diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml index 91e64f686..6b5a6ff77 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml @@ -1,3 +1,29 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &appname minecraft-public-global-secrets + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + targetNamespace: gaming-public + commonMetadata: + labels: + app.kubernetes.io/name: *appname + path: ./kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets + prune: true + sourceRef: + kind: GitRepository + name: home-ops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: apps-external-secrets-stores + --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -22,8 +48,10 @@ spec: retryInterval: 1m timeout: 5m dependsOn: - - name: cilium-config + - name: minecraft-public-global-secrets - name: apps-external-secrets-stores + # required for the loadbalancer config (it is not a hard dependency) + - name: cilium-config --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json @@ -49,8 +77,10 @@ spec: retryInterval: 1m timeout: 5m dependsOn: - - name: minecraft-public-velocity-proxy + - name: minecraft-public-global-secrets + - name: apps-volsync - name: apps-rook-ceph-cluster + - name: apps-kube-prometheus-stack --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json @@ -76,5 +106,7 @@ spec: retryInterval: 1m timeout: 5m dependsOn: - - name: minecraft-public-velocity-proxy + - name: minecraft-public-global-secrets + - name: apps-volsync - name: apps-rook-ceph-cluster + - name: apps-kube-prometheus-stack diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-curseforge-api-key.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-curseforge-api-key.yaml new file mode 100644 index 000000000..873950f47 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-curseforge-api-key.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name curseforge-api-key +spec: + refreshInterval: 1m + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: *name + creationPolicy: Owner + data: + - secretKey: CF_API_KEY + remoteRef: + key: infra/techtales/gaming-public/minecraft + property: CF_API_KEY diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-proxy-forwarding.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-proxy-forwarding.yaml new file mode 100644 index 000000000..5a3b76268 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-proxy-forwarding.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name minecraft-proxy-forwarding +spec: + refreshInterval: 1m + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: *name + creationPolicy: Owner + template: + engineVersion: v2 + data: + forwarding.secret: "{{ .PROXY_FORWARDING_SECRET }}" + dataFrom: + - extract: + key: infra/techtales/gaming-public/minecraft diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-rcon.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-rcon.yaml new file mode 100644 index 000000000..bf82adc85 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/external-secrets/minecraft-rcon.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name minecraft-rcon +spec: + refreshInterval: 1m + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: *name + creationPolicy: Owner + data: + - secretKey: RCON_PASSWORD + remoteRef: + key: infra/techtales/gaming-public/minecraft + property: RCON_PASSWORD diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/helm-release.yaml new file mode 100644 index 000000000..1fda5f9c9 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/helm-release.yaml @@ -0,0 +1,98 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: external-secret-minecraft-curseforge-api-key +spec: + dependsOn: + - name: external-secrets + namespace: secops + interval: 15m + chart: + spec: + chart: k8s-resource + version: 0.3.0 + sourceRef: + kind: HelmRepository + name: mirceanton-charts + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + valuesFrom: + - kind: ConfigMap + name: curseforge-api-key + +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: external-secret-minecraft-proxy-forwarding +spec: + dependsOn: + - name: external-secrets + namespace: secops + interval: 15m + chart: + spec: + chart: k8s-resource + version: 0.3.0 + sourceRef: + kind: HelmRepository + name: mirceanton-charts + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + valuesFrom: + - kind: ConfigMap + name: minecraft-proxy-forwarding + +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: external-secret-minecraft-rcon +spec: + dependsOn: + - name: external-secrets + namespace: secops + interval: 15m + chart: + spec: + chart: k8s-resource + version: 0.3.0 + sourceRef: + kind: HelmRepository + name: mirceanton-charts + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + valuesFrom: + - kind: ConfigMap + name: minecraft-rcon diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomization.yaml new file mode 100644 index 000000000..a3735021d --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomization.