feat(minecraft): rework velocity proxy #3537
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by OX Security |
--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync ConfigMap: flux-system/cluster-settings
+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync ConfigMap: flux-system/cluster-settings
@@ -1,12 +1,12 @@
---
apiVersion: v1
data:
SETTING_CILIUM_ADGUARD_ADDR: 192.168.1.85
- SETTING_CILIUM_EMQX_ADDR: 192.168.1.83
SETTING_CILIUM_MINECRAFT_PROXY_ADDR: 192.168.1.82
+ SETTING_CILIUM_MINECRAFT_PROXY_ADDR2: 192.168.1.83
SETTING_CILIUM_SYNCTHING_ADDR: 192.168.1.84
SETTING_CILIUM_TRAEFIK_ADDR: 192.168.1.80
SETTING_CILIUM_UNIFI_ADDR: 192.168.1.81
SETTING_CLUSTERNAME: talos-flux
SETTING_GATEWAY: 192.168.1.1
SETTING_TZ: Europe/Vienna
--- kubernetes/talos-flux/apps Kustomization: flux-system/apps-sync Kustomization: flux-system/minecraft-velocity-proxy
+++ kubernetes/talos-flux/apps Kustomization: flux-system/apps-sync Kustomization: flux-system/minecraft-velocity-proxy
@@ -0,0 +1,33 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: apps-sync
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ substitution.flux.home.arpa/enabled: 'true'
+ name: minecraft-velocity-proxy
+ namespace: flux-system
+spec:
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: cilium-config
+ - name: apps-external-secrets-stores
+ interval: 10m
+ path: ./kubernetes/talos-flux/apps/gaming/minecraft-java/velocity-proxy
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops
+ targetNamespace: gaming
+ wait: true
+
--- kubernetes/talos-flux/apps/gaming/minecraft-java/bungeecord Kustomization: flux-system/minecraft-bungeecord HelmRelease: gaming/minecraft-bungeecord
+++ kubernetes/talos-flux/apps/gaming/minecraft-java/bungeecord Kustomization: flux-system/minecraft-bungeecord HelmRelease: gaming/minecraft-bungeecord
@@ -51,34 +51,22 @@
values:
configFilePath: /config/config.yml
extraEnv:
SPIGOT_PLUGIN: '78915'
minecraftProxy:
externalTrafficPolicy: Local
- extraPorts:
- - containerPort: 19132
- ingress:
- enabled: false
- name: bedrock
- protocol: UDP
- service:
- embedded: true
- enabled: true
- port: 19132
loadBalancerIP: 192.168.1.82
plugins:
- https://github.com/Army-py/SlashServer/releases/download/tested/SlashServer-4.0.jar
- - https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity
rcon:
enabled: true
existingSecret: bungeecord-rcon
secretKey: RCON_PASSWORD
serviceType: ClusterIP
serviceType: LoadBalancer
- type: VELOCITY
- velocityVersion: 3.3.0-SNAPSHOT
+ type: WATERFALL
podAnnotations:
reloader.stakater.com/auto: 'true'
podSecurityContext:
fsGroup: 1000
runAsGroup: 1000
runAsNonRoot: true
--- kubernetes/talos-flux/apps/gaming/minecraft-java/velocity-proxy Kustomization: flux-system/minecraft-velocity-proxy HelmRelease: gaming/minecraft-velocity-proxy
+++ kubernetes/talos-flux/apps/gaming/minecraft-java/velocity-proxy Kustomization: flux-system/minecraft-velocity-proxy HelmRelease: gaming/minecraft-velocity-proxy
@@ -0,0 +1,89 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/instance: minecraft-velocity
+ app.kubernetes.io/name: minecraft-velocity
+ kustomize.toolkit.fluxcd.io/name: minecraft-velocity-proxy
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: minecraft-velocity-proxy
+ namespace: gaming
+spec:
+ chart:
+ spec:
+ chart: minecraft-proxy
+ interval: 15m
+ sourceRef:
+ kind: HelmRepository
+ name: minecraft-server-charts
+ namespace: flux-system
+ version: 3.8.0
+ driftDetection:
+ mode: enabled
+ install:
+ createNamespace: true
+ remediation:
+ retries: 3
+ interval: 15m
+ postRenderers:
+ - kustomize:
+ patches:
+ - patch: |-
+ - op: add
+ path: /spec/template/spec/volumes/-
+ value:
+ name: config
+ configMap:
+ name: velocity-config
+ - op: add
+ path: /spec/template/spec/containers/0/volumeMounts/-
+ value:
+ name: config
+ mountPath: /config/velocity.toml
+ subPath: velocity.toml
+ target:
+ kind: Deployment
+ name: minecraft-velocity-proxy-minecraft-proxy
+ upgrade:
+ remediation:
+ retries: 3
+ values:
+ configFilePath: /config/velocity.toml
+ extraEnv:
+ SPIGOT_PLUGIN: '78915'
+ minecraftProxy:
+ externalTrafficPolicy: Local
+ extraPorts:
+ - containerPort: 19132
+ ingress:
+ enabled: false
+ name: bedrock
+ protocol: UDP
+ service:
+ embedded: true
+ enabled: true
+ port: 19132
+ loadBalancerIP: 192.168.1.83
+ plugins:
