feat(tailscale): add common flags as fields (#3741)
* feat(tailscale): add common flags as fields * Update charts/stable/tailscale/templates/_configmap.tpl Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/stable/tailscale/docs/How-To-Guide.md Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * change to ClusterIP * set hostnetwork * remove service altogether Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
parent
81fe7905fa
commit
4a23ef004a
|
@ -20,7 +20,7 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/stable/tailscale
|
||||
- https://hub.docker.com/r/tailscale/tailscale
|
||||
- https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
|
||||
version: 1.0.9
|
||||
version: 1.1.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
|
|
|
@ -42,17 +42,13 @@ Leave defaults here.
|
|||
- `Accept DNS`: Enabling it will pass your Global Nameservers from Tailscale to your local install.
|
||||
- `Routes`: Change to the routes you wish Tailscale to have access to on the devices it's connected, such as my LAN in the example.
|
||||
- `Extra Args` passes arguments/flags to the `tailscale up` command.
|
||||
|
||||
Common flags/arguments:
|
||||
|
||||
- `--advertise-exit-node`
|
||||
This is used to pass traffic through tailscale like a private VPN.
|
||||
- `--hostname=<name>`
|
||||
You can specify a specific hostname for use inside Tailscale (see image below).
|
||||
- `Hostname` You can specify a specific hostname for use inside Tailscale (see image below). (Passes `--hostname HOSTNAME` to `Extra args`)
|
||||
- `Advertise as exit node` This is used to pass traffic through tailscale like a private VPN. (Passes `--advertise-exit-node` to `Extra args`)
|
||||
|
||||
For more Extra Args and their usage please check the [Tailscale Knowledge Base](https://tailscale.com/kb/1080/cli/#up)
|
||||
since we consider these advanced features and these may/not be compatible with everyone's exact setup.
|
||||
|
||||
TODO: Update image with the new fields
|
||||
![tailscale-step-3](img/How-To-Image-2.png)
|
||||
|
||||
**Hostname example**
|
||||
|
@ -66,7 +62,7 @@ The default ports are fine for this chart, you shouldn't need to port forward or
|
|||
:::caution
|
||||
|
||||
In case you want to access their SMB shares or TrueNAS GUI via Tailscale.
|
||||
You will have to ensure that `Host Networking` is enabled.
|
||||
You will have to ensure that `Host Networking` is enabled and `Userspace` is disabled.
|
||||
|
||||
:::
|
||||
|
||||
|
|
|
@ -18,90 +18,73 @@ questions:
|
|||
type: dict
|
||||
attrs:
|
||||
- variable: authkey
|
||||
label: "Auth Key"
|
||||
description: "Provide an auth key to automatically authenticate the node as your user account."
|
||||
label: Auth Key
|
||||
description: Provide an auth key to automatically authenticate the node as your user account.
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: userspace
|
||||
label: "Userspace"
|
||||
description: "Userspace Networking mode allows running Tailscale where you don't have access to create a VPN tunnel device."
|
||||
label: Userspace
|
||||
description: Userspace Networking mode allows running Tailscale where you don't have access to create a VPN tunnel device.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
default: false
|
||||
- variable: accept_dns
|
||||
label: "Accept DNS"
|
||||
description: "Accept DNS configuration from the admin console."
|
||||
label: Accept DNS
|
||||
description: Accept DNS configuration from the admin console.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: routes
|
||||
label: "Routes"
|
||||
label: Routes
|
||||
description: Expose physical subnet routes to your entire Tailscale network.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: dest_ip
|
||||
label: "Dest IP"
|
||||
label: Dest IP
|
||||
description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: sock5_server
|
||||
label: "Sock5 Server"
|
||||
label: Sock5 Server
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: hostname
|
||||
label: Hostname
|
||||
description: You can specify a specific hostname for use inside Tailscale. (Passes --hostname HOSTNAME to extra_args)
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: advertise_as_exit_node
|
||||
label: Advertise as exit node
|
||||
description: This is used to pass traffic through tailscale like a private VPN. (Passes --advertise-exit-node to extra_args)
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: extra_args
|
||||
label: "Extra Args"
|
||||
label: Extra Args
|
||||
description: UP_ARGS or flags to pass along to Tailscale, such as --advertise-exit-node
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: daemon_extra_args
|
||||
label: "Tailscale Daemon Extra Args"
|
||||
label: Tailscale Daemon Extra Args
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelector}
|
||||
- variable: main
|
||||
label: "Main Service Port Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: "Port"
|
||||
description: "This port exposes the container port on the service"
|
||||
schema:
|
||||
type: int
|
||||
default: 41600
|
||||
required: true
|
||||
# Include{advancedPortUDP}
|
||||
- variable: targetPort
|
||||
label: "Target Port"
|
||||
description: "The internal(!) port on the container the Application runs on"
|
||||
schema:
|
||||
type: int
|
||||
default: 41700
|
||||
# Include{serviceExpertRoot}
|
||||
default: false
|
||||
default: true
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
# Include{persistenceRoot}
|
||||
- variable: config
|
||||
label: "App Config Storage"
|
||||
description: "Stores the Application Configuration."
|
||||
label: App Config Storage
|
||||
description: Stores the Application Configuration.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
|
@ -111,7 +94,7 @@ questions:
|
|||
# Include{persistenceList}
|
||||
# Include{ingressRoot}
|
||||
- variable: main
|
||||
label: "Main Ingress"
|
||||
label: Main Ingress
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
|
@ -124,42 +107,42 @@ questions:
|
|||
# Include{security}
|
||||
# Include{securityContextAdvancedRoot}
|
||||
- variable: privileged
|
||||
label: "Privileged mode"
|
||||
label: Privileged mode
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: "ReadOnly Root Filesystem"
|
||||
label: ReadOnly Root Filesystem
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: "Allow Privilege Escalation"
|
||||
label: Allow Privilege Escalation
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: "runAsNonRoot"
|
||||
label: runAsNonRoot
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{podSecurityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
label: runAsGroup
|
||||
description: The groupID this App of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
|
|
|
@ -4,6 +4,19 @@
|
|||
{{- $configName := printf "%s-tailscale-config" (include "tc.common.names.fullname" .) }}
|
||||
{{- $secretName := printf "%s-tailscale-secret" (include "tc.common.names.fullname" .) }}
|
||||
|
||||
{{- $customArgs := "" -}}
|
||||
|
||||
{{- if .Values.tailscale.hostname }}
|
||||
{{- $customArgs = (printf "--hostname %v %v" .Values.tailscale.hostname $customArgs | trim) -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tailscale.advertise_as_exit_node }}
|
||||
{{- $customArgs = (printf "--advertise-exit-node %v" $customArgs | trim) -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.tailscale.extra_args }}
|
||||
{{- $customArgs = (printf "%v %v" .Values.tailscale.extra_args $customArgs | trim) -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -24,10 +37,10 @@ data:
|
|||
{{- with .Values.tailscale.sock5_server }}
|
||||
TS_SOCK5_SERVER: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.tailscale.extra_args }}
|
||||
TS_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.tailscale.daemon_extra_args }}
|
||||
TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with $customArgs }}
|
||||
TS_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -50,13 +50,15 @@ envFrom:
|
|||
|
||||
tailscale:
|
||||
authkey: "supersecret"
|
||||
userspace: true
|
||||
userspace: false
|
||||
accept_dns: false
|
||||
routes: ""
|
||||
dest_ip: ""
|
||||
sock5_server: ""
|
||||
extra_args: ""
|
||||
daemon_extra_args: ""
|
||||
hostname: ""
|
||||
advertise_as_exit_node: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
|
@ -66,12 +68,14 @@ probes:
|
|||
startup:
|
||||
enabled: false
|
||||
|
||||
hostNetwork: true
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
ports:
|
||||
main:
|
||||
protocol: UDP
|
||||
port: 41700
|
||||
enabled: false
|
||||
|
||||
persistence:
|
||||
varrun:
|
||||
|
|
Loading…
Reference in New Issue