--- apiVersion: apps/v1 kind: Deployment metadata: name: nginx-tailscale-serve spec: selector: matchLabels: app: nginx-tailscale-serve template: metadata: labels: app: nginx-tailscale-serve spec: initContainers: - name: tailscale-init image: icr.gmem.ca/tailscale resources: requests: memory: "1Mi" cpu: "1m" limits: memory: "128Mi" cpu: "500m" env: - name: MODE value: "cert" - name: TAILSCALE_CERT_FILE value: "/tailscale/cert" - name: TAILSCALE_CERT_KEY value: "/tailscale/key" - name: TAILSCALE_CERT_DOMAIN value: "kubernetes-test.chimera-blues.ts.net" - name: TAILSCALE_HOSTNAME value: "kubernetes-test" - name: TAILSCALED_TUN value: "userspace-networking" - name: TAILSCALED_STATE value: "/tailscale/tailscaled.state" - name: TAILSCALE_AUTH_KEY valueFrom: secretKeyRef: name: tailscale-auth key: TS_AUTH_KEY optional: true volumeMounts: - name: data mountPath: /tailscale containers: - name: nginx image: nginx resources: limits: memory: "32Mi" cpu: "100m" requests: memory: "16Mi" cpu: "1m" ports: - containerPort: 80 - name: tailscale-serve image: icr.gmem.ca/tailscale resources: requests: memory: "1Mi" cpu: "1m" limits: memory: "128Mi" cpu: "500m" env: - name: TAILSCALE_HOSTNAME value: "kubernetes-test" - name: TAILSCALED_TUN value: "userspace-networking" - name: TAILSCALE_FUNNEL_PROXY value: "80" - name: TAILSCALED_STATE value: "/tailscale/tailscaled.state" - name: TAILSCALE_AUTH_KEY valueFrom: secretKeyRef: name: tailscale-auth key: TS_AUTH_KEY optional: true volumeMounts: - name: data mountPath: /tailscale volumes: - name: data persistentVolumeClaim: claimName: tailscale-state --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: tailscale-state spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: nfs-client --- apiVersion: v1 kind: Service metadata: name: nginx-tailscale-serve spec: selector: app: nginx-tailscale-serve ports: - port: 80 targetPort: 80