From ebaeb77c573d1f60e49a8a707faad939c4765edd Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Sat, 27 May 2023 03:06:09 +0800 Subject: [PATCH] feat: add satisfactory --- .../1-clusters/Biohazard/2-config/4-vars.yaml | 6 +- .../Biohazard/2-config/kustomization.yaml | 1 + kube/3-deploy/2-apps/satisfactory/app/hr.yaml | 87 +++++++++++++++++++ .../2-apps/satisfactory/app/netpol.yaml | 45 ++++++++++ .../2-apps/satisfactory/app/volsync.yaml | 36 ++++++++ kube/3-deploy/2-apps/satisfactory/ks.yaml | 17 ++++ .../2-apps/satisfactory/kustomization.yaml | 6 ++ kube/3-deploy/2-apps/satisfactory/ns.yaml | 5 ++ 8 files changed, 201 insertions(+), 2 deletions(-) create mode 100644 kube/3-deploy/2-apps/satisfactory/app/hr.yaml create mode 100644 kube/3-deploy/2-apps/satisfactory/app/netpol.yaml create mode 100644 kube/3-deploy/2-apps/satisfactory/app/volsync.yaml create mode 100644 kube/3-deploy/2-apps/satisfactory/ks.yaml create mode 100644 kube/3-deploy/2-apps/satisfactory/kustomization.yaml create mode 100644 kube/3-deploy/2-apps/satisfactory/ns.yaml diff --git a/kube/1-clusters/Biohazard/2-config/4-vars.yaml b/kube/1-clusters/Biohazard/2-config/4-vars.yaml index 0ae648d9..0c809f9f 100644 --- a/kube/1-clusters/Biohazard/2-config/4-vars.yaml +++ b/kube/1-clusters/Biohazard/2-config/4-vars.yaml @@ -74,6 +74,8 @@ data: APP_DNS_GOKAPI: ENC[AES256_GCM,data:1AI66ICh7pPsij2IpZJ7V9HcFMc6,iv:r+E2tkEPawLDWpE+OiJ6dNM/RrxhlP7NH+CjwAxhhYE=,tag:QfmCosR+J2fTV66AAelOjw==,type:str] APP_IP_SANDSTORM: ENC[AES256_GCM,data:2V+Dy1c3hOepKEo=,iv:l1nv+BrnEjsrvdONhBY9EgA8lSO2Nmtdr7Ktl9twfT4=,tag:ls8DbeJnvdwZhUA+deP02Q==,type:str] APP_DNS_SANDSTORM: ENC[AES256_GCM,data:dc/OufmvPkYMRg==,iv:8GUBWGGdEJ5A+wYFaLJljYYn3hUlpH9/cGy6641GDEw=,tag:gE3j/iytsqPKUm+R1g3suQ==,type:str] + APP_IP_SATISFACTORY: ENC[AES256_GCM,data:lpwAYR7CuX40NEI=,iv:OCSlGR42+Zpsi/CHuyFMIE2aY+jGN4E0slFf2/Ei3oU=,tag:cw1eROYU8V3rGG5ltyFvJQ==,type:str] + APP_UID_SATISFACTORY: ENC[AES256_GCM,data:eWxuUyI=,iv:Hs3xHdm/ewF0BnGOYK6XgQM43LDhngtZXvna7XTDiok=,tag:J7SDzgEroyl2wje9XsprQQ==,type:str] APP_IP_SYNCTHING_USER_1: ENC[AES256_GCM,data:3jh9VglVsJCWzHF1,iv:dwpjZjETiFIuRXBSutygAyA2R4EpYas0oT8kI+YF320=,tag:DdA1SZ3DJKJ7tXsPJ6B/dw==,type:str] APP_DNS_SYNCTHING_USER_1: ENC[AES256_GCM,data:xvLsX+wvGgOdQOc=,iv:/f77W1vUGI2FHvG4hsvzXCJWiinRKzapU0OHC8vZ1ac=,tag:oHjNluzCh7lDUEHaxW2YWg==,type:str] APP_DNS_AUTH: ENC[AES256_GCM,data:A67gznl/VxXxPiMh9zH1fa8VQA==,iv:oCCxFDb7Uo+AfXtuOf8L8Cukm4VAWzL92w8VgJp40dM=,tag:xFCS9csJIFvJ9XufVrq4Rg==,type:str] @@ -115,8 +117,8 @@ sops: SnpvS3RUUlFMM1dUNGZQNkVqQ2VqNDAKywch6CgtS1AFLYxfML5dB7/5V6qZ0ob1 63vBpqjOza3EqvfNKo+UMtK/fRK0Q5jlpuI+0/z9VrxzKEWsgUCBVQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-18T13:42:34Z" - mac: ENC[AES256_GCM,data:hKTOr/5GtEOA9iGZQI8zUNku3+KPvVXr8K3yoCzyLi8cDhvZnrsqw9AxHsvnUwoKrG3JfRlcN9JY9JTv7qBHFB1Vh/5yB4sdqFdf4d9gOJ5jo6X90yrZOvJnO4Eng2EljFS/NCfJTAjTokNWS0dt5eH6ve6Pi066Ut2PpNcgjIU=,iv:OXeEp2gFWvI/RWulrMo6R/B7shf4yp91Uec82o2gxZA=,tag:sAwo8w2LBlmflzROtVqovg==,type:str] + lastmodified: "2023-05-26T19:05:04Z" + mac: