mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-24 22:02:04 +02:00 
			
		
		
		
	There should not be a need to do that unless we run on host network Signed-off-by: Irbe Krumina <irbe@tailscale.com>
		
			
				
	
	
		
			34 lines
		
	
	
		
			786 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			34 lines
		
	
	
		
			786 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # Copyright (c) Tailscale Inc & AUTHORS
 | |
| # SPDX-License-Identifier: BSD-3-Clause
 | |
| apiVersion: v1
 | |
| kind: Pod
 | |
| metadata:
 | |
|   name: subnet-router
 | |
|   labels:
 | |
|     app: tailscale
 | |
| spec:
 | |
|   serviceAccountName: "{{SA_NAME}}"
 | |
|   containers:
 | |
|   - name: tailscale
 | |
|     imagePullPolicy: Always
 | |
|     image: "ghcr.io/tailscale/tailscale:latest"
 | |
|     env:
 | |
|     # Store the state in a k8s secret
 | |
|     - name: TS_KUBE_SECRET
 | |
|       value: "{{TS_KUBE_SECRET}}"
 | |
|     - name: TS_USERSPACE
 | |
|       value: "false"
 | |
|     - name: TS_DEBUG_FIREWALL_MODE
 | |
|       value: auto
 | |
|     - name: TS_AUTHKEY
 | |
|       valueFrom:
 | |
|         secretKeyRef:
 | |
|           name: tailscale-auth
 | |
|           key: TS_AUTHKEY
 | |
|           optional: true
 | |
|     - name: TS_ROUTES
 | |
|       value: "{{TS_ROUTES}}"
 | |
|     securityContext:
 | |
|       runAsUser: 1000
 | |
|       runAsGroup: 1000
 |