env: create tailscale-proxy for ingress-private IP with new env
diff --git a/charts/headscale/templates/headscale.yaml b/charts/headscale/templates/headscale.yaml
index 6b38345..128a24c 100644
--- a/charts/headscale/templates/headscale.yaml
+++ b/charts/headscale/templates/headscale.yaml
@@ -68,6 +68,18 @@
requests:
storage: {{ .Values.storage.size }}
---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: acls
+ namespace: {{ .Release.Namespace }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi # TODO(gio): configurable
+---
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -88,6 +100,9 @@
- name: data
persistentVolumeClaim:
claimName: data
+ - name: acls
+ persistentVolumeClaim:
+ claimName: acls
- name: config
configMap:
name: config
@@ -115,6 +130,9 @@
- name: config
mountPath: /headscale/config
readOnly: true
+ - name: acls
+ mountPath: /headscale/acls
+ readOnly: true
- mountPath: /headscale-api
name: api-socket
- name: headscale-api
@@ -128,6 +146,8 @@
- headscale-api
- --port={{ .Values.api.port }}
- --config=/headscale/config/config.yaml
+ - --domain={{ .Values.api.rootDomain }}
+ - --acls=/headscale/acls/config.hujson
volumeMounts:
- name: data
mountPath: /headscale/data
@@ -135,5 +155,8 @@
- name: config
mountPath: /headscale/config
readOnly: true
+ - name: acls
+ mountPath: /headscale/acls
+ readOnly: false
- mountPath: /headscale-api
name: api-socket