charts/tailscale/templates/install.yaml - pcloud - Gitiles

 # apiVersion: v1
 # kind: PersistentVolumeClaim
 # metadata:
 #   name: tailscale
 #   namespace: {{ .Release.Namespace }}
 #   annotations:
 #     helm.sh/resource-policy: keep
 # spec:
 #   accessModes:
 #     - ReadWriteOnce
 #   resources:
 #     requests:
 #       storage: 1Gi
 ---
 apiVersion: headscale.dodo.cloud/v1
 kind: HeadscaleUser
 metadata:
   name: {{ .Values.username }}
   namespace: {{ .Release.Namespace }}
 spec:
   headscaleAddress: {{ .Values.loginServer }}
   name: {{ .Values.username }}
   preAuthKey:
     enabled: true
     secretName: {{ .Values.preAuthKeySecret }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: tailscale
   namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
       app: tailscale
   replicas: 1
   template:
     metadata:
       labels:
         app: tailscale
     spec:
       # volumes:
       # - name: tailscale
       #   persistentVolumeClaim:
       #     claimName: tailscale
       containers:
       - name: tailscale
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           privileged: true
           capabilities:
             add:
             - NET_ADMIN
         env:
         - name: TS_KUBE_SECRET
           value: {{ .Values.preAuthKeySecret }}
         # - name: TS_STATE_DIR
         #   value: /tailscale-state
         # - name: TS_AUTHKEY
         #   valueFrom:
         #     secretKeyRef:
         #       name: {{ .Values.preAuthKeySecret }}
         #       key: key
         - name: TS_HOSTNAME
           value: {{ .Values.hostname }}
         - name: TS_ROUTES
           value: {{ .Values.ipSubnet }}
         - name: TS_EXTRA_ARGS
           value: --login-server={{ .Values.loginServer }}
         # volumeMounts:
         # - name: tailscale
         #   mountPath: /tailscale-state
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: secrets
   namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["get", "watch", "list", "patch", "update"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: secrets
   namespace: {{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role
   name: secrets
   apiGroup: rbac.authorization.k8s.io
	# apiVersion: v1
	# kind: PersistentVolumeClaim
	# metadata:
	# name: tailscale
	# namespace: {{ .Release.Namespace }}
	# annotations:
	# helm.sh/resource-policy: keep
	# spec:
	# accessModes:
	# - ReadWriteOnce
	# resources:
	# requests:
	# storage: 1Gi
	---
	apiVersion: headscale.dodo.cloud/v1
	kind: HeadscaleUser
	metadata:
	name: {{ .Values.username }}
	namespace: {{ .Release.Namespace }}
	spec:
	headscaleAddress: {{ .Values.loginServer }}
	name: {{ .Values.username }}
	preAuthKey:
	enabled: true
	secretName: {{ .Values.preAuthKeySecret }}
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: tailscale
	namespace: {{ .Release.Namespace }}
	spec:
	selector:
	matchLabels:
	app: tailscale
	replicas: 1
	template:
	metadata:
	labels:
	app: tailscale
	spec:
	# volumes:
	# - name: tailscale
	# persistentVolumeClaim:
	# claimName: tailscale
	containers:
	- name: tailscale
	image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	securityContext:
	privileged: true
	capabilities:
	add:
	- NET_ADMIN
	env:
	- name: TS_KUBE_SECRET
	value: {{ .Values.preAuthKeySecret }}
	# - name: TS_STATE_DIR
	# value: /tailscale-state
	# - name: TS_AUTHKEY
	# valueFrom:
	# secretKeyRef:
	# name: {{ .Values.preAuthKeySecret }}
	# key: key
	- name: TS_HOSTNAME
	value: {{ .Values.hostname }}
	- name: TS_ROUTES
	value: {{ .Values.ipSubnet }}
	- name: TS_EXTRA_ARGS
	value: --login-server={{ .Values.loginServer }}
	# volumeMounts:
	# - name: tailscale
	# mountPath: /tailscale-state
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: secrets
	namespace: {{ .Release.Namespace }}
	rules:
	- apiGroups: [""]
	resources: ["secrets"]
	verbs: ["get", "watch", "list", "patch", "update"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: secrets
	namespace: {{ .Release.Namespace }}
	subjects:
	- kind: ServiceAccount
	name: default
	namespace: {{ .Release.Namespace }}
	roleRef:
	kind: Role
	name: secrets
	apiGroup: rbac.authorization.k8s.io