More testing with tailscale funnel
This commit is contained in:
parent
269499e166
commit
7af2f57224
37
flake.lock
37
flake.lock
|
@ -15,6 +15,42 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1636849918,
|
||||
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669065280,
|
||||
"narHash": "sha256-3+pq1oJWjGDLfd8G/vR3IIFZ+EQ/aglukA0bTiMlf3o=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "50aeec40f2072d2ab267c8ec8a345573704ec110",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1666926733,
|
||||
|
@ -34,6 +70,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
}
|
||||
|
|
16
flake.nix
16
flake.nix
|
@ -2,8 +2,12 @@
|
|||
description = "A basic flake with a shell";
|
||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
inputs.flake-utils.url = "github:numtide/flake-utils";
|
||||
inputs.nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils }:
|
||||
outputs = { self, nixpkgs, flake-utils, nixos-generators }:
|
||||
flake-utils.lib.eachDefaultSystem (system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in {
|
||||
|
@ -14,9 +18,19 @@
|
|||
pkgs.kubectl
|
||||
pkgs.awscli2
|
||||
pkgs.nodePackages.yaml-language-server
|
||||
pkgs.python39Packages.python-lsp-server
|
||||
pkgs.k9s
|
||||
];
|
||||
buildInputs = [ ];
|
||||
};
|
||||
packages.aarch64-linux = {
|
||||
k3s-server = nixos-generators.nixosGenerate {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
./pi-imgs/k3s-server.nix
|
||||
];
|
||||
format = "sd-aarch64-installer";
|
||||
};
|
||||
};
|
||||
});
|
||||
}
|
||||
|
|
7
homelab/tailscale-serve/app/Dockerfile
Normal file
7
homelab/tailscale-serve/app/Dockerfile
Normal file
|
@ -0,0 +1,7 @@
|
|||
FROM python:3-alpine
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY . .
|
||||
|
||||
CMD [ "python", "main.py" ]
|
18
homelab/tailscale-serve/app/main.py
Normal file
18
homelab/tailscale-serve/app/main.py
Normal file
|
@ -0,0 +1,18 @@
|
|||
import socket
|
||||
import ssl
|
||||
import os
|
||||
|
||||
|
||||
HOST = "127.0.0.1"
|
||||
PORT = 8443
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
||||
context.load_cert_chain(os.getenv('CERT_FILE'), os.getenv('CERT_KEYFILE'))
|
||||
with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock:
|
||||
sock.bind((HOST, PORT))
|
||||
sock.listen(5)
|
||||
with context.wrap_socket(sock, server_side=True) as ssock:
|
||||
conn, addr = ssock.accept()
|
||||
conn.send('Hello, Tailscale Funnel!'.encode('utf-8'))
|
114
homelab/tailscale-serve/deployment.yaml
Normal file
114
homelab/tailscale-serve/deployment.yaml
Normal file
|
@ -0,0 +1,114 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-tailscale-serve
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-tailscale-serve
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-tailscale-serve
|
||||
spec:
|
||||
initContainers:
|
||||
- name: tailscale-init
|
||||
image: icr.gmem.ca/tailscale
|
||||
resources:
|
||||
requests:
|
||||
memory: "1Mi"
|
||||
cpu: "1m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
env:
|
||||
- name: MODE
|
||||
value: "cert"
|
||||
- name: TAILSCALE_CERT_FILE
|
||||
value: "/tailscale/cert"
|
||||
- name: TAILSCALE_CERT_KEY
|
||||
value: "/tailscale/key"
|
||||
- name: TAILSCALE_CERT_DOMAIN
|
||||
value: "kubernetes-test.chimera-blues.ts.net"
|
||||
- name: TAILSCALE_HOSTNAME
|
||||
value: "kubernetes-test"
|
||||
- name: TAILSCALED_TUN
|
||||
value: "userspace-networking"
|
||||
- name: TAILSCALED_STATE
|
||||
value: "/tailscale/tailscaled.state"
|
||||
- name: TAILSCALE_AUTH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tailscale-auth
|
||||
key: TS_AUTH_KEY
|
||||
optional: true
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /tailscale
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx
|
||||
resources:
|
||||
limits:
|
||||
memory: "32Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "16Mi"
|
||||
cpu: "1m"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- name: tailscale-serve
|
||||
image: icr.gmem.ca/tailscale
|
||||
resources:
|
||||
requests:
|
||||
memory: "1Mi"
|
||||
cpu: "1m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
env:
|
||||
- name: TAILSCALE_HOSTNAME
|
||||
value: "kubernetes-test"
|
||||
- name: TAILSCALED_TUN
|
||||
value: "userspace-networking"
|
||||
- name: TAILSCALE_FUNNEL_PROXY
|
||||
value: "80"
|
||||
- name: TAILSCALED_STATE
|
||||
value: "/tailscale/tailscaled.state"
|
||||
- name: TAILSCALE_AUTH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tailscale-auth
|
||||
key: TS_AUTH_KEY
|
||||
optional: true
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /tailscale
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: tailscale-state
|
||||
---
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: tailscale-state
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: nfs-client
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-tailscale-serve
|
||||
spec:
|
||||
selector:
|
||||
app: nginx-tailscale-serve
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
|
@ -1,62 +0,0 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-tailscale-serve
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-tailscale-serve
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-tailscale-serve
|
||||
spec:
|
||||
containers:
|
||||
- name: hue
|
||||
image: icr.gmem.ca/hue
|
||||
resources:
|
||||
limits:
|
||||
memory: "32Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "16Mi"
|
||||
cpu: "1m"
|
||||
ports:
|
||||
- containerPort: 443
|
||||
env:
|
||||
- name: PORT
|
||||
value: "443"
|
||||
- name: tailscale-serve
|
||||
image: icr.gmem.ca/tailscale
|
||||
resources:
|
||||
requests:
|
||||
memory: "1Mi"
|
||||
cpu: "1m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
env:
|
||||
- name: TAILSCALE_HOSTNAME
|
||||
value: "kubernetes-test"
|
||||
- name: TAILSCALED_TUN
|
||||
value: "userspace-networking"
|
||||
- name: TAILSCALE_FUNNEL_PROXY
|
||||
value: "443"
|
||||
- name: TAILSCALE_AUTH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tailscale-auth
|
||||
key: TS_AUTH_KEY
|
||||
optional: true
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-tailscale-serve
|
||||
spec:
|
||||
selector:
|
||||
app: nginx-tailscale-serve
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
Loading…
Reference in a new issue