镜像
准备工作
创建命名空间
kubectl create ns clash
镜像
镜像使用的是自己构建的。registry.cn-hongkong.aliyuncs.com/jansora/clash-and-dashboard:v1.16.0
该镜像已包含了 ui 管理。
构建方式看这里。
https://github.com/LaoYutang/clash-and-dashboard/blob/master/build/Dockerfile
订阅文件。
我这里保存到了互联网中,好管理一些。
https://cdn.jansora.com/files/xxx.yaml
k8s 配置文件。大致内容如下。
1.下载配置文件到本地,启动时指定该文件。
2. nginx 代理 external-controller: '0.0.0.0:9090'
远程管理端口。
这个配置要根据订阅文件进行调整
3. Service 暴露需要的端口。
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: clash-naiko
namespace: clash
spec:
selector:
matchLabels:
app: clash-naiko
replicas: 1
template:
metadata:
labels:
app: clash-naiko
spec:
containers:
- name: clash-naiko
image: registry.cn-hongkong.aliyuncs.com/jansora/clash-and-dashboard:v1.16.0
imagePullPolicy: IfNotPresent
# 创建目录的命令
command: [ "/bin/sh", "-c" ]
args: [ 'wget https://cdn.jansora.com/files/xxx.yaml -O /config.yaml && /usr/sbin/nginx
&&
/clash -f /config.yaml ' ]
volumeMounts:
- name: config-volume
mountPath: /etc/nginx/nginx.conf # 具体路径请参考官方文档
subPath: nginx.conf
volumes:
- name: config-volume
configMap:
name: naiko-config
serviceName: clash-naiko
---
apiVersion: v1
kind: Service
metadata:
name: clash-naiko
namespace: clash
spec:
type: ClusterIP
selector:
app: clash-naiko
# app.kubernetes.io/name: hole-pre
ports:
- protocol: TCP
port: 80
targetPort: 80
name: dashboard
- protocol: TCP
port: 7890
targetPort: 7890
name: http
- protocol: TCP
port: 7891
targetPort: 7891
name: socks5
---
# 创建 configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: naiko-config
namespace: clash
data:
nginx.conf: |
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
default_type 'text/html';
charset utf-8;
location / {
root /dashboard;
}
location /api {
rewrite ^/api(.*)$ $1 break;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:9090;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
}
可以通过 ingress 或者 nodePort service 模式暴露出 web 服务。
外面再接一个公网 nginx
server {
listen 80;
http2 on;
server_name xxx.jansora.com;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://xxx:xxx;
}
}
需要注意的是,不能通过 https 协议暴露到公网。 不然 ws 方式的管理后台会报错。