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml +configMapGenerator: + - name: minecraft-proxy-forwarding + files: + - values.yaml=./external-secrets/minecraft-proxy-forwarding.yaml + - name: minecraft-rcon + files: + - values.yaml=./external-secrets/minecraft-rcon.yaml + - name: curseforge-api-key + files: + - values.yaml=./external-secrets/minecraft-curseforge-api-key.yaml +generatorOptions: + disableNameSuffixHash: true +configurations: + - kustomize-config.yaml diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomize-config.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomize-config.yaml new file mode 100644 index 000000000..58f92ba15 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomize-config.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config-map.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config-map.yaml new file mode 100644 index 000000000..743c68d2f --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config-map.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: minecraft-playground-world-env +data: + EULA: "true" + DIFFICULTY: peaceful + OPS: "tyriis,jazzlyin" + MAX_PLAYERS: "25" + ALLOW_NETHER: "true" + ENABLE_COMMAND_BLOCK: "true" + GENERATE_STRUCTURES: "false" + SPAWN_ANIMALS: "false" + SPAWN_MONSTERS: "false" + SPAWN_NPCS: "false" + SPAWN_PROTECTION: "0" + VIEW_DISTANCE: "14" + MODE: creative + MOTD: techicraft playground + PVP: "false" + LEVEL_TYPE: FLAT + ONLINE_MODE: "false" + CF_PARALLEL_DOWNLOADS: "4" + ENABLE_RCON: "true" + MAX_BUILD_HEIGHT: "256" + ENABLE_ROLLING_LOGS: "true" + LOG_TIMESTAMP: "true" + SNOOPER_ENABLED: "true" + LEVEL: playground + SERVER_NAME: playground + STOP_SERVER_ANNOUNCE_DELAY: "30" + STOP_DURATION: "30" + USE_AIKAR_FLAGS: "true" diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/paper-global.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/paper-global.yaml index ef64d23bf..25e24896b 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/paper-global.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/paper-global.yaml @@ -99,7 +99,7 @@ proxies: velocity: enabled: true online-mode: true - secret: "TEST" + secret: "${CFG_PROXY_SECRET}" scoreboards: save-empty-scoreboard-teams: true track-plugin-scoreboards: false diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/plugins.txt b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/plugins.txt new file mode 100644 index 000000000..1c68473b3 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/plugins.txt @@ -0,0 +1,2 @@ +# UnifiedMetrics https://hangar.papermc.io/cubxity/UnifiedMetrics +https://github.com/Cubxity/UnifiedMetrics/releases/download/v0.3.8/unifiedmetrics-platform-bukkit-0.3.8.jar diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml index c61eab637..6cee0985d 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml @@ -1,21 +1,24 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: minecraft-public-playground-world + name: &app minecraft-playground-world spec: - interval: 15m + dependsOn: + - name: external-secret-minecraft-proxy-forwarding + - name: external-secret-minecraft-rcon + - name: external-secret-minecraft-curseforge-api-key + interval: 30m driftDetection: mode: enabled chart: spec: - chart: minecraft - interval: 15m - version: 4.23.7 + chart: app-template + version: 3.6.1 sourceRef: kind: HelmRepository - name: minecraft-server-charts + name: bjw-s-charts namespace: flux-system install: createNamespace: true @@ -24,69 +27,131 @@ spec: upgrade: remediation: retries: 3 - # https://artifacthub.io/packages/helm/minecraft-server-charts/minecraft + # https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml values: - image: - repository: ghcr.io/itzg/minecraft-server - tag: latest@sha256:9fcc91f052c47c5da7ae280b7cd1603ee7d657867c19fe4d6b5260edfd72db30 - resources: - requests: - cpu: 100m - memory: 1024Mi - minecraftServer: - # resourcePackUrl: "" - eula: "TRUE" - version: "1.21.4" - type: PAPER - motd: techicraft playground - difficulty: peaceful - ops: "tyriis,jazzlyin" - worldSaveName: playground - enableCommandBlock: true - maxPlayers: 20 - spawnAnimals: false - spawnNPCs: false - spawnProtection: 0 - spawnMonsters: false - allowNether: true - generateStructures: false - viewDistance: 14 - levelType: FLAT - # maxBuildHeight: 256 - gameMode: creative - pvp: false - # https://docs.papermc.io/velocity/player-information-forwarding#configuring-modern-forwarding - onlineMode: false - memory: 1024M + defaultPodOptions: + automountServiceAccountToken: false + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 2000 + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + controllers: + minecraft: + annotations: + reloader.stakater.com/auto: "true" + + containers: + app: + image: + repository: ghcr.io/itzg/minecraft-server + tag: java21@sha256:9fcc91f052c47c5da7ae280b7cd1603ee7d657867c19fe4d6b5260edfd72db30 + probes: + liveness: &probes + enabled: true + custom: true + spec: + initialDelaySeconds: 30 + periodSeconds: 5 + exec: &mc-health { command: ["mc-health"] } + failureThreshold: 20 + readiness: *probes + startup: + <<: *probes + spec: + initialDelaySeconds: 30 + periodSeconds: 1 + failureThreshold: 300 + exec: *mc-health + envFrom: + - secretRef: + name: minecraft-rcon + - secretRef: + name: curseforge-api-key + - configMapRef: + name: minecraft-playground-world-env + env: + # https://docker-minecraft-server.readthedocs.io/en/latest/variables + TZ: ${SETTING_TZ} + TYPE: "PAPER" + # TODO renovate + VERSION: "1.21.4" + MEMORY: "1024M" + MODS_FILE: /config/plugins.txt + REPLACE_ENV_DURING_SYNC: "true" + CFG_PROXY_SECRET: + valueFrom: + secretKeyRef: + name: minecraft-proxy-forwarding + key: forwarding.secret + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + ports: + - name: java + containerPort: &port 25565 + - name: rcon + containerPort: &rconPort 25575 + - name: metrics + containerPort: &metricsPort 9100 + + resources: + requests: + cpu: 100m + memory: 1Gi + + service: + minecraft: + controller: minecraft + type: ClusterIP + ports: + java: + port: *port + protocol: TCP + metrics: + port: *metricsPort + protocol: TCP rcon: - enabled: false - persistence: - dataDir: + controller: minecraft + type: ClusterIP + ports: + rcon: + port: *rconPort + protocol: TCP + + serviceMonitor: + metrics: enabled: true - existingClaim: minecraft-public-playground-world-data + serviceName: minecraft-playground-world-minecraft + endpoints: + - port: metrics + scheme: http + path: / + interval: 1m - postRenderers: - - kustomize: - patches: - - target: - kind: Deployment - name: minecraft-public-playground-world-minecraft - patch: |- - - op: add - path: /spec/template/spec/volumes/- - value: - name: config - configMap: - name: minecraft-public-playground-world-config - - op: add - path: /spec/template/spec/containers/0/volumeMounts/- - value: - name: config - mountPath: /config/spigot.yml - subPath: spigot.yml - - op: add - path: /spec/template/spec/containers/0/volumeMounts/- - value: - name: config - mountPath: /config/paper-global.yml - subPath: paper-global.yml + persistence: + data: + existingClaim: minecraft-playground-world-data + advancedMounts: + minecraft: + app: + - path: /data + config: + type: configMap + name: minecraft-playground-world-config + globalMounts: + - path: /config/spigot.yml + subPath: spigot.yml + readOnly: true + - path: /config/paper-global.yml + subPath: paper-global.yml + readOnly: true + - path: /config/plugins.txt + subPath: plugins.txt + readOnly: true diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/kustomization.yaml index 4f128bd04..a0b44c1a9 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/kustomization.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/kustomization.yaml @@ -3,16 +3,18 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - config-map.yaml - secret.sops.yaml - replication-destination.yaml - persistent-volume-claim.yaml - replication-source.yaml - helm-release.yaml configMapGenerator: - - name: minecraft-public-playground-world-config + - name: minecraft-playground-world-config files: - spigot.yml=config/spigot.yaml - paper-global.yml=config/paper-global.yaml + - plugins.txt=config/plugins.txt generatorOptions: disableNameSuffixHash: true annotations: diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/persistent-volume-claim.