docs/k8s: add instructions on how to run as a sidecar or a proxy.

Signed-off-by: Maisem Ali <maisem@tailscale.com>

docs/k8s/sidecar.yaml

@@ -0,0 +1,31 @@
+# Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  serviceAccountName: "{{SA_NAME}}"
+  containers:
+  - name: nginx
+    image: nginx
+  - name: ts-sidecar
+    imagePullPolicy: Always
+    image: "{{IMAGE_TAG}}"
+    env:
+      # Store the state in a k8s secret
+    - name: KUBE_SECRET
+      value: "{{KUBE_SECRET}}"
+    - name: USERSPACE
+      value: "false"
+    - name: AUTH_KEY
+      valueFrom:
+        secretKeyRef:
+          name: tailscale-auth
+          key: AUTH_KEY
+          optional: true
+    securityContext:
+      capabilities:
+        add:
+        - NET_ADMIN