feat: add Tailscale operator and DaemonSet
This commit is contained in:
@@ -0,0 +1,56 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: tailscaled
|
||||||
|
namespace: tailscale
|
||||||
|
labels:
|
||||||
|
app: tailscale
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: tailscale
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: tailscale
|
||||||
|
spec:
|
||||||
|
hostNetwork: true
|
||||||
|
serviceAccountName: tailscale
|
||||||
|
containers:
|
||||||
|
- name: tailscale
|
||||||
|
image: tailscale/tailscale:latest
|
||||||
|
env:
|
||||||
|
- name: TS_KUBE_SECRET
|
||||||
|
value: "tailscale-auth"
|
||||||
|
- name: TS_STATE_DIR
|
||||||
|
value: "/var/lib/tailscale"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: tailscale-auth
|
||||||
|
volumeMounts:
|
||||||
|
- name: var-lib-tailscale
|
||||||
|
mountPath: /var/lib/tailscale
|
||||||
|
- name: tailscale-tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
- name: dev-tun
|
||||||
|
mountPath: /dev/net/tun
|
||||||
|
readOnly: true
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
capabilities:
|
||||||
|
add: ["NET_ADMIN", "NET_RAW"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
memory: 200Mi
|
||||||
|
volumes:
|
||||||
|
- name: var-lib-tailscale
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: tailscale
|
||||||
|
- name: tailscale-tmp
|
||||||
|
emptyDir: {}
|
||||||
|
- name: dev-tun
|
||||||
|
hostPath:
|
||||||
|
path: /dev/net/tun
|
||||||
Reference in New Issue
Block a user