diff --git a/charts/tailscale-derp/Chart.yaml b/charts/tailscale-derp/Chart.yaml index d3e0623..4a98733 100644 --- a/charts/tailscale-derp/Chart.yaml +++ b/charts/tailscale-derp/Chart.yaml @@ -9,5 +9,5 @@ maintainers: email: admin@dev.cm url: https://github.com/devcm-repo icon: https://tailscale.com/files/apple-touch-icon.png -version: 0.0.2 +version: 0.0.3 appVersion: 1.68.0 diff --git a/charts/tailscale-derp/README.md b/charts/tailscale-derp/README.md index d8d88cf..2048695 100644 --- a/charts/tailscale-derp/README.md +++ b/charts/tailscale-derp/README.md @@ -28,9 +28,14 @@ nodeSelector: | `image.pullPolicy` | Kubernetes pullPolicy to use for starting the container image. | `IfNotPresent` | | `service.type` | Kubernetes Service type. | `LoadBalancer` | | `service.annotations` | A map/dict of Kubernetes Service annotations. | `{}` | +| `hostNetwork` | This service will be disabled when hostNetwork is enableds. | `false` | | `nodeSelector` | A map/dict of Kubernetes Pod nodeSelector node labels. | `{}` | +| `extraVolumes` | Extra volumes to add to the deployment. | `[]` | +| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes`. | `[]` | | `affinity` | A map/dict of Kubernetes Pod affinity rules. | `{}` | -| `tailscale.hostname` | Tailscale hostname | `Release.Name` | -| `tailscale.auth_key` | Tailscale auth_key | `''` | -| `drep.hostname` | Derp server hostname | `'derp.examples.com'` | -| `drep.verify_clients` | Derp server will enable authentication | `true` | +| `derp.hostname` | Derp server hostname. | `'derp.examples.com'` | +| `derp.verify_clients` | Derp server will enable authentication. | `true` | +| `derp.certdir` | Start a derper with your own certificate. | `` | +| `derp.http_port` | The port on which to serve HTTP. Set to -1 to disable. | `80` | +| `derp.https_port` | The port on which to serve HTTPS. | `443` | +| `derp.stun_port` | The UDP port on which to serve STUN. | `3478` | diff --git a/charts/tailscale-derp/templates/deployment.yml b/charts/tailscale-derp/templates/deployment.yml index 1101960..56d6ad7 100644 --- a/charts/tailscale-derp/templates/deployment.yml +++ b/charts/tailscale-derp/templates/deployment.yml @@ -21,20 +21,54 @@ spec: affinity: {{- toYaml .Values.affinity | nindent 8 }} {{- end }} containers: - name: "{{ .Release.Name }}-{{ .Chart.Name }}" + - name: "{{ .Release.Name }}-{{ .Chart.Name }}" image: "{{ .Values.image.name }}:v{{ .Chart.AppVersion }}" ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 3478 - env: - - name: TAILSCALE_HOSTNAME - value: "{{ or .Values.tailscale.hostname .Release.Name }}" - - name: TAILSCALE_AUTH_KEY - value: "{{ .Values.tailscale.auth_key }}" - - name: TAILSCALE_DERP_HOSTNAME - value: "{{ .Values.drep.hostname }}" - - name: TAILSCALE_DERP_ADDR - value: "{{ .Values.drep.addr }}" - - name: TAILSCALE_DERP_VERIFY_CLIENTS - value: "{{ .Values.drep.verify_clients }}" + {{- if gt (int .Values.derp.http_port) -1 }} + - name: http + hostPort: {{ .Values.derp.http_port }} + containerPort: {{ .Values.derp.http_port }} + protocol: TCP + {{- end }} + - name: https + hostPort: {{ .Values.derp.https_port }} + containerPort: {{ .Values.derp.https_port }} + protocol: TCP + - name: stun + hostPort: {{ .Values.derp.stun_port }} + containerPort: {{ .Values.derp.stun_port }} + protocol: UDP + args: + - "--hostname={{ .Values.derp.hostname }}" + - "--verify-clients={{ .Values.derp.verify_clients }}" + {{- if .Values.derp.certdir }} + - "--certmode=manual" + - "--certdir={{ .Values.derp.certdir }}" + {{- end }} + {{- if .Values.derp.http_port }} + - "--http-port={{ .Values.derp.http_port }}" + {{- end }} + {{- if .Values.derp.https_port }} + - "--a=:{{ .Values.derp.https_port }}" + {{- end }} + {{- if .Values.derp.stun_port }} + - "--stun-port={{ .Values.derp.stun_port }}" + {{- end }} + volumeMounts: + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- if .Values.derp.verify_clients }} + - mountPath: /var/run/tailscale/tailscaled.sock + name: tailscale-socket + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: true + {{- end }} + volumes: + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- if .Values.derp.verify_clients }} + - hostPath: + path: /run/tailscale/tailscaled.sock + type: Socket + name: tailscale-socket + {{- end }} + diff --git a/charts/tailscale-derp/templates/service.yml b/charts/tailscale-derp/templates/service.yml index de2c033..7b1179b 100644 --- a/charts/tailscale-derp/templates/service.yml +++ b/charts/tailscale-derp/templates/service.yml @@ -1,3 +1,4 @@ +{{- if not .Values.hostNetwork }} apiVersion: v1 kind: Service metadata: @@ -10,12 +11,16 @@ spec: selector: app: "{{ .Release.Name }}-{{ .Chart.Name }}" ports: + {{- if gt (int .Values.derp.http_port) -1 }} - name: http - port: 80 - targetPort: 80 + port: {{ .Values.derp.http_port }} + targetPort: {{ .Values.derp.http_port }} + {{- end }} - name: https - port: 443 - targetPort: 443 + port: {{ .Values.derp.https_port }} + targetPort: {{ .Values.derp.https_port }} - name: stun - port: 3478 - targetPort: 3478 + port: {{ .Values.derp.stun_port }} + targetPort: {{ .Values.derp.stun_port }} + protocol: UDP +{{- end }} \ No newline at end of file diff --git a/charts/tailscale-derp/values.yaml b/charts/tailscale-derp/values.yaml index 4b608d1..aa0cb2c 100644 --- a/charts/tailscale-derp/values.yaml +++ b/charts/tailscale-derp/values.yaml @@ -6,15 +6,15 @@ service: type: ClusterIP annotations: {} +hostNetwork: false + nodeSelector: {} affinity: {} -tailscale: -# hostname: '' - auth_key: '' - -drep: +derp: hostname: derp.examples.com -# addr: '' - verify_clients: true + verify_clients: false + http_port: 80 + https_port: 443 + stun_port: 3478