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/persistent-volume-claim.yaml index b6fbb3d8f..10e52dcdb 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/persistent-volume-claim.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/persistent-volume-claim.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: minecraft-public-playground-world-data + name: minecraft-playground-world-data spec: accessModes: - ReadWriteOnce dataSourceRef: kind: ReplicationDestination apiGroup: volsync.backube - name: minecraft-public-playground-world-data + name: minecraft-playground-world-data resources: requests: storage: 10Gi diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-destination.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-destination.yaml index 9274d8daf..1cc9ff060 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-destination.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-destination.yaml @@ -3,7 +3,7 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationDestination metadata: - name: minecraft-public-playground-world-data + name: minecraft-playground-world-data labels: # https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources kustomize.toolkit.fluxcd.io/ssa: IfNotPresent diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-source.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-source.yaml index 7bed98635..97e1e158c 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-source.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/replication-source.yaml @@ -3,11 +3,11 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: minecraft-public-playground-world-data + name: minecraft-playground-world-data spec: - sourcePVC: minecraft-public-playground-world-data + sourcePVC: minecraft-playground-world-data trigger: - schedule: "0 * * * *" + schedule: "35 2 * * *" restic: copyMethod: Snapshot pruneIntervalDays: 14 diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config-map.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config-map.yaml new file mode 100644 index 000000000..04cffe78d --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config-map.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: minecraft-survival-world-env +data: + EULA: "true" + DIFFICULTY: normal + OPS: "tyriis,jazzlyin" + MAX_PLAYERS: "25" + ALLOW_NETHER: "true" + ENABLE_COMMAND_BLOCK: "false" + GENERATE_STRUCTURES: "true" + SPAWN_ANIMALS: "true" + SPAWN_MONSTERS: "true" + SPAWN_NPCS: "true" + SPAWN_PROTECTION: "0" + VIEW_DISTANCE: "14" + MODE: survival + MOTD: welcome to techicraft, have fun! + PVP: "true" + LEVEL_TYPE: DEFAULT + ONLINE_MODE: "false" + CF_PARALLEL_DOWNLOADS: "4" + ENABLE_RCON: "true" + ENABLE_ROLLING_LOGS: "true" + LOG_TIMESTAMP: "true" + SNOOPER_ENABLED: "true" + LEVEL: survival2 + SERVER_NAME: survival2 + STOP_SERVER_ANNOUNCE_DELAY: "30" + STOP_DURATION: "30" + USE_AIKAR_FLAGS: "true" + SEED: "4172997236519720604" diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml index ef64d23bf..25e24896b 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml @@ -99,7 +99,7 @@ proxies: velocity: enabled: true online-mode: true - secret: "TEST" + secret: "${CFG_PROXY_SECRET}" scoreboards: save-empty-scoreboard-teams: true track-plugin-scoreboards: false diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/plugins.txt b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/plugins.txt new file mode 100644 index 000000000..1c68473b3 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/plugins.txt @@ -0,0 +1,2 @@ +# UnifiedMetrics https://hangar.papermc.io/cubxity/UnifiedMetrics +https://github.com/Cubxity/UnifiedMetrics/releases/download/v0.3.8/unifiedmetrics-platform-bukkit-0.3.8.jar diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml index dc7b75aec..e45f8c0a2 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml @@ -1,21 +1,24 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: minecraft-public-survival-world + name: &app minecraft-survival-world spec: - interval: 15m + dependsOn: + - name: external-secret-minecraft-proxy-forwarding + - name: external-secret-minecraft-rcon + - name: external-secret-minecraft-curseforge-api-key + interval: 30m driftDetection: mode: enabled chart: spec: - chart: minecraft - interval: 15m - version: 4.23.7 + chart: app-template + version: 3.6.1 sourceRef: kind: HelmRepository - name: minecraft-server-charts + name: bjw-s-charts namespace: flux-system install: createNamespace: true @@ -24,76 +27,134 @@ spec: upgrade: remediation: retries: 3 - # https://artifacthub.io/packages/helm/minecraft-server-charts/minecraft + # https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml values: - image: - repository: ghcr.io/itzg/minecraft-server - tag: latest@sha256:9fcc91f052c47c5da7ae280b7cd1603ee7d657867c19fe4d6b5260edfd72db30 - resources: - requests: - cpu: 250m - memory: 4Gi - extraEnv: - ENABLE_ROLLING_LOGS: "true" - LOG_TIMESTAMP: "true" - JVM_XX_OPTS: -XX:MaxRAMPercentage=75 - MAX_MEMORY: 12G - USE_AIKAR_FLAGS: "true" - SNOOPER_ENABLED: "false" - minecraftServer: - # resourcePackUrl: "" - eula: "TRUE" - version: "1.21.4" - type: PAPER - motd: welcome to techicraft, have fun! - difficulty: normal - ops: "tyriis,jazzlyin" - worldSaveName: survival2 - levelSeed: "4172997236519720604" - enableCommandBlock: false - maxPlayers: 50 - spawnAnimals: true - spawnNPCs: true - spawnProtection: 0 - spawnMonsters: true - allowNether: true - generateStructures: true - viewDistance: 14 - levelType: default - # maxBuildHeight: 256 - gameMode: survival - pvp: true - # https://docs.papermc.io/velocity/player-information-forwarding#configuring-modern-forwarding - onlineMode: false - memory: 1024M + defaultPodOptions: + automountServiceAccountToken: false + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 2000 + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + controllers: + minecraft: + annotations: + reloader.stakater.com/auto: "true" + + containers: + app: + image: + repository: ghcr.io/itzg/minecraft-server + tag: java21@sha256:9fcc91f052c47c5da7ae280b7cd1603ee7d657867c19fe4d6b5260edfd72db30 + probes: + liveness: &probes + enabled: true + custom: true + spec: + initialDelaySeconds: 30 + periodSeconds: 5 + exec: &mc-health { command: ["mc-health"] } + failureThreshold: 20 + readiness: *probes + startup: + <<: *probes + spec: + initialDelaySeconds: 30 + periodSeconds: 1 + failureThreshold: 300 + exec: *mc-health + envFrom: + - secretRef: + name: minecraft-rcon + - secretRef: + name: curseforge-api-key + - configMapRef: + name: minecraft-survival-world-env + env: + # https://docker-minecraft-server.readthedocs.io/en/latest/variables + TZ: ${SETTING_TZ} + TYPE: "PAPER" + # TODO renovate + VERSION: "1.21.4" + # try to fix memory issues and performance + JVM_XX_OPTS: -XX:MaxRAMPercentage=75 + MAX_MEMORY: 4096M + MEMORY: "2048M" + MODS_FILE: /config/plugins.txt + REPLACE_ENV_DURING_SYNC: "true" + CFG_PROXY_SECRET: + valueFrom: + secretKeyRef: + name: minecraft-proxy-forwarding + key: forwarding.secret + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + ports: + - name: java + containerPort: &port 25565 + - name: rcon + containerPort: &rconPort 25575 + - name: metrics + containerPort: &metricsPort 9100 + + resources: + requests: + cpu: 500m + memory: 4Gi + + service: + minecraft: + controller: minecraft + type: ClusterIP + ports: + java: + port: *port + protocol: TCP + metrics: + port: *metricsPort + protocol: TCP rcon: - enabled: false - persistence: - dataDir: + controller: minecraft + type: ClusterIP + ports: + rcon: + port: *rconPort + protocol: TCP + + serviceMonitor: + metrics: enabled: true - existingClaim: minecraft-public-survival-world-data - postRenderers: - - kustomize: - patches: - - target: - kind: Deployment - name: minecraft-public-survival-world-minecraft - patch: |- - - op: add - path: /spec/template/spec/volumes/- - value: - name: config - configMap: - name: minecraft-public-survival-world-config - - op: add - path: /spec/template/spec/containers/0/volumeMounts/- - value: - name: config - mountPath: /config/spigot.yml - subPath: spigot.yml - - op: add - path: /spec/template/spec/containers/0/volumeMounts/- - value: - name: config - mountPath: /config/paper-global.yml - subPath: paper-global.yml + serviceName: minecraft-survival-world-minecraft + endpoints: + - port: metrics + scheme: http + path: / + interval: 1m + + persistence: + data: + existingClaim: minecraft-survival-world-data + advancedMounts: + minecraft: + app: + - path: /data + config: + type: configMap + name: minecraft-survival-world-config + globalMounts: + - path: /config/spigot.yml + subPath: spigot.yml + readOnly: true + - path: /config/paper-global.yml + subPath: paper-global.yml + readOnly: true + - path: /config/plugins.txt + subPath: plugins.txt + readOnly: true diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml index 252f8a1b3..4ee28d519 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - config-map.yaml - secret.sops.yaml - replication-destination.yaml - persistent-volume-claim.yaml diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/forwarding.secret b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/forwarding.secret deleted file mode 100644 index 2a02d41ce..000000000 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/forwarding.secret +++ /dev/null @@ -1 +0,0 @@ -TEST diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/plugins.txt b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/plugins.txt new file mode 100644 index 000000000..7e98c4141 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/plugins.txt @@ -0,0 +1,10 @@ +# geyser +https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity +# floodgate +https://download.geysermc.org/v2/projects/floodgate/versions/latest/builds/latest/downloads/velocity +# UnifiedMetrics https://hangar.papermc.io/cubxity/UnifiedMetrics +https://github.com/Cubxity/UnifiedMetrics/releases/download/v0.3.8/unifiedmetrics-platform-velocity-0.3.8.jar +# simple coice chat +https://cdn.modrinth.com/data/9eGKb6K1/versions/yGTasgG4/voicechat-velocity-2.5.24.jar +# simplewhitelist +https://cdn.modrinth.com/data/mGVcEBwo/versions/fhsSOjSc/simplewhitelist-velocity-1.0.0.jar diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml index ed187bb7e..67bf31bf0 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml @@ -10,13 +10,13 @@ motd = "<#09add3>A Velocity Server" # What should we display for the maximum number of players? (Velocity does not support a cap # on the number of players online.) -show-max-players = 500 +show-max-players = 25 # Should we authenticate players with Mojang? By default, this is on. online-mode = true # Should the proxy enforce the new public key security standard? By default, this is on. -force-key-authentication = true +force-key-authentication = false # If client's ISP/AS sent from this proxy is different from the one from Mojang's # authentication server, the player is kicked. This disallows some VPN and proxy @@ -73,8 +73,8 @@ enable-player-address-logging = true # Configure your servers here. Each key represents the server's name, and the value # represents the IP address of the server to connect to. # creative = "minecraft-creative-world-minecraft:25565" -playground = "minecraft-public-playground-world-minecraft:25565" -survival = "minecraft-public-survival-world-minecraft:25565" +playground = "minecraft-playground-world-minecraft:25565" +survival = "minecraft-survival-world-minecraft:25565" # survival = "minecraft-survival-world-minecraft:25565" # In what order we should try servers when a player logs in or is kicked from a server. diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml index d9703bf7b..391e2c3d9 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml @@ -3,8 +3,11 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: &app minecraft-public-velocity-proxy + name: &app minecraft-velocity-proxy spec: + dependsOn: + - name: external-secret-minecraft-proxy-forwarding + - name: external-secret-minecraft-rcon interval: 15m driftDetection: mode: enabled @@ -25,6 +28,16 @@ spec: retries: 3 # https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml values: + defaultPodOptions: + automountServiceAccountToken: false + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault controllers: velocity: replicas: 1 @@ -33,35 +46,35 @@ spec: pod: labels: ingress.home.arpa/playit: allow - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault + containers: app: nameOverride: *app - # envFrom: - # - secretRef: - # name: bungeecord-rcon + image: + repository: itzg/mc-proxy + tag: java21@sha256:82b6a7b7d9aefbee26ce2c95e399d5e8dde073f5e6e87e6462f4016fca9f52f3 + envFrom: + - secretRef: + name: minecraft-rcon env: + TZ: ${SETTING_TZ} + # for a full list of ENV vars see: https://github.com/itzg/docker-mc-proxy#environment-settings UID: "1000" GID: "1000" TYPE: "VELOCITY" - VELOCITY_VERSION: "latest" - VELOCITY_BUILD_ID: "latest" - PLUGINS: https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity,https://download.geysermc.org/v2/projects/floodgate/versions/latest/builds/latest/downloads/velocity,https://cdn.modrinth.com/data/9eGKb6K1/versions/yGTasgG4/voicechat-velocity-2.5.24.jar,https://cdn.modrinth.com/data/mGVcEBwo/versions/fhsSOjSc/simplewhitelist-velocity-1.0.0.jar - MEMORY: 256M + # TODO renovate + VELOCITY_VERSION: "3.4.0-SNAPSHOT" + # VELOCITY_BUILD_ID: "latest" + PLUGINS_FILE: /config/plugins.txt + INIT_MEMORY: 128M + MAX_MEMORY: 256M # JVM_OPTS: "-Xms128M -Xmx256M" - ENABLE_RCON: "false" - SPIGOT_PLUGIN: "78915" - TZ: ${SETTING_TZ} + # https://docs.papermc.io/velocity/getting-started#launching-velocity-under-macos-or-linux + # JVM_XX_OPTS: "-XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch" + JVM_XX_OPTS: "-XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15" + ICON: "https://storage.googleapis.com/techtales-public-images/server-icon.png" + ENABLE_RCON: "true" - image: - repository: itzg/bungeecord - tag: latest@sha256:82b6a7b7d9aefbee26ce2c95e399d5e8dde073f5e6e87e6462f4016fca9f52f3 securityContext: allowPrivilegeEscalation: false capabilities: @@ -78,9 +91,11 @@ spec: - name: simplevoicechat containerPort: &simplevoicechatPort 24454 protocol: UDP - # - name: rcon - # containerPort: &rconPort 25575 - # protocol: TCP + - name: rcon + containerPort: &rconPort 25575 + protocol: TCP + - name: metrics + containerPort: &metricsPort 9100 probes: readiness: &probes @@ -96,7 +111,7 @@ spec: resources: requests: - cpu: 50m + cpu: 100m memory: 250Mi service: @@ -118,13 +133,30 @@ spec: port: *simplevoicechatPort protocol: UDP targetPort: simplevoicechat - # rcon: - # controller: velocity - # ports: - # rcon: - # port: *rconPort - # protocol: TCP - # targetPort: rcon + rcon: + controller: velocity + ports: + rcon: + port: *rconPort + protocol: TCP + targetPort: rcon + metrics: + controller: velocity + ports: + metrics: + port: *metricsPort + protocol: TCP + targetPort: metrics + + serviceMonitor: + metrics: + enabled: true + serviceName: minecraft-velocity-proxy-metrics + endpoints: + - port: metrics + scheme: http + path: / + interval: 1m persistence: tmp: @@ -133,16 +165,23 @@ spec: - path: /tmp data: type: persistentVolumeClaim - existingClaim: minecraft-public-velocity-proxy-data + existingClaim: minecraft-velocity-proxy-data globalMounts: - path: /server config: type: configMap - name: minecraft-public-velocity-proxy-config + name: minecraft-velocity-proxy-config globalMounts: - path: /config/velocity.toml subPath: velocity.toml readOnly: true + - path: /config/plugins.txt + subPath: plugins.txt + readOnly: true + forwarding-secret: + type: secret + name: minecraft-proxy-forwarding + globalMounts: - path: /config/forwarding.secret subPath: forwarding.secret readOnly: true diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml index 001791b8f..e52c0d169 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml @@ -7,10 +7,10 @@ resources: - persistent-volume-claim.yaml - helm-release.yaml configMapGenerator: - - name: minecraft-public-velocity-proxy-config + - name: minecraft-velocity-proxy-config files: - velocity.toml=config/velocity.toml - - forwarding.secret=config/forwarding.secret + - plugins.txt=config/plugins.txt generatorOptions: disableNameSuffixHash: true annotations: diff --git a/kubernetes/talos-flux/apps/gaming/minecraft-java/playground-world/config/paper-global.yaml b/kubernetes/talos-flux/apps/gaming/minecraft-java/playground-world/config/paper-global.yaml index ef64d23bf..25e24896b 100644 --- a/kubernetes/talos-flux/apps/gaming/minecraft-java/playground-world/config/paper-global.yaml +++ b/kubernetes/talos-flux/apps/gaming/minecraft-java/playground-world/config/paper-global.yaml @@ -99,7 +99,7 @@ proxies: velocity: enabled: true online-mode: true - secret: "TEST" + secret: "${CFG_PROXY_SECRET}" scoreboards: save-empty-scoreboard-teams: true track-plugin-scoreboards: false diff --git a/kubernetes/talos-flux/apps/gaming/minecraft-java/survival-world/helm-release.yaml b/kubernetes/talos-flux/apps/gaming/minecraft-java/survival-world/helm-release.yaml index df2e16394..f63539b06 100644 --- a/kubernetes/talos-flux/apps/gaming/minecraft-java/survival-world/helm-release.yaml +++ b/kubernetes/talos-flux/apps/gaming/minecraft-java/survival-world/helm-release.yaml @@ -95,11 +95,11 @@ spec: - ALL ports: - name: java - containerPort: 25565 + containerPort: &port 25565 - name: rcon - containerPort: 25575 + containerPort: &rconPort 25575 - name: metrics - containerPort: 9100 + containerPort: &metricsPort 9100 resources: requests: @@ -112,17 +112,17 @@ spec: type: ClusterIP ports: java: - port: 25565 + port: *port protocol: TCP metrics: - port: 9100 + port: *metricsPort protocol: TCP rcon: controller: minecraft type: ClusterIP ports: rcon: - port: 25575 + port: *rconPort protocol: TCP serviceMonitor: