apiVersion: apps/v1 kind: Deployment metadata: name: "{{ .Release.Name }}-{{ .Chart.Name }}" spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: "{{ .Release.Name }}-{{ .Chart.Name }}" template: metadata: labels: app: "{{ .Release.Name }}-{{ .Chart.Name }}" spec: {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- toYaml .Values.affinity | nindent 8 }} {{- end }} {{ - if .Values.hostNetwork }} hostNetwork: true {{ - end }} containers: - name: "{{ .Release.Name }}-{{ .Chart.Name }}" image: "{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" ports: {{- if gt (int .Values.derp.http_port) -1 }} - name: http hostPort: {{ .Values.derp.http_port }} containerPort: {{ .Values.derp.http_port }} protocol: TCP {{- end }} - name: https hostPort: {{ .Values.derp.https_port }} containerPort: {{ .Values.derp.https_port }} protocol: TCP - name: stun hostPort: {{ .Values.derp.stun_port }} containerPort: {{ .Values.derp.stun_port }} protocol: UDP args: - "--hostname={{ .Values.derp.hostname }}" - "--verify-clients={{ .Values.derp.verify_clients }}" {{- if .Values.derp.certdir }} - "--certmode=manual" - "--certdir={{ .Values.derp.certdir }}" {{- end }} {{- if .Values.derp.http_port }} - "--http-port={{ .Values.derp.http_port }}" {{- end }} {{- if .Values.derp.https_port }} - "--a=:{{ .Values.derp.https_port }}" {{- end }} {{- if .Values.derp.stun_port }} - "--stun-port={{ .Values.derp.stun_port }}" {{- end }} volumeMounts: {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- if .Values.derp.verify_clients }} - mountPath: /var/run/tailscale/tailscaled.sock name: tailscale-socket {{- end }} volumes: {{- toYaml .Values.extraVolumes | nindent 8 }} {{- if .Values.derp.verify_clients }} - hostPath: path: /run/tailscale/tailscaled.sock type: Socket name: tailscale-socket {{- end }}