Add an edge xray installation

2024-10-14 21:23:55 +02:00 · 2024-10-14 21:23:55 +02:00 · f5f3821f3a
commit f5f3821f3a
parent eef0a722cd
5 changed files with 312 additions and 1 deletions
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
@ -115,3 +115,12 @@ releases:
      - template: default-env-values
      - template: ext-tcp-routes
      - template: ext-cilium
+  - name: server-xray-public-edge
+    chart: allangers-charts/server-xray
+    namespace: public-xray
+    version: 0.1.0
+    inherit:
+      - template: default-env-secrets
+      - template: default-env-values
+      - template: ext-tcp-routes
+      - template: ext-cilium
--- a/values/badhouseplants/secrets.server-xray-public-edge.yaml
+++ b/values/badhouseplants/secrets.server-xray-public-edge.yaml
@ -0,0 +1,37 @@
+files:
+  config:
+    enabled: ENC[AES256_GCM,data:p4721g==,iv:Zp+m3P6vawpAdXO59bPcdgHvExuoZI480+4eg1zuFU8=,tag:C/SF9jbfLIMhJFXPEEBEFA==,type:bool]
+    sensitive: ENC[AES256_GCM,data:TJmIDP8=,iv:6OjVWwCxQETvi7uJkme/PzBEvyZ4AXlN3E+1IG+Gaqs=,tag:+oBak+FpBozTKthhPEyD2w==,type:bool]
+    remove: []
+    entries:
+      config.json:
+        data: ENC[AES256_GCM,data:WAVeNK7i3bMQzTbszWHntrCEywXRenVt5migaPY0llYgJcpiqlWKo+jf3kHE7nZxKSdSiTjPf5X63jaUa9ip1BsVbxSCzl7XnFoUN4G9Ob8va+2cdXSzqsNAH6BudLs1+SVWAcxuhj5PA+tePEezG3blAZFXXG6Hz7mbJk9OvwLB/sCGViu+Ghe1iLWX/tZi2EFdfJa9My47hoGVS26hxUUxshgyihT96qGsTli/e/hmUvOPlH70ZKZW+/62yXz2WdMPAZMEYcsXw4ah8yPsKwI3or/txuo1wgLh1DC+3TmdiUsyF+4dW9rH5xS1NOgcPB6irfJpEuYayMqLZVHM7pk/GfMGqjosvLR3RSIcIifZR8VGSs3bSeYWnT5GpTu5CT0RzLgr3uTkRa6D7WeqycRRybf+LUuhir0gMOSgg6570oTfGW4Mj3fU3rf5aLZV/OEu67KQmIyZEKtNHHo0OKN1eh2bXQ0VfRDCbgD8ExEP+5DujhdDN9auHUgZnUPQeDdIooAiKE7Q8dl4ynnpX9ggQiZIGMA30DcDR9H9bZFBe3h01TIiBIaJmCGja43uULVnBC4Wx9XK5GcdngKmLSPwqGWEY2QPbhK/PNIQVYkyG3WhH1VhOwivsXqrtTOu6urOEdkTrhzFxhr3yNVyDmkXBxQh9qJBYRU+HERFRXBkE9DDuojGFaBmyD+7QWf+29k7/O91WSyLpBMcOFbgRCsNriLxUDAXSyyzedkI/6KGvqXJ1NN3X9xwlOmNcupZR2CPCGoAQv75+iP8MvhI2A/QSjd/QJa2xP/TzqLNUmql5lfljk2ZrPtpU0kUpWH+iJRt47xOj0vLlxxWz/BHBKsIWBxpONhOzt/pVxjmTL1iE+TExsrJLc/oOpyHfAJA7MXm7yUVBDKlANHWehc3c5m1eLASERyMsjpfS7yZEuy21J4ihMhu1wcD5SPOnC6xF9EslRdsFj3imO5MSpk5mscGkNCkoYnvbW3ZjPPLeUmSFW0q+84a0ihEkGu1OJQ9jvCGmF2zERg80oZZv6f7MftSxop5PMbuLBKd+hhUIIe0cVoi4lRIE364CloTrYdzdp74RqD7xnidgI/gj7oF2YF+YorElda+mBgb3sY+6kxROknpwe1j51Up3gcu2R4M4Qg9YJjhR37O5+sdThWiVAvH/JwhEQ+ewadnpuSfRcKLyfERu5jnMDs8NT7ANB7erY/GtbqDDEDJtr4kHMPkqI55UYrAtzX8GDQeNplrEAOY7dZKziPepSoOFuN5u7beh+6gYFeqfjKqsCc2EauFocdfhjPDitgjjtYbSSUkuOAf4gKSb3zIf7Ij+Rh3G6j5AQcAJMqUdQNMQRoMDE63APl4S0X6jZUrq5P3QU5ZOhPHt2p/waMNZ4nrMhJCjzZ1qbzBajrFSFXmzMGmt5XPdrT9cmLGmSPJIOcBXwg0sRuksjxwbFJWR4UDQi5J0BXK+V7Q6dxFmW4XLTj7113VLaMq7uuh66REFafznVM/iGmUxl8t2d6ENJGFpvxc5tFmO5rdapwT3K2/iExKg8W7IrTX6X48qS/S68WJ7DXb5U/7RQD0jz4EQLCuAy6joi/EX9enh40rtoZUlpPPjLybmXbMzZpazQunuBK6mc95i2JDLM/wPV+Qfxrtt0L20UW0Sd45hsX0mhj2jK9UGmauZK6jiulPABSD0HTiFJKAmhXva1FDiRuAsw9A+GsDabMWU433tklk63nnpNTpNoh8NeGr47GIVgyXlsBcemvfoyoZ6hMevxpcVQbSTYRmGHH4Ja9oMl4QHuyD4zyWUGksc7SdsE8KUlNM7iEuD3/uSClXdue8+asC31/AKu/zmPj2S/C0OYrul17ZboVt7gPX22pIEtcB/9wA2xAzoG488Pn88p+Hs6LJf7YdZe76j0rT7bo4+baemOmt0YbCUtbzmaDUX6oDteV417NLAdzNW0QwpdkK+WlPPQmMSNvKNHgXVg6zGMIVRanThJdJUdfS/L/Q1JmBkMRi8syhHrO/uV9MebGHxXNrvas63ROki52QGqIlaYjlTyRU3Yjcjo6zDxbm/MyYsnWuh0KhfsCxoYoZcfJBCdq7wyJbgGtc21vmWwDpQo+4tYSxlAgLOPUfi0dykaOWF1JvM2oVWrnH1YFZAUkC9zspi8M/sDgIDHBGvuToT8RKjEf7O+U5KzhXPGA2nAGurhL9C8EmAZjy2fzfpKuaxvWv7B0QbGyeC/dnelFyEI+Inv7mVdz+qXbRKNfXfusEPyP1gBwYwkA05qzapHhKqZlGtF2CBYD8DZUJJpfPhQqULl5Yg8ikZTZStzWylh7gDeLkgWh+3SSncNmG+Faj/GR077CR5y5CvgFCw6+cvqS3j/h/nzjYzIeLmKUkctW93jXtxh4x1q5u0lIPKLK9oPivTxjoZQdkpTWmWHswNY/am9jEZ8Es+DvGp9PB3dfI1BeGF6ZolHmWoBLqmDiEMDIiCqbBp0+i6GnOk52sYMpy1HdlW3mfzRTEvnsICfTb9w8X+lu9My6Zmnh6+w9gJD1vzy0QOX3l8dWKVVXqMqoYJxvZ0HraQiBhBNnUnOlk9GCkuV51zTAFfsL2ri5X9WEJt8PijzPKhAmDJQMnAF70bLTBfzea4V8eaI/P6BEL3oxbpw9q2pjSKiQo42i9zYmN7noqM4Jhjq9ggTUsTdT7ar5KoYrNMAJwwYxEAHBMlikQlqRJR46YLDy99DpX6tUn73SBioox89f2t2ux256ZdLd58CZDLxVLH8jzIdXdGUm9uQLgTrRJeT1Ac+l27AYgtDqowJ7vy2sr7EiWIxJ3Qctt4mbjvwOhUgxFCjOs3vps9LKTlZ3NbEs/M4C5eBzMLNTV5hsQPg/IZvEboy8UNXRsYPIRmUgaOR2jm9fvWzCQzeyBLurJ24P2jetuB/wrUxoVSsWyr9SJ33RQWVxPG7wzjP57fMG7a+WQCDTEA/buTtcxXaQpFpKdFlraGyz3Nt6EJI4SNN0uiKwjXfoeN6LBsdjhWEhfovSids1HpWNIoIDjkVEGypEQ7uXHMyLCdBM+FLoXXWnReqa91ofbRlF8XKKh7rmOnu93Mu297RPa070lMeFwDjKq+M2Y2+u/kItxyQENG13CfvLUUs/14Yr4t8byoWHFns81R8I9K5B8X7yFMsUVKj3gLzwRyT70DiVy+kN/Qq1mfjUJV+Ct6Q/cKcGFZiWj/NWDnQyPigxVX3fWl9G6vK2edm/s8DtndzUIFO9qtd5bMD7SPYs5RoRdE6wV72tKJn9QJmHVsPubux6/k/NZzbmPDOr1nWgPaSkx5oT4FBxVwLpzmOvTHWISS5a/HzFjhtmg8jNXvqVeC0/XfhLTk2BA7Xw3muR2OLxZE9+kvqcuYYCyfUVvsSCjmDGK091pZ+dURvUXNWi0MDaY1QkfKcmfXD8d4znN1XAyv1OgdSfutQN4vNQd1CJVAKwf/Wmt7fIhxUONH7TiBGYpwVPipdp4ZMf1jfXTyZ3nhnjyqS8ySugOk3Dc99YRnjVVH+4gR4jMQr1pKV86AW4nGbKBGJ5qM8X8BhEK9rjkkStoHJM8BSo+PBOrG0OxEgto4R3itYCInf5gtK6EMQ1qxza8WjxaDEhTiH120Ud3lH8YBly4RDQmIkJVxgkAuE0NZUfwX+WvNzb463opwJtBef72+GoXW156lu+TNd4TcXomVv9rGK2OpUNMMQXqz8oQaWuy1e4R6hGKDENSAnIhR5TayyV51TFnxVT+JugIj8y4JH7drb49FAZBUYB+DshtqCBNf2sGGEEdlRdEXApj2cCJckLC/gxUT+rgw8AN0DOXnGz0Vlor7ZKs5eE3dMz/ierMKRfVNSeE1Eqfqrz45NoBDkHDegJU40rkWKXC34X1UENXIVunwwlseIdYrzGvhaDqoSHz7sHZJcRSyLqBcDrPpTMQ2pElFOwjb3jmR2lq1H4jyYDHI0fAL5UkezyZLg==,iv:vxGxZsEDNanMqIFjb7aPGnZryfcxPam/GxL+a6GF5vg=,tag:F/+BnrZsnvseYup2I5rOgg==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbGxtdGhLdlUxWXFjL2oy
+        SEtwa09CMG1JN1M4ancrUHB1VFhzNURGYzNRCkhyWEszT04yeEdSeFFqdWNheVEy
+        U2lFcFJxRDNlZ092cXNqcFJISTlHTGcKLS0tIG9PYXJ6MnJLMkF6VC9pVU1kV09p
+        Z0hlQVE5YWVMTGVqenFlMENsVElWeDAKhr01CynUWRMGp1G1J4CGVnV6A8Sa/TWc
+        o6NZUQ1eJmEzewpQCTa9NBA3KSU2/72oLUb5bVqhnUZuwn1V+awfAw==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSllTdmZrZE1tZ1RZaThy
+        d2xSNUFubGExZnhCckF1d1pSaGFNMTZmZGxnCmFVNURzZ2c5U1ZXMFlQTkdXVER6
+        RkpEeHcwUXA1OWlWV3Q1dWxGOGsvcEkKLS0tIGoxSld2dFdZS3YrTW5rYUJKeUQx
+        T0FxVS9NUnlHRkREMDlWU0FIaU41OW8KbC8FSQCD2kxviuClUY7gdlwQWmSJ8T/3
+        pYh5CZGeAvBbB0jVWJutg9uR3H8KRxUPj3Ietn6342dUa//JV4lqVg==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-10-14T12:38:17Z"
+  mac: ENC[AES256_GCM,data:+jU64zcEw5/WEgRzzJ+gfInkkV+QCtvy7OUbKS2OVE2wMHLxzpGPDOToE/A+kBGyjfFX3aMsbZktn1mE9AB+IjqzaoDGqWyZnP/sPaxqiW6tFLC1vNbgFnGHMa30+yuR2ClKsq8RlKZDxdStcTxtpT230XcKtQeVZGRL2OZoBHM=,iv:7sSepeSiriMkcNChdPjLkiEZaw43nVric4/UKylcJJs=,tag:gRF1QVQbRE5Q58G5qM4GHg==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.1
--- a/values/badhouseplants/values.server-xray-public-edge.yaml
+++ b/values/badhouseplants/values.server-xray-public-edge.yaml
@ -0,0 +1,259 @@
+traefik:
+  enabled: true
+  tcpRoutes:
+    - name: server-xray-public-edge
+      service: server-xray-public-xray-https
+      match: HostSNI(`*`)
+      entrypoint: xray-edge
+      port: 443
+shortcuts:
+  hostname: xray-public.badhouseplants.net
+ingress:
+  main:
+    enabled: true
+    annotations:
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/ingress.global-static-ip-name: ""
+      kubernetes.io/tls-acme: "true"
+      meta.helm.sh/release-name: xray
+      meta.helm.sh/release-namespace: xray
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+extraVolumes:
+  certs:
+    secret:
+      secretName: xray-public.badhouseplants.net
+workload:
+  replicas: 1
+ext-cilium:
+  enabled: true
+  ciliumNetworkPolicies:
+    - name: xray-public
+      endpointSelectors:
+        app.kubernetes.io/instance: server-xray-public-edge
+        app.kubernetes.io/name: server-xray
+      egress:
+        - toEntities:
+            - cluster
+        - toPorts:
+            - ports:
+                - port: "53"
+                  protocol: ANY
+        - toEntities:
+            - world
+      egressDeny:
+        - toCIDR:
+            - 93.158.213.92/32
+            - 93.158.213.92/32
+            - 185.243.218.213/32
+            - 91.216.110.53/32
+            - 23.157.120.14/32
+            - 94.243.222.100/32
+            - 208.83.20.20/32
+            - 156.234.201.18/32
+            - 209.141.59.16/32
+            - 34.89.51.235/32
+            - 109.201.134.183/32
+            - 83.102.180.21/32
+            - 185.230.4.150/32
+            - 45.9.60.30/32
+            - 5.181.156.41/32
+            - 156.234.201.18/32
+            - 34.89.51.235/32
+            - 83.6.102.25/32
+            - 51.222.82.36/32
+            - 125.227.79.123/32
+            - 193.42.111.57/32
+            - 135.125.202.143/32
+            - 176.56.7.44/32
+            - 185.87.45.163/32
+            - 181.214.58.63/32
+            - 143.198.64.177/32
+            - 5.255.124.190/32
+            - 52.58.128.163/32
+            - 15.204.57.168/32
+            - 34.94.76.146/32
+            - 211.23.142.127/32
+            - 64.23.195.62/32
+            - 23.153.248.83/32
+            - 82.156.24.219/32
+            - 37.235.176.37/32
+            - 176.123.1.180/32
+            - 35.227.59.57/32
+            - 62.210.114.129/32
+            - 185.216.179.62/32
+            - 34.94.76.146/32
+            - 121.199.16.229/32
+            - 23.163.56.66/32
+            - 176.99.7.59/32
+            - 207.241.231.226/32
+            - 207.241.226.111/32
+            - 27.151.84.136/32
+            - 104.244.77.14/32
+            - 5.102.159.190/32
+            - 184.61.17.58/32
+            - 125.227.79.123/32
+            - 181.214.58.63/32
+            - 95.217.167.10/32
+            - 159.148.57.222/32
+            - 15.204.57.168/32
+            - 211.23.142.127/32
+            - 34.94.76.146/32
+            - 187.56.163.73/32
+            - 109.71.253.37/32
+            - 5.182.86.242/32
+            - 104.244.77.14/32
+            - 190.146.242.81/32
+            - 89.110.76.229/32
+            - 138.124.183.78/32
+            - 209.126.11.233/32
+            - 167.99.185.219/32
+            - 37.59.48.81/32
+            - 27.151.84.136/32
+            - 142.132.183.104/32
+            - 193.53.126.151/32
+            - 74.48.17.122/32
+            - 93.158.213.92/32
+            - 156.234.201.18/32
+            - 35.227.59.57/32
+            - 34.89.51.235/32
+            - 34.94.76.146/32
+            - 184.61.17.58/32
+            - 125.227.79.123/32
+            - 104.21.58.176/32
+            - 172.67.162.102/32
+            - 181.214.58.63/32
+            - 93.185.165.29/32
+            - 95.217.167.10/32
+            - 159.148.57.222/32
+            - 15.204.57.168/32
+            - 211.75.210.220/32
+            - 125.227.79.123/32
+            - 211.23.142.127/32
+            - 172.67.165.72/32
+            - 104.21.57.182/32
+            - 35.227.59.57/32
+            - 34.89.51.235/32
+            - 34.94.76.146/32
+            - 187.56.163.73/32
+            - 109.71.253.37/32
+            - 5.182.86.242/32
+            - 104.244.77.14/32
+            - 193.53.126.151/32
+            - 104.19.22.31/32
+            - 104.19.22.22/32
+            - 104.19.22.27/32
+            - 104.19.22.23/32
+            - 104.19.22.30/32
+            - 104.19.22.24/32
+            - 104.19.22.26/32
+            - 104.19.22.29/32
+            - 104.19.22.32/32
+            - 104.19.22.28/32
+            - 104.19.22.25/32
+            - 74.48.17.122/32
+            - 184.61.17.58/32
+            - 104.21.62.230/32
+            - 172.67.139.235/32
+            - 172.67.135.244/32
+            - 104.21.26.114/32
+            - 104.21.72.244/32
+            - 172.67.136.175/32
+            - 172.67.183.130/32
+            - 104.21.64.112/32
+            - 104.26.10.105/32
+            - 104.26.11.105/32
+            - 172.67.70.119/32
+            - 172.67.144.128/32
+            - 104.21.71.114/32
+            - 172.67.161.130/32
+            - 104.21.65.89/32
+            - 172.67.156.75/32
+            - 104.21.40.186/32
+            - 65.21.91.32/32
+            - 184.61.17.58/32
+            - 104.21.82.111/32
+            - 172.67.200.173/32
+            - 104.21.13.129/32
+            - 172.67.200.14/32
+            - 104.21.89.147/32
+            - 172.67.160.224/32
+            - 172.67.139.235/32
+            - 104.21.62.230/32
+            - 93.158.213.92/32
+            - 185.243.218.213/32
+            - 91.216.110.53/32
+            - 23.157.120.14/32
+            - 94.243.222.100/32
+            - 208.83.20.20/32
+            - 156.234.201.18/32
+            - 209.141.59.16/32
+            - 34.94.76.146/32
+            - 35.227.59.57/32
+            - 34.89.51.235/32
+            - 109.201.134.183/32
+            - 83.102.180.21/32
+            - 185.230.4.150/32
+            - 45.9.60.30/32
+            - 5.181.156.41/32
+            - 83.6.102.25/32
+            - 54.39.48.3/32
+            - 51.222.82.36/32
+            - 125.227.79.123/32
+            - 193.42.111.57/32
+            - 135.125.202.143/32
+            - 176.56.7.44/32
+            - 185.87.45.163/32
+            - 93.185.165.29/32
+            - 181.214.58.63/32
+            - 143.198.64.177/32
+            - 5.255.124.190/32
+            - 52.58.128.163/32
+            - 15.204.57.168/32
+            - 35.227.59.57/32
+            - 34.89.51.235/32
+            - 34.94.76.146/32
+            - 211.23.142.127/32
+            - 211.75.210.220/32
+            - 125.227.79.123/32
+            - 64.23.195.62/32
+            - 51.81.222.188/32
+            - 23.153.248.83/32
+            - 82.156.24.219/32
+            - 37.235.176.37/32
+            - 51.15.41.46/32
+            - 176.123.1.180/32
+            - 104.244.77.87/32
+            - 34.94.76.146/32
+            - 34.89.51.235/32
+            - 35.227.59.57/32
+            - 62.210.114.129/32
+            - 185.216.179.62/32
+            - 34.94.76.146/32
+            - 34.89.51.235/32
+            - 35.227.59.57/32
+            - 121.199.16.229/32
+            - 35.227.59.57/32
+            - 34.89.51.235/32
+            - 34.94.76.146/32
+            - 23.163.56.66/32
+            - 176.99.7.59/32
+            - 207.241.231.226/32
+            - 207.241.226.111/32
+            - 27.151.84.136/32
+            - 51.159.54.68/32
+            - 104.244.77.14/32
+            - 5.102.159.190/32
+            - 190.146.242.81/32
+            - 89.110.76.229/32
+            - 89.47.160.50/32
+            - 138.124.183.78/32
+            - 209.126.11.233/32
+            - 167.99.185.219/32
+            - 27.151.84.136/32
+            - 37.59.48.81/32
+            - 27.151.84.136/32
+            - 142.132.183.104/32
+            - 159.148.57.222/32
+            - 159.148.57.222/32
--- a/values/badhouseplants/values.server-xray-public.yaml
+++ b/values/badhouseplants/values.server-xray-public.yaml
@ -3,7 +3,7 @@ traefik:
  tcpRoutes:
    - name: server-xray-public
      service: server-xray-public-xray-https
-      match: HostSNI(`xray-public.badhouseplants.net`)
+      match: HostSNI(`*`)
      entrypoint: xray-public
      port: 443
 shortcuts:
--- a/values/badhouseplants/values.traefik.yaml
+++ b/values/badhouseplants/values.traefik.yaml
@ -34,6 +34,12 @@ ports:
      default: true
    exposedPort: 27015
    protocol: TCP
+  xray-edge:
+    port: 27016
+    expose:
+      default: true
+    exposedPort: 27016
+    protocol: TCP
    #  valve-server:
    #    port: 27015
    #    expose: