2023-01-27 21:37:20 +00:00
|
|
|
# Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
2021-10-12 21:24:07 +00:00
|
|
|
apiVersion: v1
|
|
|
|
kind: Pod
|
|
|
|
metadata:
|
|
|
|
name: nginx
|
|
|
|
spec:
|
|
|
|
serviceAccountName: "{{SA_NAME}}"
|
|
|
|
containers:
|
|
|
|
- name: nginx
|
|
|
|
image: nginx
|
|
|
|
- name: ts-sidecar
|
|
|
|
imagePullPolicy: Always
|
2022-06-06 19:43:23 +00:00
|
|
|
image: "ghcr.io/tailscale/tailscale:latest"
|
2021-10-12 21:24:07 +00:00
|
|
|
securityContext:
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|
|
|
|
env:
|
|
|
|
# Store the state in a k8s secret
|
2022-06-06 19:43:23 +00:00
|
|
|
- name: TS_KUBE_SECRET
|
|
|
|
value: "{{TS_KUBE_SECRET}}"
|
|
|
|
- name: TS_USERSPACE
|
2021-10-12 21:24:07 +00:00
|
|
|
value: "true"
|
2023-01-27 23:05:03 +00:00
|
|
|
- name: TS_AUTHKEY
|
2021-10-12 21:24:07 +00:00
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: tailscale-auth
|
2023-01-27 23:05:03 +00:00
|
|
|
key: TS_AUTHKEY
|
2021-10-12 21:24:07 +00:00
|
|
|
optional: true
|
2024-11-20 14:22:34 +00:00
|
|
|
- name: POD_NAME
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: metadata.name
|
|
|
|
- name: POD_UID
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: metadata.uid
|