mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
3047b6274c
There should not be a need to do that unless we run on host network Signed-off-by: Irbe Krumina <irbe@tailscale.com>
34 lines
786 B
YAML
34 lines
786 B
YAML
# Copyright (c) Tailscale Inc & AUTHORS
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: subnet-router
|
|
labels:
|
|
app: tailscale
|
|
spec:
|
|
serviceAccountName: "{{SA_NAME}}"
|
|
containers:
|
|
- name: tailscale
|
|
imagePullPolicy: Always
|
|
image: "ghcr.io/tailscale/tailscale:latest"
|
|
env:
|
|
# Store the state in a k8s secret
|
|
- name: TS_KUBE_SECRET
|
|
value: "{{TS_KUBE_SECRET}}"
|
|
- name: TS_USERSPACE
|
|
value: "false"
|
|
- name: TS_DEBUG_FIREWALL_MODE
|
|
value: auto
|
|
- name: TS_AUTHKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: tailscale-auth
|
|
key: TS_AUTHKEY
|
|
optional: true
|
|
- name: TS_ROUTES
|
|
value: "{{TS_ROUTES}}"
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|