---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: subnet-router
  namespace: tailscale-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: subnet-router
  template:
    metadata:
      labels:
        app: subnet-router
    spec:
      serviceAccountName: tailscale
      containers:
      - name: tailscale
        imagePullPolicy: Always
        image: tailscale/tailscale:latest
        env:
        - name: TS_KUBE_SECRET
          value: "tailscale-auth"
        - name: TS_USERSPACE
          value: "false"
        - name: TS_AUTH_KEY
          valueFrom:
            secretKeyRef:
              name: tailscale-auth
              key: TS_AUTHKEY
        - name: TS_ROUTES
          value: "10.244.0.0/16,10.96.0.0/12,10.132.0.0/24"
        - name: TS_EXTRA_ARGS
          value: "--advertise-tags=tag:k8s-operator"
        - name: TS_HOSTNAME
          value: "keyboardvagabond-cluster"
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_UID
          valueFrom:
            fieldRef:
              fieldPath: metadata.uid
        securityContext:
          privileged: true
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 500m
            memory: 512Mi