arkadijs · December 18, 2020 22:27
diff --git a/external-dns.yaml b/external-dns.yaml
 apiVersion: externaldns.k8s.io/v1alpha1
 kind: DNSEndpoint
 metadata:
  name: proxy
 spec:
  endpoints:
  - dnsName: proxy.superhub.io
    recordTTL: 300
    recordType: CNAME
    targets:
    - a7dfffe228ed0466f808cf4750ac68ca-22337b0a1cbc5bd2.elb.us-east-2.amazonaws.com
diff --git a/ghostunnel.sh b/ghostunnel.sh
 ghostunnel client --listen=127.0.0.1:1080 --target=proxy.superhub.io:443 --disable-authentication
diff --git a/http.yaml b/http.yaml
 ---
 kind: Service
 apiVersion: v1
 metadata:
  name: proxy
 spec:
  ports:
  - port: 8080
    targetPort: 8888
  selector:
    app: proxy

 ---
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: proxy
 spec:
  selector:
    matchLabels:
      app: proxy
  template:
    metadata:
      labels:
        app: proxy
    spec:
      containers:
      - name: proxy
        image: monokal/tinyproxy
        args:
        - ANY
        ports:
        - containerPort: 8888
          protocol: TCP
diff --git a/nginx-values.yaml b/nginx-values.yaml
 # nginx (chart) requires a separate port on loadbalancer
 tcp:
  1880: ingress/proxy:8080
diff --git a/socks.yaml b/socks.yaml
 ---
 kind: Service
 apiVersion: v1
 metadata:
  name: proxy
 spec:
  ports:
  - port: 8080
    targetPort: 1080
  selector:
    app: proxy

 ---
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: proxy
 spec:
  selector:
    matchLabels:
      app: proxy
  template:
    metadata:
      labels:
        app: proxy
    spec:
      containers:
      - name: proxy
        image: wernight/dante
        ports:
        - containerPort: 1080
          protocol: TCP
diff --git a/traefik.yaml b/traefik.yaml
 # Traefik can route on SNI
 # and mutual TLS https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-tlsoption
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: TLSOption
 metadata:
  name: tls12
 spec:
  minVersion: VersionTLS12

 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: proxy
 spec:
  entryPoints:
  - websecure
  routes:
  - match: HostSNI(`proxy.superhub.io`)
    services:
    - name: proxy
      port: 8080
  tls:
    certResolver: prod
    options:
      name: tls12
	apiVersion: externaldns.k8s.io/v1alpha1
	kind: DNSEndpoint
	metadata:
	name: proxy
	spec:
	endpoints:
	- dnsName: proxy.superhub.io
	recordTTL: 300
	recordType: CNAME
	targets:
	- a7dfffe228ed0466f808cf4750ac68ca-22337b0a1cbc5bd2.elb.us-east-2.amazonaws.com
	---
	kind: Service
	apiVersion: v1
	metadata:
	name: proxy
	spec:
	ports:
	- port: 8080
	targetPort: 8888
	selector:
	app: proxy

	---
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	name: proxy
	spec:
	selector:
	matchLabels:
	app: proxy
	template:
	metadata:
	labels:
	app: proxy
	spec:
	containers:
	- name: proxy
	image: monokal/tinyproxy
	args:
	- ANY
	ports:
	- containerPort: 8888
	protocol: TCP
	# nginx (chart) requires a separate port on loadbalancer
	tcp:
	1880: ingress/proxy:8080
	# Traefik can route on SNI
	# and mutual TLS https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-tlsoption
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: TLSOption
	metadata:
	name: tls12
	spec:
	minVersion: VersionTLS12

	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRouteTCP
	metadata:
	name: proxy
	spec:
	entryPoints:
	- websecure
	routes:
	- match: HostSNI(`proxy.superhub.io`)
	services:
	- name: proxy
	port: 8080
	tls:
	certResolver: prod
	options:
	name: tls12