+ - https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity
+ rcon:
+ enabled: true
+ existingSecret: bungeecord-rcon
+ secretKey: RCON_PASSWORD
+ serviceType: ClusterIP
+ serviceType: LoadBalancer
+ type: VELOCITY
+ velocityVersion: 3.3.0-SNAPSHOT
+ podAnnotations:
+ reloader.stakater.com/auto: 'true'
+ podSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ resources:
+ requests:
+ cpu: 50m
+ memory: 250Mi
+
--- kubernetes/talos-flux/apps/gaming/minecraft-java/velocity-proxy Kustomization: flux-system/minecraft-velocity-proxy ConfigMap: gaming/velocity-config
+++ kubernetes/talos-flux/apps/gaming/minecraft-java/velocity-proxy Kustomization: flux-system/minecraft-velocity-proxy ConfigMap: gaming/velocity-config
@@ -0,0 +1,176 @@
+---
+apiVersion: v1
+data:
+ velocity.toml: |
+ # Config version. Do not change this
+ config-version = "2.7"
+
+ # What port should the proxy be bound to? By default, we'll bind to all addresses on port 25565.
+ bind = "0.0.0.0:25565"
+
+ # What should be the MOTD? This gets displayed when the player adds your server to
+ # their server list. Only MiniMessage format is accepted.
+ motd = "<#09add3>A Velocity Server"
+
+ # What should we display for the maximum number of players? (Velocity does not support a cap
+ # on the number of players online.)
+ show-max-players = 500
+
+ # Should we authenticate players with Mojang? By default, this is on.
+ online-mode = true
+
+ # Should the proxy enforce the new public key security standard? By default, this is on.
+ force-key-authentication = true
+
+ # If client's ISP/AS sent from this proxy is different from the one from Mojang's
+ # authentication server, the player is kicked. This disallows some VPN and proxy
+ # connections but is a weak form of protection.
+ prevent-client-proxy-connections = false
+
+ # Should we forward IP addresses and other data to backend servers?
+ # Available options:
+ # - "none": No forwarding will be done. All players will appear to be connecting
+ # from the proxy and will have offline-mode UUIDs.
+ # - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use this
+ # if you run servers using Minecraft 1.12 or lower.
+ # - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard
+ # plugin. Use this if you run servers using Minecraft 1.12 or lower, and are
+ # unable to implement network level firewalling (on a shared host).
+ # - "modern": Forward player IPs and UUIDs as part of the login process using
+ # Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher.
+ player-info-forwarding-mode = "NONE"
+
+ # If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here.
+ # The file is expected to be UTF-8 encoded and not empty.
+ forwarding-secret-file = "forwarding.secret"
+
+ # Announce whether or not your server supports Forge. If you run a modded server, we
+ # suggest turning this on.
+ #
+ # If your network runs one modpack consistently, consider using ping-passthrough = "mods"
+ # instead for a nicer display in the server list.
+ announce-forge = false
+
+ # If enabled (default is false) and the proxy is in online mode, Velocity will kick
+ # any existing player who is online if a duplicate connection attempt is made.
+ kick-existing-players = false
+
+ # Should Velocity pass server list ping requests to a backend server?
+ # Available options:
+ # - "disabled": No pass-through will be done. The velocity.toml and server-icon.png
+ # will determine the initial server list ping response.
+ # - "mods": Passes only the mod list from your backend server into the response.
+ # The first server in your try list (or forced host) with a mod list will be
+ # used. If no backend servers can be contacted, Velocity won't display any
+ # mod information.
+ # - "description": Uses the description and mod list from the backend server. The first
+ # server in the try (or forced host) list that responds is used for the
+ # description and mod list.
+ # - "all": Uses the backend server's response as the proxy response. The Velocity
+ # configuration is used if no servers could be contacted.
+ ping-passthrough = "DISABLED"
+
+ # If not enabled (default is true) player IP addresses will be replaced by <ip address withheld> in logs
+ enable-player-address-logging = true
+
+ [servers]
+ # Configure your servers here. Each key represents the server's name, and the value
+ # represents the IP address of the server to connect to.
+ lobby = "minecraft-lobby-world-minecraft:25565"
+ creative = "minecraft-creative-world-minecraft:25565"
+ playground = "minecraft-playground-world-minecraft:25565"
+ survival = "minecraft-survival-world-minecraft:25565"
+
+ # In what order we should try servers when a player logs in or is kicked from a server.
+ try = [
+ "lobby"
+ ]
+
+ # [forced-hosts]
+ # # Configure your forced hosts here.
+ # "lobby.example.com" = [
+ # "lobby"
+ # ]
+ # "factions.example.com" = [
+ # "factions"
+ # ]
+ # "minigames.example.com" = [
+ # "minigames"
+ # ]
+
+ [advanced]
+ # How large a Minecraft packet has to be before we compress it. Setting this to zero will
+ # compress all packets, and setting it to -1 will disable compression entirely.
+ compression-threshold = 256
+
+ # How much compression should be done (from 0-9). The default is -1, which uses the
+ # default level of 6.
+ compression-level = -1
+
+ # How fast (in milliseconds) are clients allowed to connect after the last connection? By
+ # default, this is three seconds. Disable this by setting this to 0.
+ login-ratelimit = 3000
+
+ # Specify a custom timeout for connection timeouts here. The default is five seconds.
+ connection-timeout = 5000
+
+ # Specify a read timeout for connections here. The default is 30 seconds.
+ read-timeout = 30000
+
+ # Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then
+ # don't enable it.
+ haproxy-protocol = false
+
+ # Enables TCP fast open support on the proxy. Requires the proxy to run on Linux.
+ tcp-fast-open = false
+
+ # Enables BungeeCord plugin messaging channel support on Velocity.
+ bungee-plugin-message-channel = true
+
+ # Shows ping requests to the proxy from clients.
+ show-ping-requests = false
+
+ # By default, Velocity will attempt to gracefully handle situations where the user unexpectedly
+ # loses connection to the server without an explicit disconnect message by attempting to fall the
+ # user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You
+ # can disable this setting to use the BungeeCord behavior.
+ failover-on-unexpected-server-disconnect = true
+
+ # Declares the proxy commands to 1.13+ clients.
+ announce-proxy-commands = true
+
+ # Enables the logging of commands
+ log-command-executions = false
+
+ # Enables logging of player connections when connecting to the proxy, switching servers
+ # and disconnecting from the proxy.
+ log-player-connections = true
+
+ # Allows players transferred from other hosts via the
+ # Transfer packet (Minecraft 1.20.5) to be received.
+ accepts-transfers = false
+
+ [query]
+ # Whether to enable responding to GameSpy 4 query responses or not.
+ enabled = false
+
+ # If query is enabled, on what port should the query protocol listen on?
+ port = 25565
+
+ # This is the map name that is reported to the query services.
+ map = "Velocity"
+
+ # Whether plugins should be shown in query response by default or not
+ show-plugins = false
+kind: ConfigMap
+metadata:
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
+ labels:
+ app.kubernetes.io/instance: minecraft-velocity
+ app.kubernetes.io/name: minecraft-velocity
+ kustomize.toolkit.fluxcd.io/name: minecraft-velocity-proxy
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: velocity-config
+ namespace: gaming
+ |
--- HelmRelease: gaming/minecraft-bungeecord Service: gaming/minecraft-bungeecord-minecraft-proxy
+++ HelmRelease: gaming/minecraft-bungeecord Service: gaming/minecraft-bungeecord-minecraft-proxy
@@ -13,13 +13,9 @@
externalTrafficPolicy: Local
ports:
- name: proxy
port: 25565
targetPort: proxy
protocol: TCP
- - name: bedrock
- port: 19132
- targetPort: bedrock
- protocol: UDP
selector:
app: minecraft-bungeecord-minecraft-proxy
--- HelmRelease: gaming/minecraft-bungeecord Deployment: gaming/minecraft-bungeecord-minecraft-proxy
+++ HelmRelease: gaming/minecraft-bungeecord Deployment: gaming/minecraft-bungeecord-minecraft-proxy
@@ -58,19 +58,21 @@
env:
- name: UID
value: '1000'
- name: GID
value: '1000'
- name: TYPE
- value: VELOCITY
- - name: VELOCITY_VERSION
- value: 3.3.0-SNAPSHOT
+ value: WATERFALL
+ - name: WATERFALL_VERSION
+ value: latest
+ - name: WATERFALL_BUILD_ID
+ value: latest
- name: BUNGEE_JOB_ID