ENC[AES256_GCM,data:euvBtynehSA4dVwQ3CFuMoW3XNqLoTARdUawwNaWtobVNqu5G9WPkw5cY048qPkGvUPLzYGS/cURs1dKXFKPoKknjsR0K8AdbqI9jMHKy6wsnZ5aILmAQyO5FF7zS6q7TLCIDMA9BdjrEPp2RHT66SaN5W2qmImtm7724FC27p0=,iv:Cf4Up6FbbbpP9mZ8T6xPTbdgnefhDVnKixaYmQqj0hw=,tag:nhonVbmgWX5JQQDkzICX3Q==,type:str] pgp: - created_at: "2023-02-22T08:12:31Z" enc: | diff --git a/kube/1-clusters/Biohazard/2-config/kustomization.yaml b/kube/1-clusters/Biohazard/2-config/kustomization.yaml index a129c6e8..7741c494 100644 --- a/kube/1-clusters/Biohazard/2-config/kustomization.yaml +++ b/kube/1-clusters/Biohazard/2-config/kustomization.yaml @@ -22,6 +22,7 @@ resources: - ../../../3-deploy/2-apps/velociraptor/ - ../../../3-deploy/2-apps/gotosocial/ - ../../../3-deploy/2-apps/ntfy/ + - ../../../3-deploy/2-apps/satisfactory/ patches: - patch: |- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 diff --git a/kube/3-deploy/2-apps/satisfactory/app/hr.yaml b/kube/3-deploy/2-apps/satisfactory/app/hr.yaml new file mode 100644 index 00000000..6ef78016 --- /dev/null +++ b/kube/3-deploy/2-apps/satisfactory/app/hr.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app satisfactory + namespace: *app +spec: + chart: + spec: + chart: app-template + version: 1.5.0 + sourceRef: + name: bjw-s + kind: HelmRepository + namespace: flux-system + values: + controller: + type: statefulset + image: + repository: docker.io/wolveix/satisfactory-server + tag: v1.4.8@sha256:56ca73cb8a64e7bedfe0b72c9490ce1d32e547a16c753ffcb7e96c8364e8c348 + podSecurityContext: + runAsUser: &uid ${APP_UID_SATISFACTORY} + runAsGroup: *uid + fsGroup: *uid + fsGroupChangePolicy: Always + env: + TZ: "${CONFIG_TZ}" + AUTOPAUSE: "true" + AUTOSAVEINTERVAL: "60" + AUTOSAVENUM: "60" + AUTOSAVEONDISCONNECT: "true" + CRASHREPORT: "false" + MAXPLAYERS: "4" + MAXTICKRATE: "120" # default is a low 30 + NETWORKQUALITY: "3" # 0-3, 3 is Ultra (default) + PGID: *uid + PUID: *uid + TIMEOUT: "300" + service: + main: + enabled: true + type: LoadBalancer + externalTrafficPolicy: Cluster + annotations: + "io.cilium/lb-ipam-ips": "${APP_IP_SATISFACTORY}" + ports: + http: + enabled: false + primary: false + query: + enabled: true + port: 15777 + protocol: UDP + beacon: + enabled: true + port: 15000 + protocol: UDP + game: + enabled: true + primary: true + port: 7777 + protocol: UDP + probes: + startup: + enabled: false + liveness: + enabled: false + readiness: + enabled: false + volumeClaimTemplates: + - name: data + mountPath: /config + accessMode: ReadWriteOnce + size: 10Gi + storageClass: block + - name: runtime + mountPath: /config/gamefiles + accessMode: ReadWriteOnce + size: 50Gi + storageClass: block + resources: + requests: + cpu: 200m + memory: 6740Mi + # limits: + # memory: 6000Mi diff --git a/kube/3-deploy/2-apps/satisfactory/app/netpol.yaml b/kube/3-deploy/2-apps/satisfactory/app/netpol.yaml new file mode 100644 index 00000000..f05d66b2 --- /dev/null +++ b/kube/3-deploy/2-apps/satisfactory/app/netpol.