| apiVersion: headscale.dodo.cloud/v1 |
| kind: HeadscaleUser |
| metadata: |
| name: {{ .Values.username }} |
| namespace: {{ .Release.Namespace }} |
| spec: |
| headscaleAddress: {{ .Values.apiServer }} |
| name: {{ .Values.username }} |
| preAuthKey: |
| enabled: true |
| secretName: {{ .Values.preAuthKeySecret }} |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: tailscale |
| namespace: {{ .Release.Namespace }} |
| spec: |
| selector: |
| matchLabels: |
| app: tailscale |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: tailscale |
| spec: |
| containers: |
| - name: tailscale |
| image: {{ .Values.image.repository }}:{{ .Values.image.tag }} |
| imagePullPolicy: {{ .Values.image.pullPolicy }} |
| securityContext: |
| privileged: true |
| capabilities: |
| add: |
| - NET_ADMIN |
| env: |
| - name: TS_KUBE_SECRET |
| value: {{ .Values.preAuthKeySecret }} |
| - name: TS_HOSTNAME |
| value: {{ .Values.hostname }} |
| {{- if .Values.ipSubnet }} |
| - name: TS_ROUTES |
| value: {{ .Values.ipSubnet }} |
| {{- end }} |
| - name: TS_EXTRA_ARGS |
| value: --login-server={{ .Values.loginServer }} |