add source code and readme
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: tailscale-auth
|
||||
namespace: tailscale-system
|
||||
type: Opaque
|
||||
stringData:
|
||||
#ENC[AES256_GCM,data:nyftsojnYW8nOC1bWBYeb3FTKMTf5ByPXlcLWJPAKNNzaXmau1XQ,iv:tuZyJeQX0rNbE9JuxIHUYjOieowjgB0imXLsn72OLDs=,tag:OuERwRIhsfsBwD1CcTEgtw==,type:comment]
|
||||
TS_AUTHKEY: ENC[AES256_GCM,data:C9hqhsByVr4647hWpEhl4sZp2kjGf7akEuvXqpfGHlT8n6KQ/8gm+Aq8DhJ2bnNoZXKf6viFg73VDujC+oFc0Q==,iv:xBlygAPmJbMds3bmHJH8iUISReA9Mn8673KJV0XbUCI=,tag:P7os4Iy1gR9sATtschmBzg==,type:str]
|
||||
sops:
|
||||
lastmodified: "2025-08-08T18:18:54Z"
|
||||
mac: ENC[AES256_GCM,data:sc0p3UF8Ukvfi6w3mCkzUpVwh2ZHhxOYAGAV08lCJOrVifvKQAoPgkkxQ0BCtOrQffSfLS0xNL3ir90G0VO7Fbj5zmKqJvJRLWX+mijtgsHXGT/SJdFw/57Yf3m/Q/t0RlMJWT/QbV0totmQPSisppPlaj6vOvCULJzVMvg3E3U=,iv:Qr5C9T12bwlAVIDSNW/EinGs3Qt0SRnxbp/j2rTFBWI=,tag:q7FCN9FDaGYJWoRy75wFrg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-08-08T18:18:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DZT3mpHTS/JgSAQdARAKeYyvKR2Z0GAGwh7X3am/hYxfCeJHuvuA2g4oUpH8w
|
||||
4oylMT02Z2mZrcsQ8EZz5LTb+B8bkxiBZjLcnPNFgEQPz2CyPd7yMkjt725HhagY
|
||||
1GgBCQIQ30PaiRJZoWPA4eGArmtrq+eTaPs5L0TvVtsaQaZD0BjALc09e00Z7Mdq
|
||||
rWc9Gf83f0ORxmBeyTOro8P/87BM5/6dixexsWiVBRZlSMrQyxEErAF5U7wxE+cx
|
||||
ByAWdEkn0ihLqQ==
|
||||
=uB0J
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B120595CA9A643B051731B32E67FF350227BA4E8
|
||||
- created_at: "2025-08-08T18:18:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DSXzd60P2RKISAQdA5Lblb1Tez9WUxPgqymTvY62n9hU+l4IZKEcolMUAARsw
|
||||
xLZhmIhN0CYTp+iTdYbF7GCrIXaygP/lYO40EXxdB0Bg7MWdeXtq5k6Xgou6DU28
|
||||
1GgBCQIQilh//0XeUk0SWyCN8TKSIAZWc5KQkDnJ/OYS5llFSqXCG846BnlDAYZ1
|
||||
0RDkRIJDFIMhlfbJdFcgkSu5vE+4wVGGGJ1mkZINZcb/S4H9K+/dkgmC/ScfOvU8
|
||||
H5Q6QjJrZB4zzw==
|
||||
=1TpA
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4A8AADB4EBAB9AF88EF7062373CECE06CC80D40C
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
# Legacy resources (not currently used - operator manages these now)
|
||||
# - auth-secret.yaml
|
||||
# - service-account.yaml
|
||||
# - rbac.yaml
|
||||
# - subnet-router-deployment.yaml
|
||||
# Operator-based resources
|
||||
- operator-helm/
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: tailscale-system
|
||||
labels:
|
||||
name: tailscale-system
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/enforce-version: latest
|
||||
@@ -0,0 +1,55 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: tailscale
|
||||
rules:
|
||||
- apiGroups: ["authorization.k8s.io"]
|
||||
resources: ["selfsubjectaccessreviews"]
|
||||
verbs: ["create"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: tailscale
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: tailscale
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: tailscale
|
||||
namespace: tailscale-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: tailscale
|
||||
namespace: tailscale-system
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["create", "get", "list", "update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["create", "get", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: tailscale
|
||||
namespace: tailscale-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: tailscale
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: tailscale
|
||||
namespace: tailscale-system
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: tailscale
|
||||
namespace: tailscale-system
|
||||
@@ -0,0 +1,54 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: subnet-router
|
||||
namespace: tailscale-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: subnet-router
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: subnet-router
|
||||
spec:
|
||||
serviceAccountName: tailscale
|
||||
containers:
|
||||
- name: tailscale
|
||||
imagePullPolicy: Always
|
||||
image: tailscale/tailscale:latest
|
||||
env:
|
||||
- name: TS_KUBE_SECRET
|
||||
value: "tailscale-auth"
|
||||
- name: TS_USERSPACE
|
||||
value: "false"
|
||||
- name: TS_AUTH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tailscale-auth
|
||||
key: TS_AUTHKEY
|
||||
- name: TS_ROUTES
|
||||
value: "10.244.0.0/16,10.96.0.0/12,10.132.0.0/24"
|
||||
- name: TS_EXTRA_ARGS
|
||||
value: "--advertise-tags=tag:k8s-operator"
|
||||
- name: TS_HOSTNAME
|
||||
value: "keyboardvagabond-cluster"
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.uid
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
Reference in New Issue
Block a user