apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tailscale-proxy
name: tailscale-proxy
spec:
replicas: 1
selector:
matchLabels:
app: tailscale-proxy
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: tailscale-proxy
spec:
containers:
- command:
- /bin/sh
- -c
- 'sh /script/script.sh'
env:
- name: TS_KUBE_SECRET
value: tailscale
- name: COUNTRY
value: Switzerland
- name: TS_AUTHKEY
valueFrom:
secretKeyRef:
key: TS_AUTHKEY
name: tailscale-auth
image: ghcr.io/tailscale/tailscale:v1.80.3
imagePullPolicy: IfNotPresent
startupProbe:
exec:
command:
- /bin/sh
- -c
- tailscale ip | grep ^100 > /dev/null
periodSeconds: 30
failureThreshold: 30
livenessProbe:
exec:
command:
- /bin/sh
- -c
- tailscale ip | grep ^100 > /dev/null
periodSeconds: 30
failureThreshold: 2
readinessProbe:
exec:
command:
- /bin/sh
- -c
- http_proxy=127.0.0.1:1055 wget -O- ifconfig.co/country 2>&1 | grep $COUNTRY > /dev/null
initialDelaySeconds: 60
periodSeconds: 60
failureThreshold: 3
name: tailscale
securityContext:
privileged: true
runAsGroup: 0
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-t4rzn
readOnly: true
- mountPath: /script
name: script
serviceAccount: tailscale
serviceAccountName: tailscale
volumes:
- name: script
configMap:
name: tailscale-script
- name: kube-api-access-t4rzn
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace