Blame - charts/tailscale-proxy/templates/install.yaml - pcloud

blob: f85f7534333778f68435a01d9e96e3a67c8a4981 [file] [log] [blame]

Giorgi Lekveishvili	cb64b16	2023-06-16 11:51:00 +0400	[diff] [blame]	1	# apiVersion: v1
				2	# kind: PersistentVolumeClaim
				3	# metadata:
				4	# name: tailscale
				5	# namespace: {{ .Release.Namespace }}
				6	# annotations:
				7	# helm.sh/resource-policy: keep
				8	# spec:
				9	# accessModes:
				10	# - ReadWriteOnce
				11	# resources:
				12	# requests:
				13	# storage: 1Gi
Giorgi Lekveishvili	2c1253c	2023-06-13 12:06:42 +0400	[diff] [blame]	14	---
Giorgi Lekveishvili	81ba75e	2023-06-15 21:14:21 +0400	[diff] [blame]	15	apiVersion: headscale.dodo.cloud/v1
				16	kind: HeadscaleUser
				17	metadata:
				18	name: {{ .Values.username }}
				19	namespace: {{ .Release.Namespace }}
				20	spec:
Giorgi Lekveishvili	2a1c352	2023-06-21 14:15:08 +0400	[diff] [blame]	21	headscaleAddress: {{ .Values.apiServer }}
Giorgi Lekveishvili	81ba75e	2023-06-15 21:14:21 +0400	[diff] [blame]	22	name: {{ .Values.username }}
				23	preAuthKey:
				24	enabled: true
				25	secretName: {{ .Values.preAuthKeySecret }}
				26	---
Giorgi Lekveishvili	2c1253c	2023-06-13 12:06:42 +0400	[diff] [blame]	27	apiVersion: apps/v1
				28	kind: Deployment
				29	metadata:
				30	name: tailscale
				31	namespace: {{ .Release.Namespace }}
				32	spec:
				33	selector:
				34	matchLabels:
				35	app: tailscale
				36	replicas: 1
				37	template:
				38	metadata:
				39	labels:
				40	app: tailscale
				41	spec:
Giorgi Lekveishvili	cb64b16	2023-06-16 11:51:00 +0400	[diff] [blame]	42	# volumes:
				43	# - name: tailscale
				44	# persistentVolumeClaim:
				45	# claimName: tailscale
Giorgi Lekveishvili	2c1253c	2023-06-13 12:06:42 +0400	[diff] [blame]	46	containers:
				47	- name: tailscale
				48	image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
				49	imagePullPolicy: {{ .Values.image.pullPolicy }}
				50	securityContext:
				51	privileged: true
				52	capabilities:
				53	add:
				54	- NET_ADMIN
				55	env:
				56	- name: TS_KUBE_SECRET
Giorgi Lekveishvili	cb64b16	2023-06-16 11:51:00 +0400	[diff] [blame]	57	value: {{ .Values.preAuthKeySecret }}
				58	# - name: TS_STATE_DIR
				59	# value: /tailscale-state
				60	# - name: TS_AUTHKEY
				61	# valueFrom:
				62	# secretKeyRef:
				63	# name: {{ .Values.preAuthKeySecret }}
				64	# key: key
Giorgi Lekveishvili	81ba75e	2023-06-15 21:14:21 +0400	[diff] [blame]	65	- name: TS_HOSTNAME
				66	value: {{ .Values.hostname }}
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	67	{{- if .Values.ipSubnet }}
Giorgi Lekveishvili	81ba75e	2023-06-15 21:14:21 +0400	[diff] [blame]	68	- name: TS_ROUTES
				69	value: {{ .Values.ipSubnet }}
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	70	{{- end }}
Giorgi Lekveishvili	2c1253c	2023-06-13 12:06:42 +0400	[diff] [blame]	71	- name: TS_EXTRA_ARGS
Giorgi Lekveishvili	117694a	2023-06-16 11:35:07 +0400	[diff] [blame]	72	value: --login-server={{ .Values.loginServer }}
Giorgi Lekveishvili	cb64b16	2023-06-16 11:51:00 +0400	[diff] [blame]	73	# volumeMounts:
				74	# - name: tailscale
				75	# mountPath: /tailscale-state
Giorgi Lekveishvili	488ac3b	2023-06-16 12:14:11 +0400	[diff] [blame]	76	---
				77	apiVersion: rbac.authorization.k8s.io/v1
				78	kind: Role
				79	metadata:
				80	name: secrets
				81	namespace: {{ .Release.Namespace }}
				82	rules:
				83	- apiGroups: [""]
				84	resources: ["secrets"]
Giorgi Lekveishvili	8921297	2023-06-16 12:32:06 +0400	[diff] [blame]	85	verbs: ["get", "watch", "list", "patch", "update"]
Giorgi Lekveishvili	488ac3b	2023-06-16 12:14:11 +0400	[diff] [blame]	86	---
				87	apiVersion: rbac.authorization.k8s.io/v1
				88	kind: RoleBinding
				89	metadata:
				90	name: secrets
				91	namespace: {{ .Release.Namespace }}
				92	subjects:
				93	- kind: ServiceAccount
				94	name: default
				95	namespace: {{ .Release.Namespace }}
				96	roleRef:
				97	kind: Role
				98	name: secrets
				99	apiGroup: rbac.authorization.k8s.io