cmd/k8s-operator/deploy/manifests/proxy.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

# This file is not a complete manifest, it's a skeleton that the operator embeds
# at build time and then uses to construct Tailscale proxy pods.
apiVersion: apps/v1
kind: StatefulSet
metadata: {}
spec:
  replicas: 1
  template:
    metadata:
      deletionGracePeriodSeconds: 10
    spec:
      serviceAccountName: proxies
      initContainers:
        - name: sysctler
          securityContext:
            privileged: true
          command: ["/bin/sh", "-c"]
          args: [sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi]
      containers:
        - name: tailscale
          resources:
            requests:
              cpu: 1m
              memory: 1Mi
          imagePullPolicy: Always
          env:
            - name: TS_USERSPACE
              value: "false"
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_UID
              valueFrom:
                fieldRef:
                  fieldPath: metadata.uid
          securityContext:
            privileged: true