Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

fix(tailscale): switch to the new golang binary (#4307) 

* fix(tailscale): switch to the new golang binary

* temp, let CI  install tailscale

* test without secret

* change key name in secret

* change socket to varrun, which is the default that `tailscale` command looks for

* test with varrun enabled

* remove tty

* don't try to install TS

* dont load authkey as env

* update vpn template

* remove /var/lib as it now uses kubesecret for the state

* bump
This commit is contained in:
Stavros Kois 2022-11-05 20:24:36 +02:00 committed by GitHub
parent 2edc8498e2
commit e1224804c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 47 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/stable/tailscale/Chart.yaml
View File

@ -20,7 +20,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/tailscale
- https://hub.docker.com/r/tailscale/tailscale
- https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
version: 1.1.20
version: 1.1.21
annotations:
truecharts.org/catagories: |
- network

27
charts/stable/tailscale/questions.yaml
View File

@ -11,8 +11,8 @@ questions:
# Include{controllerExpert}
# Include{controllerExpertExtraArgs}
- variable: tailscale
group: "Container Configuration"
label: "Tailscale Configuration"
group: Container Configuration
label: Tailscale Configuration
schema:
additional_attrs: true
type: dict
@ -24,6 +24,12 @@ questions:
type: string
private: true
default: ""
- variable: auth_once
label: Auth Once
description: Only attempt to log in if not already logged in.
schema:
type: boolean
default: true
- variable: userspace
label: Userspace
description: Userspace Networking mode allows running Tailscale where you don't have access to create a VPN tunnel device. *Required for Exit Node/Accessing Local Routes* See <a href="https://truecharts.org/docs/charts/stable/tailscale/How-To-Guide/">How-To-Guide</a> for more info
@ -50,6 +56,13 @@ questions:
default: ""
- variable: sock5_server
label: Sock5 Server
description: The address on which to listen for SOCKS5 proxying into the tailscale net.
schema:
type: string
default: ""
- variable: outbound_http_proxy_listen
label: Outbound HTTP Proxy Listen
description: The address on which to listen for HTTP proxying into the tailscale net.
schema:
type: string
default: ""
@ -81,16 +94,6 @@ questions:
default: true
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: config
label: App Config Storage
description: Stores the Application Configuration.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main

5
charts/stable/tailscale/templates/_configmap.tpl
View File

@ -26,8 +26,10 @@ metadata:
{{- include "tc.common.labels" . | nindent 4 }}
data:
TS_KUBE_SECRET: {{ $secretName | squote }}
TS_SOCKET: /var/run/tailscale/tailscaled.sock
TS_USERSPACE: {{ .Values.tailscale.userspace | quote }}
TS_ACCEPT_DNS: {{ .Values.tailscale.accept_dns | quote }}
TS_AUTH_ONCE: {{ .Values.tailscale.auth_once | quote }}
{{- with .Values.tailscale.routes }}
TS_ROUTES: {{ . }}
{{- end }}
@ -43,4 +45,7 @@ data:
{{- with $customArgs }}
TS_EXTRA_ARGS: {{ . | quote }}
{{- end }}
{{- with .Values.tailscale.outbound_http_proxy_listen }}
TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . | quote }}
{{- end }}
{{- end }}

3
charts/stable/tailscale/templates/_secret.tpl
View File

@ -14,6 +14,7 @@ metadata:
{{- include "tc.common.labels" . | nindent 4 }}
data:
{{- with .Values.tailscale.authkey }}
TS_AUTH_KEY: {{ . | b64enc }}
{{/* Name of the authkey is crucial, don't change it */}}
authkey: {{ . | b64enc }}
{{- end }}
{{- end }}

24
charts/stable/tailscale/values.yaml
View File

@ -3,9 +3,8 @@ image:
pullPolicy: IfNotPresent
tag: v1.33.141@sha256:726ff19a7be12e9b88fd582edea075020833ebe707751194ee5dc82583a330e6
command: ["ash", "/tailscale/run.sh"]
tty: true
command:
- /usr/local/bin/containerboot
securityContext:
readOnlyRootFilesystem: false
@ -29,32 +28,32 @@ rbac:
- apiGroups:
- ""
resources:
- "secrets"
- secrets
verbs:
- "create"
- create
- apiGroups:
- ""
resources:
- "secrets"
- secrets
resourceNames:
- '{{ printf "%s-tailscale-secret" (include "tc.common.names.fullname" .) }}'
verbs:
- "get"
- "update"
- get
- update
envFrom:
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-tailscale-secret'
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-tailscale-config'
tailscale:
authkey: "supersecret"
authkey: supersecret
auth_once: true
userspace: true
accept_dns: false
routes: ""
dest_ip: ""
sock5_server: ""
outbound_http_proxy_listen: ""
extra_args: ""
daemon_extra_args: ""
hostname: ""
@ -79,10 +78,7 @@ service:
persistence:
varrun:
enabled: false
config:
enabled: true
mountPath: "/var/lib"
tun:
enabled: true
type: hostPath

1
cspell.config.yaml
View File

@ -191,6 +191,7 @@ words:
- proto
- proxyhttp
- proxyhttps
- proxying
- proxymetrics
- puid
- putregexhere

14
templates/questions/addons/vpn.yaml
View File

@ -50,6 +50,12 @@
type: string
private: true
default: ""
- variable: auth_once
label: Auth Once
description: Only attempt to log in if not already logged in.
schema:
type: boolean
default: true
- variable: accept_dns
label: Accept DNS
description: Accept DNS configuration from the admin console.
@ -76,7 +82,13 @@
default: ""
- variable: sock5_server
label: Sock5 Server
description: Sock5 Server
description: The address on which to listen for SOCKS5 proxying into the tailscale net.
schema:
type: string
default: ""
- variable: outbound_http_proxy_listen
label: Outbound HTTP Proxy Listen
description: The address on which to listen for HTTP proxying into the tailscale net.
schema:
type: string
default: ""