Add k8s deployment, standalone app Dockerfile.

Tested with Rancher k3s. See k8s/README.md for site configuration and deployment instructions. Add cert-manager, tls, remote headscale script.
2021-06-16 23:27:40 -05:00 · 2021-06-16 23:27:40 -05:00 · c64d756ea7
commit c64d756ea7
parent a63fb6b007
22 changed files with 531 additions and 0 deletions
--- a/k8s/postgres/deployment.yaml
+++ b/k8s/postgres/deployment.yaml
@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: headscale
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: headscale
+  template:
+    metadata:
+      labels:
+        app: headscale
+    spec:
+      containers:
+      - name: headscale
+        image: "headscale:latest"
+        imagePullPolicy: IfNotPresent
+        command: ["/go/bin/headscale", "serve"]
+        env:
+        - name: SERVER_URL
+          value: $(PUBLIC_PROTO)://$(PUBLIC_HOSTNAME)
+        - name: LISTEN_ADDR
+          valueFrom:
+            configMapKeyRef:
+              name: headscale-config
+              key: listen_addr
+        - name: PRIVATE_KEY_PATH
+          value: /vol/secret/private-key
+        - name: DERP_MAP_PATH
+          value: /vol/config/derp.yaml
+        - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
+          valueFrom:
+            configMapKeyRef:
+              name: headscale-config
+              key: ephemeral_node_inactivity_timeout
+        - name: DB_TYPE
+          value: postgres
+        - name: DB_HOST
+          value: postgres.headscale.svc.cluster.local
+        - name: DB_PORT
+          value: "5432"
+        - name: DB_USER
+          value: headscale
+        - name: DB_PASS
+          valueFrom:
+            secretKeyRef:
+              name: postgresql
+              key: password
+        - name: DB_NAME
+          value: headscale
+        ports:
+        - name: http
+          protocol: TCP
+          containerPort: 8080
+        livenessProbe:
+          tcpSocket:
+            port: http
+          initialDelaySeconds: 30
+          timeoutSeconds: 5
+          periodSeconds: 15
+        volumeMounts:
+        - name: config
+          mountPath: /vol/config
+        - name: secret
+          mountPath: /vol/secret
+        - name: etc
+          mountPath: /etc/headscale
+      volumes:
+      - name: config
+        configMap:
+          name: headscale-site
+      - name: etc
+        configMap:
+          name: headscale-etc
+      - name: secret
+        secret:
+          secretName: headscale