apiVersion: apps/v1
kind: Deployment
metadata:
  name: headscale
spec:
  replicas: 2
  selector:
    matchLabels:
      app: headscale
  template:
    metadata:
      labels:
        app: headscale
    spec:
      containers:
      - name: headscale
        image: "headscale:latest"
        imagePullPolicy: IfNotPresent
        command: ["/go/bin/headscale", "serve"]
        env:
        - name: SERVER_URL
          value: $(PUBLIC_PROTO)://$(PUBLIC_HOSTNAME)
        - name: LISTEN_ADDR
          valueFrom:
            configMapKeyRef:
              name: headscale-config
              key: listen_addr
        - name: PRIVATE_KEY_PATH
          value: /vol/secret/private-key
        - name: DERP_MAP_PATH
          value: /vol/config/derp.yaml
        - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
          valueFrom:
            configMapKeyRef:
              name: headscale-config
              key: ephemeral_node_inactivity_timeout
        - name: DB_TYPE
          value: postgres
        - name: DB_HOST
          value: postgres.headscale.svc.cluster.local
        - name: DB_PORT
          value: "5432"
        - name: DB_USER
          value: headscale
        - name: DB_PASS
          valueFrom:
            secretKeyRef:
              name: postgresql
              key: password
        - name: DB_NAME
          value: headscale
        ports:
        - name: http
          protocol: TCP
          containerPort: 8080
        livenessProbe:
          tcpSocket:
            port: http
          initialDelaySeconds: 30
          timeoutSeconds: 5
          periodSeconds: 15
        volumeMounts:
        - name: config
          mountPath: /vol/config
        - name: secret
          mountPath: /vol/secret
        - name: etc
          mountPath: /etc/headscale
      volumes:
      - name: config
        configMap:
          name: headscale-site
      - name: etc
        configMap:
          name: headscale-etc
      - name: secret
        secret:
          secretName: headscale