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: &app satisfactory + namespace: *app +spec: + endpointSelector: {} + ingress: + # same namespace + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: *app + # players + - fromCIDRSet: + - cidr: "${IP_ROUTER_LAN_CIDR}" + - cidr: "${IP_WG_USER_1_V4}" + - cidr: "${IP_WG_GUEST_V4}" + toPorts: + - ports: + - port: "7777" + protocol: UDP + - port: "15000" + protocol: UDP + - port: "15777" + protocol: UDP + egress: + # same namespace + - toEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: *app + # allow downloading game runtime files + - toEntities: + - world + # L7 DNS inspection & proxy + - toEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: kube-system + k8s-app: kube-dns + toPorts: + - ports: + - port: "53" + rules: + dns: + - matchPattern: "*" diff --git a/kube/3-deploy/2-apps/satisfactory/app/volsync.yaml b/kube/3-deploy/2-apps/satisfactory/app/volsync.yaml new file mode 100644 index 00000000..d23b8275 --- /dev/null +++ b/kube/3-deploy/2-apps/satisfactory/app/volsync.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: satisfactory-restic + namespace: satisfactory +type: Opaque +stringData: + RESTIC_REPOSITORY: ${SECRET_VOLSYNC_R2_REPO}/satisfactory + RESTIC_PASSWORD: ${SECRET_VOLSYNC_PASSWORD} + AWS_ACCESS_KEY_ID: ${SECRET_VOLSYNC_R2_ID} + AWS_SECRET_ACCESS_KEY: ${SECRET_VOLSYNC_R2_KEY} +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: satisfactory-restic + namespace: satisfactory +spec: + sourcePVC: data-satisfactory-0 + trigger: + schedule: "0 6 * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 14 + repository: satisfactory-restic + cacheCapacity: 2Gi + volumeSnapshotClassName: block + storageClassName: block + moverSecurityContext: + runAsUser: ${APP_UID_SATISFACTORY} + runAsGroup: ${APP_UID_SATISFACTORY} + fsGroup: ${APP_UID_SATISFACTORY} + retain: + daily: 14 + within: 7d diff --git a/kube/3-deploy/2-apps/satisfactory/ks.yaml b/kube/3-deploy/2-apps/satisfactory/ks.yaml new file mode 100644 index 00000000..587ac031 --- /dev/null +++ b/kube/3-deploy/2-apps/satisfactory/ks.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: satisfactory-app + namespace: flux-system +spec: + path: ./kube/3-deploy/2-apps/satisfactory/app + dependsOn: + - name: ${CLUSTER_NAME_LOWER}-1-core-02-storage-rook-ceph + - name: ${CLUSTER_NAME_LOWER}-1-core-04-dns-internal + #- name: ${CLUSTER_NAME_LOWER}-2-apps-volsync + healthChecks: + - name: satisfactory + namespace: satisfactory + kind: HelmRelease + apiVersion: helm.toolkit.fluxcd.io/v2beta1 diff --git a/kube/3-deploy/2-apps/satisfactory/kustomization.yaml b/kube/3-deploy/2-apps/satisfactory/kustomization.yaml new file mode 100644 index 00000000..5eeb2657 --- /dev/null +++ b/kube/3-deploy/2-apps/satisfactory/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - ks.yaml diff --git a/kube/3-deploy/2-apps/satisfactory/ns.yaml b/kube/3-deploy/2-apps/satisfactory/ns.yaml new file mode 100644 index 00000000..3cb64a62 --- /dev/null +++ b/kube/3-deploy/2-apps/satisfactory/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: satisfactory