value: lastStableBuild
- name: PLUGINS
- value: https://github.com/Army-py/SlashServer/releases/download/tested/SlashServer-4.0.jar,https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity
+ value: https://github.com/Army-py/SlashServer/releases/download/tested/SlashServer-4.0.jar
- name: MEMORY
value: 512M
- name: JVM_OPTS
value: ''
- name: ENABLE_RCON
value: 'true'
@@ -85,15 +87,12 @@
- name: proxy
containerPort: 25577
protocol: TCP
- name: rcon
containerPort: 25575
protocol: TCP
- - name: bedrock
- containerPort: 19132
- protocol: UDP
volumeMounts:
- name: tmp
mountPath: /tmp
- name: datadir
mountPath: /server
securityContext:
--- HelmRelease: gaming/minecraft-velocity-proxy Service: gaming/minecraft-velocity-proxy-minecraft-proxy
+++ HelmRelease: gaming/minecraft-velocity-proxy Service: gaming/minecraft-velocity-proxy-minecraft-proxy
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: minecraft-velocity-proxy-minecraft-proxy
+ labels:
+ app: minecraft-velocity-proxy-minecraft-proxy
+ release: minecraft-velocity-proxy
+ heritage: Helm
+spec:
+ type: LoadBalancer
+ loadBalancerIP: 192.168.1.83
+ externalTrafficPolicy: Local
+ ports:
+ - name: proxy
+ port: 25565
+ targetPort: proxy
+ protocol: TCP
+ - name: bedrock
+ port: 19132
+ targetPort: bedrock
+ protocol: UDP
+ selector:
+ app: minecraft-velocity-proxy-minecraft-proxy
+
--- HelmRelease: gaming/minecraft-velocity-proxy Service: gaming/minecraft-velocity-proxy-minecraft-proxy-rcon
+++ HelmRelease: gaming/minecraft-velocity-proxy Service: gaming/minecraft-velocity-proxy-minecraft-proxy-rcon
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: minecraft-velocity-proxy-minecraft-proxy-rcon
+ labels:
+ app: minecraft-velocity-proxy-minecraft-proxy
+ release: minecraft-velocity-proxy
+ heritage: Helm
+spec:
+ type: ClusterIP
+ ports:
+ - name: rcon
+ port: 25575
+ targetPort: rcon
+ protocol: TCP
+ selector:
+ app: minecraft-velocity-proxy-minecraft-proxy
+
--- HelmRelease: gaming/minecraft-velocity-proxy Deployment: gaming/minecraft-velocity-proxy-minecraft-proxy
+++ HelmRelease: gaming/minecraft-velocity-proxy Deployment: gaming/minecraft-velocity-proxy-minecraft-proxy
@@ -0,0 +1,110 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: minecraft-velocity-proxy-minecraft-proxy
+ labels:
+ app: minecraft-velocity-proxy-minecraft-proxy
+ release: minecraft-velocity-proxy
+ heritage: Helm
+spec:
+ replicas: 1
+ strategy:
+ type: null
+ selector:
+ matchLabels:
+ app: minecraft-velocity-proxy-minecraft-proxy
+ template:
+ metadata:
+ labels:
+ app: minecraft-velocity-proxy-minecraft-proxy
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ spec:
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ initContainers: []
+ containers:
+ - name: minecraft-velocity-proxy-minecraft-proxy
+ image: itzg/bungeecord:latest
+ imagePullPolicy: Always
+ tty: true
+ stdin: true
+ resources:
+ requests:
+ cpu: 50m
+ memory: 250Mi
+ readinessProbe:
+ tcpSocket:
+ port: 25577
+ initialDelaySeconds: 30
+ periodSeconds: 5
+ failureThreshold: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ livenessProbe:
+ tcpSocket:
+ port: 25577
+ initialDelaySeconds: 30
+ periodSeconds: 5
+ failureThreshold: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ env:
+ - name: UID
+ value: '1000'
+ - name: GID
+ value: '1000'
+ - name: TYPE
+ value: VELOCITY
+ - name: VELOCITY_VERSION
+ value: 3.3.0-SNAPSHOT
+ - name: BUNGEE_JOB_ID
+ value: lastStableBuild
+ - name: PLUGINS
+ value: https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity
+ - name: MEMORY
+ value: 512M
+ - name: JVM_OPTS
+ value: ''
+ - name: ENABLE_RCON
+ value: 'true'
+ - name: RCON_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: bungeecord-rcon
+ key: RCON_PASSWORD
+ - name: SPIGOT_PLUGIN
+ value: '78915'
+ ports:
+ - name: proxy
+ containerPort: 25577
+ protocol: TCP
+ - name: rcon
+ containerPort: 25575
+ protocol: TCP
+ - name: bedrock
+ containerPort: 19132
+ protocol: UDP
+ volumeMounts:
+ - name: tmp
+ mountPath: /tmp
+ - name: datadir
+ mountPath: /server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumes:
+ - name: tmp
+ emptyDir: {}
+ - name: datadir
+ emptyDir: {}
+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.