Run a tailscale subnet router in Kubernetes
This chart is not maintained by the upstream project and any issues with the chart should be raised here
Inspired by a video that Adrian Goins made in 2021. Unfortunately, he deleted the videos from his Youtube Channel. The setup he described consists of tailscale as a sidecar to Traefik in the edge
cluster, that can forward traffic to services in a local
cluster. This chart is intended for this local
cluster, where traffic is to be forwarded to.
This chart allows you to route traffic from another host via the tailscale network to your cluster's services. After the installation, please check in the tailscale admin interface that the host appears. Then disable the key expiration and activate the route for your cluster's service_cidr
.
This chart generates a serviceAccount
and the necessary Role
and RoleBinding
, so the serviceAccount
is allowed to read and write the secret that contains the API key.
You need to have a tailscale account. And you need a reusable tailscale API key.
Store the API-key in a secret in the namespace. By default, this chart requires a secret called tailscale-auth
, which should look like this:
apiVersion: v1
stringData:
TS_AUTH_KEY: tskey-auth-...
kind: Secret
metadata:
name: tailscale-auth
Replace tskey-auth-...
with your actual API key.
Kubernetes: >=1.19.0-0
Repository | Name | Version |
---|---|---|
https://johanneskastl.github.io/helm-charts/ | common | 5.0.5 |
helm repo add johanneskastl-helm-charts https://johanneskastl.github.io/helm-charts/
helm repo update
helm install tailscale johanneskastl-helm-charts/tailscale
To install the chart with the release name tailscale
helm install tailscale johanneskastl-helm-charts/tailscale
To uninstall the tailscale
deployment
helm uninstall tailscale
The command removes all the Kubernetes components associated with the chart including persistent volumes and deletes the release.
Read through the values.yaml file. It has several commented out suggested values. Other values may be used from the values.yaml from the common library.
Specify each parameter using the --set key=value[,key=value]
argument to helm install
.
helm install tailscale \
--set env.TZ="America/New York" \
johanneskastl-helm-charts/tailscale
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
helm install tailscale johanneskastl-helm-charts/tailscale -f values.yaml
This chart uses the common library chart. So you could used other parameters from the values.yaml.
However, this chart does not need other parameters than these ones:
Key | Type | Default | Description |
---|---|---|---|
env.TS_KUBE_SECRET |
string | "tailscale-auth" |
Name of the secret containing the tailscale API key for this machine |
env.TS_USERSPACE |
string | true |
|
env.TS_ROUTES |
string | none, setting this is mandatory | Routes this tailscale router should publish |
env.TS_ROUTES
should contain your cluster's service_cidr
, which allows you to forward traffic from the tailscale network to services running inside your cluster.
If you wish, you can tweak the image tag and specify which image to use:
Key | Type | Default | Description |
---|---|---|---|
image.pullPolicy | string | "Always" |
image pull policy |
image.repository | string | "tailscale/tailscale" |
image repository |
image.tag | string | chart.appVersion | image tag |
Read through the values.yaml file to see the complete list of parameters used. Tweaking other parameters than the ones above is not supported, you are on your own in that case...
Important: When deploying an application Helm chart you can add more values from the common library chart here
Key | Type | Default | Description |
---|---|---|---|
env | object | See below | environment variables |
image.pullPolicy | string | "Always" |
image pull policy |
image.repository | string | "ghcr.io/tailscale/tailscale" |
image repository |
image.tag | string | chart.appVersion | image tag |
podSecurityContext | object | {"runAsGroup":1000,"runAsUser":1000} |
Configure the Security Context for the Pod |
probes.liveness.enabled | bool | false |
|
probes.readiness.enabled | bool | false |
|
probes.startup.enabled | bool | false |
|
service.main.enabled | bool | false |
|
serviceAccount.annotations | object | {} |
Annotations to add to the service account |
serviceAccount.create | bool | true |
Specifies whether a service account should be created |
serviceAccount.name | string | "tailscale" |
The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
All notable changes to this Helm chart will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
N/A
- update appVersion to v1.78.3
N/A
- update appVersion to v1.78.2
N/A
- update appVersion to v1.78.1
N/A
- update appVersion to v1.78.0
N/A
- update appVersion to v1.76.6
N/A
- update appVersion to v1.76.3
N/A
- update appVersion to v1.76.1
N/A
- update appVersion to 1.76.0
N/A
- update appVersion to 1.74.1
N/A
- update appVersion to 1.74.0
N/A
- update appVersion to 1.72.0
N/A
- update appVersion to 1.70.0
N/A
- update appVersion to 1.68.1
N/A
- update appVersion to 1.68.0
N/A
- update appVersion to 1.66.4
N/A
- update appVersion to 1.66.3
N/A
- update appVersion to 1.66.2
N/A
- update appVersion to 1.66.1
- use image from ghcr.io registry
N/A
- update appVersion to 1.66.0
N/A
- update appVersion to 1.64.2
N/A
- update appVersion to 1.64.1
N/A
- update appVersion to 1.64.0
N/A
- update appVersion to 1.62.1
N/A
- update appVersion to 1.62.0
N/A
- update appVersion to 1.60.1
N/A
- update appVersion to 1.60.0
N/A
N/A
- update appVersion to 1.58.2
N/A
N/A
- update appVersion to 1.58.1
N/A
N/A
- update appVersion to 1.58.0
N/A
N/A
- update appVersion to 1.56.1
N/A
N/A
- update appVersion to 1.56.0
N/A
N/A
- update appVersion to 1.54.1
N/A
N/A
- update appVersion to 1.54.0
N/A
N/A
- update appVersion to 1.52.1
N/A
N/A
- update appVersion to 1.52.0
N/A
N/A
- update appVersion to 1.50.1
N/A
N/A
- update appVersion to 1.50.0
N/A
N/A
- update appVersion to 1.48.2
N/A
N/A
- update appVersion to 1.48.1
N/A
N/A
- update appVersion to 1.48.0
N/A
N/A
- update appVersion to 1.46.1
N/A
N/A
- update appVersion to 1.46.0
N/A
N/A
- update appVersion to 1.44.2
N/A
N/A
- update appVersion to 1.44.0
N/A
N/A
- update appVersion to 1.42.1
N/A
N/A
- update appVersion to 1.42.0
N/A
N/A
- update appVersion to 1.40.1
N/A
N/A
- update appVersion to 1.40.0
N/A
N/A
- update appVersion to 1.38.4
N/A
N/A
- update appVersion to 1.38.3
N/A
N/A
- generate README with helm-docs
N/A
- README.md added
- the
envFrom
section is no longer set in the values.yaml to avoid duplicate settings. Instead it is using the secret name from theenv.TS_KUBE_SECRET
N/A
First version of the chart, with appVersion v1.38.2
Open an issue.