From f37a64291c72ef5fe0f68c636e235a8c12cceb5d Mon Sep 17 00:00:00 2001
From: rohow <rohow@foxmail.com>
Date: Tue, 25 Jun 2024 12:10:23 +0800
Subject: [PATCH] feat(tailscale): tailscale drep refactoring

---
 charts/tailscale-derp/Chart.yaml              |  2 +-
 charts/tailscale-derp/README.md               | 14 +++++------
 .../tailscale-derp/templates/deployment.yml   | 25 +++++++++++++------
 charts/tailscale-derp/templates/service.yml   | 18 ++++++-------
 charts/tailscale-derp/values.yaml             | 14 ++++++++---
 5 files changed, 44 insertions(+), 29 deletions(-)

diff --git a/charts/tailscale-derp/Chart.yaml b/charts/tailscale-derp/Chart.yaml
index 26070a3..d3e0623 100644
--- a/charts/tailscale-derp/Chart.yaml
+++ b/charts/tailscale-derp/Chart.yaml
@@ -9,5 +9,5 @@ maintainers:
     email: admin@dev.cm
     url: https://github.com/devcm-repo
 icon: https://tailscale.com/files/apple-touch-icon.png
-version: 0.0.1
+version: 0.0.2
 appVersion: 1.68.0
diff --git a/charts/tailscale-derp/README.md b/charts/tailscale-derp/README.md
index 14d53b2..d8d88cf 100644
--- a/charts/tailscale-derp/README.md
+++ b/charts/tailscale-derp/README.md
@@ -14,15 +14,10 @@ helm install tailscale-derp tailscale/tailscale-derp
 A working configuration:
 
 ```yaml
-service:
-  annotations:
-    service.beta.kubernetes.io/azure-dns-label-name: my-derp-01
-
-hostname: my-derp-01.switzerlandnorth.cloudapp.azure.com
+hostname: derp.dev.cm
 
 nodeSelector:
-  topology.kubernetes.io/region: switzerlandnorth
-  topology.kubernetes.io/zone: switzerlandnorth-1
+  topology.kubernetes.io/region: cn-hk
 ```
 
 ## Helm Chart Values
@@ -33,6 +28,9 @@ nodeSelector:
 | `image.pullPolicy` | Kubernetes pullPolicy to use for starting the container image. | `IfNotPresent` |
 | `service.type` | Kubernetes Service type. | `LoadBalancer` |
 | `service.annotations` | A map/dict of Kubernetes Service annotations. | `{}` |
-| `hostname` | DERP hostname to use. Must be the same as of the derpMap in the tailnet ACL. | `derp.example.com` |
 | `nodeSelector` | A map/dict of Kubernetes Pod nodeSelector node labels. | `{}` |
 | `affinity` | A map/dict of Kubernetes Pod affinity rules. | `{}` |
+| `tailscale.hostname` | Tailscale hostname | `Release.Name` |
+| `tailscale.auth_key` | Tailscale auth_key | `''` |
+| `drep.hostname` | Derp server hostname | `'derp.examples.com'` |
+| `drep.verify_clients` | Derp server will enable authentication | `true` |
diff --git a/charts/tailscale-derp/templates/deployment.yml b/charts/tailscale-derp/templates/deployment.yml
index ef9ebc2..1101960 100644
--- a/charts/tailscale-derp/templates/deployment.yml
+++ b/charts/tailscale-derp/templates/deployment.yml
@@ -21,11 +21,20 @@ spec:
       affinity: {{- toYaml .Values.affinity | nindent 8 }}
       {{- end }}
       containers:
-      - name: "{{ .Release.Name }}-{{ .Chart.Name }}"
-        image: "{{ .Values.image.name }}:v{{ .Chart.AppVersion }}"
-        ports:
-        - containerPort: 80
-        - containerPort: 443
-        - containerPort: 3478
-        args:
-        - "--hostname={{ .Values.hostname }}"
+        name: "{{ .Release.Name }}-{{ .Chart.Name }}"
+          image: "{{ .Values.image.name }}:v{{ .Chart.AppVersion }}"
+          ports:
+            - containerPort: 80
+            - containerPort: 443
+            - containerPort: 3478
+          env:
+            - name: TAILSCALE_HOSTNAME
+              value: "{{ or .Values.tailscale.hostname .Release.Name }}"
+            - name: TAILSCALE_AUTH_KEY
+              value: "{{ .Values.tailscale.auth_key }}"
+            - name: TAILSCALE_DERP_HOSTNAME
+              value: "{{ .Values.drep.hostname }}"
+            - name: TAILSCALE_DERP_ADDR
+              value: "{{ .Values.drep.addr }}"
+            - name: TAILSCALE_DERP_VERIFY_CLIENTS
+              value: "{{ .Values.drep.verify_clients }}"
diff --git a/charts/tailscale-derp/templates/service.yml b/charts/tailscale-derp/templates/service.yml
index 2149444..de2c033 100644
--- a/charts/tailscale-derp/templates/service.yml
+++ b/charts/tailscale-derp/templates/service.yml
@@ -10,12 +10,12 @@ spec:
   selector:
     app: "{{ .Release.Name }}-{{ .Chart.Name }}"
   ports:
-  - name: http
-    port: 80
-    targetPort: 80
-  - name: https
-    port: 443
-    targetPort: 443
-  - name: stun
-    port: 3478
-    targetPort: 3478
+    - name: http
+      port: 80
+      targetPort: 80
+    - name: https
+      port: 443
+      targetPort: 443
+    - name: stun
+      port: 3478
+      targetPort: 3478
diff --git a/charts/tailscale-derp/values.yaml b/charts/tailscale-derp/values.yaml
index 2e54813..4b608d1 100644
--- a/charts/tailscale-derp/values.yaml
+++ b/charts/tailscale-derp/values.yaml
@@ -3,10 +3,18 @@ image:
   pullPolicy: IfNotPresent
 
 service:
-  type: LoadBalancer
+  type: ClusterIP
   annotations: {}
 
-hostname: 'derp.example.com'
-
 nodeSelector: {}
+
 affinity: {}
+
+tailscale:
+# hostname: ''
+  auth_key: ''
+
+drep:
+  hostname: derp.examples.com
+# addr: ''
+  verify_clients: true