apiVersion: apps/v1 kind: Deployment metadata: labels: app: tailscale-proxy name: tailscale-proxy spec: replicas: 1 selector: matchLabels: app: tailscale-proxy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: tailscale-proxy spec: containers: - command: - /bin/sh - -c - 'sh /script/script.sh' env: - name: TS_KUBE_SECRET value: tailscale - name: COUNTRY value: Switzerland - name: TS_AUTHKEY valueFrom: secretKeyRef: key: TS_AUTHKEY name: tailscale-auth image: ghcr.io/tailscale/tailscale:v1.80.3 imagePullPolicy: IfNotPresent startupProbe: exec: command: - /bin/sh - -c - tailscale ip | grep ^100 > /dev/null periodSeconds: 30 failureThreshold: 30 livenessProbe: exec: command: - /bin/sh - -c - tailscale ip | grep ^100 > /dev/null periodSeconds: 30 failureThreshold: 2 readinessProbe: exec: command: - /bin/sh - -c - http_proxy=127.0.0.1:1055 wget -O- ifconfig.co/country 2>&1 | grep $COUNTRY > /dev/null initialDelaySeconds: 60 periodSeconds: 60 failureThreshold: 3 name: tailscale securityContext: privileged: true runAsGroup: 0 runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn readOnly: true - mountPath: /script name: script serviceAccount: tailscale serviceAccountName: tailscale volumes: - name: script configMap: name: tailscale-script - name: kube-api-access-t4rzn projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace