Real sidecar perhaps with manual start

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
2025-03-05 11:41:43 +00:00 · 2025-03-05 11:41:43 +00:00 · f709eec878
commit f709eec878
parent 3c3107b021
1 changed files with 19 additions and 34 deletions
--- a/apps-kustomized/torrents/deploy.yaml
+++ b/apps-kustomized/torrents/deploy.yaml
@ -16,10 +16,28 @@ spec:
    spec:
      initContainers:
      - image: ghcr.io/tailscale/tailscale:v1.80.3
+        restartPolicy: Always # Sidecar
+        env:
+        - name: TS_KUBE_SECRET
+          value: tailscale
+        - name: TS_USERSPACE
+          value: "false"
+        - name: TS_OUTBOUND_HTTP_PROXY_LISTEN
+          value: "localhost:1055"
+        - name: TS_SOCKS5_SERVER
+          value: "localhost:1055"
+        - name: TS_EXTRA_ARGS
+          value: "--exit-node=100.90.55.121"
+        - name: TS_AUTHKEY
+          valueFrom:
+            secretKeyRef:
+              key: TS_AUTHKEY
+              name: tailscale-auth
+              optional: true
        command:
        - /bin/sh
        - -c
-        - mkdir -p /persist/var/lib/tailscale; touch /run/xtables.lock
+        - while sleep 1; do echo '.'; done
        name: ts-prep
        securityContext:
          runAsGroup: 0
@ -31,8 +49,6 @@ spec:
          readOnly: true
        - mountPath: /persist
          name: persist
-        - mountPath: /run
-          name: runfolder
      containers:
      - image: qbittorrentofficial/qbittorrent-nox:latest
        name: qbittorrent
@ -57,23 +73,6 @@ spec:
          value: "/config"
        - name: QBT_DOWNLOADS
          value: "/downloads"
-      - env:
-        - name: TS_KUBE_SECRET
-          value: tailscale
-        - name: TS_USERSPACE
-          value: "false"
-        - name: TS_OUTBOUND_HTTP_PROXY_LISTEN
-          value: "localhost:1055"
-        - name: TS_SOCKS5_SERVER
-          value: "localhost:1055"
-        - name: TS_EXTRA_ARGS
-          value: "--exit-node=100.90.55.121"
-        - name: TS_AUTHKEY
-          valueFrom:
-            secretKeyRef:
-              key: TS_AUTHKEY
-              name: tailscale-auth
-              optional: true
 #        livenessProbe:
 #          exec:
 #            command:
@ -82,20 +81,6 @@ spec:
 #            - 100.100.100.100
 #          initialDelaySeconds: 120
 #          periodSeconds: 5
-        image: ghcr.io/tailscale/tailscale:v1.80.3
-        name: ts-sidecar
-        securityContext:
-          runAsGroup: 0
-          runAsUser: 0
-          privileged: true
-        volumeMounts:
-        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-          name: kube-api-access-t4rzn
-          readOnly: true
-        - mountPath: /persist
-          name: persist
-        - mountPath: /run
-          name: runfolder
      preemptionPolicy: PreemptLowerPriority
      priority: 0
      serviceAccountName: tailscale