advanced tailscale sidecar
This commit is contained in:
parent
034097f262
commit
b9f4137a63
|
@ -13,6 +13,8 @@ spec:
|
|||
javascript: |
|
||||
const shellScript =
|
||||
'export PATH=$PATH:/tailscale/bin\n' +
|
||||
'export PINGIP="100.64.0.20"\n' +
|
||||
'export PROCESS_TO_WAIT_FOR="k8up"\n' +
|
||||
'set -e\n\n' +
|
||||
'if [[ ! -d /dev/net ]]; then\n' +
|
||||
' mkdir -p /dev/net\n' +
|
||||
|
@ -20,14 +22,29 @@ spec:
|
|||
'if [[ ! -c /dev/net/tun ]]; then\n' +
|
||||
' mknod /dev/net/tun c 10 200\n' +
|
||||
'fi\n\n' +
|
||||
'echo "Starting tailscaled in background"\n' +
|
||||
'echo "==> Starting tailscaled in background"\n' +
|
||||
'tailscaled --socket=/tmp/tailscaled.sock --state=mem: --statedir=/tmp &\n' +
|
||||
'TS_PID=$!\n\n' +
|
||||
'echo "Running tailscale up"\n' +
|
||||
'echo "==> Running tailscale up"\n' +
|
||||
'tailscale --socket=/tmp/tailscaled.sock up --authkey=${TS_AUTH_KEY} --accept-dns=false --login-server https://headscale.tbrnt.ch\n\n' +
|
||||
'echo "Waiting for K8up to exit"\n' +
|
||||
'while pidof k8up > /dev/null; do sleep 1; done\n\n' +
|
||||
'echo "K8up ended - stopping tailscale"\n' +
|
||||
'echo "==> Waiting for Tailscale to connect properly"\n' +
|
||||
'until tailscale --socket=/tmp/tailscaled.sock status; do\n' +
|
||||
' echo "... Tailscale not ready yet"\n' +
|
||||
' sleep 1\n' +
|
||||
'done\n\n' +
|
||||
'echo "==> Checking Tailscale connection to target"\n' +
|
||||
'until tailscale --socket=/tmp/tailscaled.sock ping $PINGIP; do\n' +
|
||||
' echo "==> ... No Tailscale connection yet"\n' +
|
||||
' sleep 1\n' +
|
||||
'done\n\n' +
|
||||
'echo "==> Checking network connection to target"\n' +
|
||||
'until ping -c1 $PINGIP; do\n' +
|
||||
' echo "==> ... No network connection yet"\n' +
|
||||
' sleep 1\n' +
|
||||
'done\n\n' +
|
||||
'echo "==> Connected! Waiting for main container to exit"\n' +
|
||||
'while pidof $PROCESS_TO_WAIT_FOR > /dev/null; do sleep 1; done\n\n' +
|
||||
'echo "==> Main container ended - stopping Tailscale"\n' +
|
||||
'kill -s SIGINT $TS_PID\n' +
|
||||
'wait ${TS_PID}';
|
||||
|
||||
|
@ -35,17 +52,19 @@ spec:
|
|||
request.object.spec.containers.push({
|
||||
name: "ts-sidecar",
|
||||
imagePullPolicy: "IfNotPresent",
|
||||
image: "ghcr.io/tailscale/tailscale:v1.48.2",
|
||||
image: "ghcr.io/tailscale/tailscale:v1.50.1",
|
||||
command: ["/bin/sh", "-c", shellScript],
|
||||
env: [{
|
||||
name: "TS_AUTH_KEY",
|
||||
valueFrom: {
|
||||
secretKeyRef: {
|
||||
name: "tailscale-auth-backup",
|
||||
key: "TS_AUTH_KEY"
|
||||
env: [
|
||||
{
|
||||
name: "TS_AUTH_KEY",
|
||||
valueFrom: {
|
||||
secretKeyRef: {
|
||||
name: "tailscale-auth-backup",
|
||||
key: "TS_AUTH_KEY"
|
||||
}
|
||||
}
|
||||
}
|
||||
}],
|
||||
],
|
||||
securityContext: {
|
||||
capabilities: {
|
||||
add: [ "NET_ADMIN" ]
|
||||
|
|
Loading…
Reference in a new issue