install headscale

2022-05-05 21:47:26 +02:00 · 2022-05-05 21:47:26 +02:00 · dd1e12d060
parent 029f0cf689
commit dd1e12d060
5 changed files with 147 additions and 0 deletions
--- a/_apps/headscale.yaml
+++ b/_apps/headscale.yaml
@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: headscale
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: headscale
+    server: https://kubernetes.default.svc
+  project: system
+  source:
+    path: headscale
+    repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
+    targetRevision: HEAD
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: headscale
--- a/headscale/configmap.yaml
+++ b/headscale/configmap.yaml
@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: headscale-etc
+data:
+  config.yaml: |
+    server_url: http://headscale.tbrnt.ch
+    listen_addr: 0.0.0.0:8080
+    metrics_listen_addr: 0.0.0.0:9090
+    grpc_listen_addr: 0.0.0.0:50443
+    ip_prefixes:
+      - fd7a:115c:a1e0::/48
+      - 100.64.0.0/10
+    ephemeral_node_inactivity_timeout: 30m
+    db_type: sqlite3
+    db_path: /vol/data/db.sqlite
+    private_key_path: /vol/secret/private.key
+    derp:
+      server:
+        enabled: true
+        region_id: 999
+        region_code: "headscale"
+        region_name: "Headscale Embedded DERP"
+        stun_listen_addr: "0.0.0.0:3478"
+      urls:
+        - https://controlplane.tailscale.com/derpmap/default
+      auto_update_enabled: true
+      update_frequency: 24h
+    dns_config:
+      nameservers:
+        - 9.9.9.9
+      base_domain: vpn.tobru.ch
--- a/headscale/ingress.yaml
+++ b/headscale/ingress.yaml
@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: headscale
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  rules:
+    - host: headscale.tbrnt.ch
+      http:
+        paths:
+          - backend:
+              service:
+                name: headscale
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - headscale.tbrnt.ch
+      secretName: ingress-cert
--- a/headscale/service.yaml
+++ b/headscale/service.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: headscale
+  name: headscale
+spec:
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+  selector:
+    app: headscale
--- a/headscale/statefulset.yaml
+++ b/headscale/statefulset.yaml
@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: headscale
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: headscale
+  serviceName: headscale
+  template:
+    metadata:
+      labels:
+        app: headscale
+    spec:
+      containers:
+        - command:
+            - headscale
+            - serve
+          image: ghcr.io/juanfont/headscale:0.15.0
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: GIN_MODE
+              value: release
+          livenessProbe:
+            initialDelaySeconds: 30
+            periodSeconds: 15
+            tcpSocket:
+              port: http
+            timeoutSeconds: 5
+          name: headscale
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /vol/data
+              name: data
+            - mountPath: /vol/secret
+              name: secret
+            - mountPath: /etc/headscale
+              name: etc
+      volumes:
+        - configMap:
+            name: headscale-etc
+          name: etc
+        - name: secret
+          secret:
+            secretName: headscale
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+        storageClassName: local-path