58/32
- 104.21.62.230/32
- 172.67.139.235/32
- 172.67.135.244/32
- 104.21.26.114/32
- 104.21.72.244/32
- 172.67.136.175/32
- 172.67.183.130/32
- 104.21.64.112/32
- 104.26.10.105/32
- 104.26.11.105/32
- 172.67.70.119/32
- 172.67.144.128/32
- 104.21.71.114/32
- 172.67.161.130/32
- 104.21.65.89/32
- 172.67.156.75/32
- 104.21.40.186/32
- 65.21.91.32/32
- 184.61.17.58/32
- 104.21.82.111/32
- 172.67.200.173/32
- 104.21.13.129/32
- 172.67.200.14/32
- 104.21.89.147/32
- 172.67.160.224/32
- 172.67.139.235/32
- 104.21.62.230/32
- 93.158.213.92/32
- 185.243.218.213/32
- 91.216.110.53/32
- 23.157.120.14/32
- 94.243.222.100/32
- 208.83.20.20/32
- 156.234.201.18/32
- 209.141.59.16/32
- 34.94.76.146/32
- 35.227.59.57/32
- 34.89.51.235/32
- 109.201.134.183/32
- 83.102.180.21/32
- 185.230.4.150/32
- 45.9.60.30/32
- 5.181.156.41/32
- 83.6.102.25/32
- 54.39.48.3/32
- 51.222.82.36/32
- 125.227.79.123/32
- 193.42.111.57/32
- 135.125.202.143/32
- 176.56.7.44/32
- 185.87.45.163/32
- 93.185.165.29/32
- 181.214.58.63/32
- 143.198.64.177/32
- 5.255.124.190/32
- 52.58.128.163/32
- 15.204.57.168/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 211.23.142.127/32
- 211.75.210.220/32
- 125.227.79.123/32
- 64.23.195.62/32
- 51.81.222.188/32
- 23.153.248.83/32
- 82.156.24.219/32
- 37.235.176.37/32
- 51.15.41.46/32
- 176.123.1.180/32
- 104.244.77.87/32
- 34.94.76.146/32
- 34.89.51.235/32
- 35.227.59.57/32
- 62.210.114.129/32
- 185.216.179.62/32
- 34.94.76.146/32
- 34.89.51.235/32
- 35.227.59.57/32
- 121.199.16.229/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 23.163.56.66/32
- 176.99.7.59/32
- 207.241.231.226/32
- 207.241.226.111/32
- 27.151.84.136/32
- 51.159.54.68/32
- 104.244.77.14/32
- 5.102.159.190/32
- 190.146.242.81/32
- 89.110.76.229/32
- 89.47.160.50/32
- 138.124.183.78/32
- 209.126.11.233/32
- 167.99.185.219/32
- 27.151.84.136/32
- 37.59.48.81/32
- 27.151.84.136/32
- 142.132.183.104/32
- 159.148.57.222/32
- 159.148.57.222/32

20
values/badhouseplants/public-xray/server-xray-public/secrets.yaml
View File

File diff suppressed because one or more lines are too long

27
values/badhouseplants/public-xray/server-xray-public/values.yaml
View File

@ -1,29 +1,30 @@
certificate: certificate:
enabled: true enabled: true
certificate: certificate:
- name: xray-public.badhouseplants.net - name: tiramisu.badhouseplants.net
secretName: xray-public.badhouseplants.net secretName: tiramisu.badhouseplants.net
issuer: issuer:
kind: ClusterIssuer kind: ClusterIssuer
name: badhouseplants-issuer-http01 name: badhouseplants-issuer-http01
dnsNames: dnsNames:
- xray-public-dyn.badhouseplants.net - tiramisu.badhouseplants.net
- xray-public.badhouseplants.net
#- 195.201.249.91
traefik: traefik:
enabled: true enabled: true
tcpRoutes: tcpRoutes:
- name: server-xray-public - name: server-tiramisu
service: server-xray-public-xray-https service: server-xray-public-xray-https
match: HostSNI(`*`) match: HostSNI(`tiramisu.badhouseplants.net`)
entrypoint: xray-public entrypoint: websecure
port: 443 port: 443
tls:
secretName: tiramisu.badhouseplants.net
passthrough: true
shortcuts: shortcuts:
hostname: xray-public.badhouseplants.net hostname: tiramisu.badhouseplants.net
ingress: ingress:
main: main:
enabled: true enabled: false
annotations: annotations:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
@ -35,7 +36,7 @@ ingress:
extraVolumes: extraVolumes:
certs: certs:
secret: secret:
secretName: xray-public.badhouseplants.net secretName: tiramisu.badhouseplants.net
workload: workload:
replicas: 2 replicas: 2
@ -43,9 +44,9 @@ workload:
ext-cilium: ext-cilium:
enabled: false enabled: false
ciliumNetworkPolicies: ciliumNetworkPolicies:
- name: xray-public - name: tiramisu
endpointSelectors: endpointSelectors:
app.kubernetes.io/instance: server-xray-public app.kubernetes.io/instance: server-tiramisu
app.kubernetes.io/name: server-xray app.kubernetes.io/name: server-xray
egress: egress:
- toPorts: - toPorts:

4
values/common/values.tcp-route.yaml
View File

@ -20,6 +20,10 @@ traefik:
proxyProtocol: proxyProtocol:
version: {{ .proxyProtocolVersion }} version: {{ .proxyProtocolVersion }}
{{- end }} {{- end }}
{{- with .tls }}
tls:
{{ . | toYaml | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
- | - |
{{ range .Values.udpRoutes }} {{ range .Values.udpRoutes }}