env: create tailscale-proxy for ingress-private IP with new env
diff --git a/charts/headscale/templates/config.yaml b/charts/headscale/templates/config.yaml
index 31582e3..85d8b79 100644
--- a/charts/headscale/templates/config.yaml
+++ b/charts/headscale/templates/config.yaml
@@ -206,7 +206,7 @@
# Path to a file containg ACL policies.
# ACLs can be defined as YAML or HUJSON.
# https://tailscale.com/kb/1018/acls/
- acl_policy_path: ""
+ acl_policy_path: "/headscale/acls/config.hujson" # TODO(gio): mount path must be configurable
## DNS
#
@@ -272,7 +272,7 @@
# help us test it.
# OpenID Connect
oidc:
- only_start_if_oidc_is_available: false
+ only_start_if_oidc_is_available: true
issuer: {{ .Values.oauth2.hydraPublic }}
client_id: {{`{{ .client_id }}`}}
client_secret: {{`{{ .client_secret }}`}}
diff --git a/charts/headscale/templates/headscale.yaml b/charts/headscale/templates/headscale.yaml
index 6b38345..128a24c 100644
--- a/charts/headscale/templates/headscale.yaml
+++ b/charts/headscale/templates/headscale.yaml
@@ -68,6 +68,18 @@
requests:
storage: {{ .Values.storage.size }}
---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: acls
+ namespace: {{ .Release.Namespace }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi # TODO(gio): configurable
+---
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -88,6 +100,9 @@
- name: data
persistentVolumeClaim:
claimName: data
+ - name: acls
+ persistentVolumeClaim:
+ claimName: acls
- name: config
configMap:
name: config
@@ -115,6 +130,9 @@
- name: config
mountPath: /headscale/config
readOnly: true
+ - name: acls
+ mountPath: /headscale/acls
+ readOnly: true
- mountPath: /headscale-api
name: api-socket
- name: headscale-api
@@ -128,6 +146,8 @@
- headscale-api
- --port={{ .Values.api.port }}
- --config=/headscale/config/config.yaml
+ - --domain={{ .Values.api.rootDomain }}
+ - --acls=/headscale/acls/config.hujson
volumeMounts:
- name: data
mountPath: /headscale/data
@@ -135,5 +155,8 @@
- name: config
mountPath: /headscale/config
readOnly: true
+ - name: acls
+ mountPath: /headscale/acls
+ readOnly: false
- mountPath: /headscale-api
name: api-socket
diff --git a/charts/headscale/values.yaml b/charts/headscale/values.yaml
index 78f40b6..e8ccc76 100644
--- a/charts/headscale/values.yaml
+++ b/charts/headscale/values.yaml
@@ -15,6 +15,7 @@
ipAddressPool: example-headscale
api:
port: 8585
+ rootDomain: example.com
image:
repository: giolekva/headscale-api
tag: latest
diff --git a/charts/tailscale/.helmignore b/charts/tailscale-proxy/.helmignore
similarity index 100%
rename from charts/tailscale/.helmignore
rename to charts/tailscale-proxy/.helmignore
diff --git a/charts/tailscale/Chart.yaml b/charts/tailscale-proxy/Chart.yaml
similarity index 100%
rename from charts/tailscale/Chart.yaml
rename to charts/tailscale-proxy/Chart.yaml
diff --git a/charts/tailscale/templates/install.yaml b/charts/tailscale-proxy/templates/install.yaml
similarity index 100%
rename from charts/tailscale/templates/install.yaml
rename to charts/tailscale-proxy/templates/install.yaml
diff --git a/charts/tailscale/values.yaml b/charts/tailscale-proxy/values.yaml
similarity index 100%
rename from charts/tailscale/values.yaml
rename to charts/tailscale-proxy/values.yaml