# Copyright (c) Tailscale Inc & AUTHORS
# SPDX-License-Identifier: BSD-3-Clause
apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  serviceAccountName: "{{SA_NAME}}"
  containers:
  - name: nginx
    image: nginx
  - name: ts-sidecar
    imagePullPolicy: Always
    image: "ghcr.io/tailscale/tailscale:latest"
    securityContext:
      runAsUser: 1000
      runAsGroup: 1000
    env:
      # Store the state in a k8s secret
    - name: TS_KUBE_SECRET
      value: "{{TS_KUBE_SECRET}}"
    - name: TS_USERSPACE
      value: "true"
    - name: TS_AUTHKEY
      valueFrom:
        secretKeyRef:
          name: tailscale-auth
          key: TS_AUTHKEY
          optional: true