diff --git a/library/common/templates/addons/vpn/_vpn.tpl b/library/common/templates/addons/vpn/_vpn.tpl index 903012c0..691b421f 100644 --- a/library/common/templates/addons/vpn/_vpn.tpl +++ b/library/common/templates/addons/vpn/_vpn.tpl @@ -13,9 +13,5 @@ It will include / inject the required templates based on the given values. {{- include "tc.v1.common.addon.tailscale" . }} {{- end -}} - {{- if ne "tailscale" .Values.addons.vpn.type -}} - {{- $_ := set .Values.persistence "vpnconfig" .Values.addons.vpn.configFile -}} - {{- end -}} - {{- end -}} {{- end -}} diff --git a/library/common/templates/addons/vpn/tailscale/_addon.tpl b/library/common/templates/addons/vpn/tailscale/_addon.tpl index e59c173b..be3f51fd 100644 --- a/library/common/templates/addons/vpn/tailscale/_addon.tpl +++ b/library/common/templates/addons/vpn/tailscale/_addon.tpl @@ -2,12 +2,10 @@ Template to render Tailscale addon. It will add the container to the list of additionalContainers. */}} -{{- define "tc.v1.common.addon.tailscale" -}} - {{/* Append the Tailscale container to the additionalContainers */}} - {{- $container := (include "tc.v1.common.addon.tailscale.container" . | fromYaml) -}} +{{- define "tc.v1.common.addon.vpn.tailscale" -}} + {{/* Append the code-server container to the additionalContainers */}} + {{- $container := include "tc.v1.common.addon.vpn.tailscale.container" . | fromYaml -}} {{- if $container -}} - {{- $_ := set .Values.additionalContainers "tailscale" $container -}} - {{- include "tailscale.secret" . -}} - {{- $_ := set .Values.persistence (printf "%v-%v" .Release.Name "tailscale" ) (include "tailscale.addon.persistence" . | fromYaml) -}} + {{- $_ := set .Values.workload.main.podSpec.containers "vpn" $container -}} {{- end -}} {{- end -}} diff --git a/library/common/templates/addons/vpn/tailscale/_container.tpl b/library/common/templates/addons/vpn/tailscale/_container.tpl index 1a601746..af2892c5 100644 --- a/library/common/templates/addons/vpn/tailscale/_container.tpl +++ b/library/common/templates/addons/vpn/tailscale/_container.tpl @@ -1,8 +1,7 @@ {{/* The Tailscale sidecar container to be inserted. */}} -{{- define "tc.v1.common.addon.tailscale.container" -}} -{{- $secretName := printf "%s-tailscale-secret" (include "tc.v1.common.names.fullname" .) }} +{{- define "tc.v1.common.addon.vpn.tailscale.container" -}} name: tailscale imageSelector: "tailscaleImage" imagePullPolicy: {{ .Values.tailscaleImage.pullPolicy }} @@ -28,7 +27,7 @@ securityContext: envFrom: - secretRef: - name: {{ $secretName }} + name: tailscale-secret {{/* Set KUBE_SECRET to empty string to force tailscale @@ -62,6 +61,9 @@ env: {{- with .Values.addons.vpn.tailscale.daemon_extra_args }} TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }} {{- end -}} + {{- with .Values.addons.vpn.tailscale.authkey }} + TS_AUTH_KEY: {{ . | b64enc }} + {{- end }} {{- range $envList := .Values.addons.vpn.envList -}} {{- if and $envList.name $envList.value }} @@ -77,17 +79,9 @@ env: {{- end -}} {{- end }} -volumeMounts: - - mountPath: {{ .Values.persistence.shared.mountPath }} - name: shared - - mountPath: /var/lib/tailscale - name: {{ printf "%v-%v" .Release.Name "tailscale" }} {{- with .Values.addons.vpn.livenessProbe }} livenessProbe: {{- toYaml . | nindent 2 }} {{- end -}} -{{- with .Values.addons.vpn.resources }} -resources: - inherit: true -{{- end -}} + {{- end -}} diff --git a/library/common/templates/addons/vpn/tailscale/_persistence.tpl b/library/common/templates/addons/vpn/tailscale/_persistence.tpl deleted file mode 100644 index 8b04b651..00000000 --- a/library/common/templates/addons/vpn/tailscale/_persistence.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{- define "tailscale.addon.persistence" -}} -enabled: true -mountPath: /var/lib/tailscale -type: emptyDir -noMount: true -{{- end -}} diff --git a/library/common/templates/addons/vpn/tailscale/_secret.tpl b/library/common/templates/addons/vpn/tailscale/_secret.tpl deleted file mode 100644 index 8c8fe445..00000000 --- a/library/common/templates/addons/vpn/tailscale/_secret.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{/* Define the secret */}} -{{- define "tailscale.secret" -}} - -{{- $secretName := printf "%s-tailscale-secret" (include "tc.v1.common.names.fullname" .) }} - ---- -{{/* This secrets are loaded on tailscale */}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: {{ $secretName }} -data: - {{- with .Values.addons.vpn.tailscale.authkey }} - TS_AUTH_KEY: {{ . | b64enc }} - {{- end }} -{{- end }} diff --git a/library/common/values.yaml b/library/common/values.yaml index c024ee5b..1173658e 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -216,7 +216,13 @@ persistence: main: vpn: mountPath: /vpn/mnt/ - + tailscale: + enabled: '{{ if eq .Values.addons.vpn.type "tailscale" }}' + type: emptyDir + targetSelector: + main: + vpn: + mountPath: /var/lib/tailscale # -- Injected from SCALE middleware