From 83fdbedd56401f2f44063e43e217edf5ac3256f5 Mon Sep 17 00:00:00 2001 From: Remy Moll Date: Thu, 24 Apr 2025 22:50:13 +0200 Subject: [PATCH] add headscale --- infrastructure/headscale/ingress.yaml | 17 +++++++++++++ infrastructure/headscale/kustomization.yaml | 22 +++++++++++++++++ infrastructure/headscale/namespace.yaml | 6 +++++ infrastructure/headscale/pvc.yaml | 23 +++++++++++++++++ infrastructure/headscale/service.yaml | 10 ++++++++ infrastructure/headscale/serviceaccount.yaml | 26 ++++++++++++++++++++ 6 files changed, 104 insertions(+) create mode 100644 infrastructure/headscale/ingress.yaml create mode 100644 infrastructure/headscale/kustomization.yaml create mode 100644 infrastructure/headscale/namespace.yaml create mode 100644 infrastructure/headscale/pvc.yaml create mode 100644 infrastructure/headscale/service.yaml create mode 100644 infrastructure/headscale/serviceaccount.yaml diff --git a/infrastructure/headscale/ingress.yaml b/infrastructure/headscale/ingress.yaml new file mode 100644 index 0000000..11024da --- /dev/null +++ b/infrastructure/headscale/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: headscale-ingressroute + +spec: + entryPoints: + - websecure + routes: + - match: Host(`headscale.kluster.moll.re`) + kind: Rule + services: + - name: headscale-web + port: 8080 + + tls: + certResolver: default-tls diff --git a/infrastructure/headscale/kustomization.yaml b/infrastructure/headscale/kustomization.yaml new file mode 100644 index 0000000..da2ada0 --- /dev/null +++ b/infrastructure/headscale/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: headscale + +resources: + - namespace.yaml + - headscale-config.configmap.yaml + - headplane-config.configmap.yaml + - pvc.yaml + - deployment.yaml + - serviceaccount.yaml + - service.yaml + - ingress.yaml + +images: + - name: headscale + newName: headscale/headscale # has all plugins + newTag: v0.25.1 + - name: headplane + newName: ghcr.io/tale/headplane + newTag: "0.5.10" diff --git a/infrastructure/headscale/namespace.yaml b/infrastructure/headscale/namespace.yaml new file mode 100644 index 0000000..1178cee --- /dev/null +++ b/infrastructure/headscale/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: placeholder + labels: + pod-security.kubernetes.io/enforce: privileged diff --git a/infrastructure/headscale/pvc.yaml b/infrastructure/headscale/pvc.yaml new file mode 100644 index 0000000..fc1835b --- /dev/null +++ b/infrastructure/headscale/pvc.yaml @@ -0,0 +1,23 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: headscale-data +spec: + storageClassName: "nfs-client" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: headplane-data +spec: + storageClassName: "nfs-client" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/infrastructure/headscale/service.yaml b/infrastructure/headscale/service.yaml new file mode 100644 index 0000000..9b8a304 --- /dev/null +++ b/infrastructure/headscale/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: headscale-web +spec: + selector: + app: headscale + ports: + - port: 8080 + targetPort: 8080 diff --git a/infrastructure/headscale/serviceaccount.yaml b/infrastructure/headscale/serviceaccount.yaml new file mode 100644 index 0000000..f9de355 --- /dev/null +++ b/infrastructure/headscale/serviceaccount.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: headplane-agent + # namespace: default # Adjust namespace as needed +rules: +- apiGroups: [''] + resources: ['pods'] + verbs: ['get', 'list'] +- apiGroups: ['apps'] + resources: ['deployments'] + verbs: ['get', 'list'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: headplane-agent + # namespace: default # Adjust namespace as needed +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: headplane-agent +subjects: +- kind: ServiceAccount + name: default # If you use a different service account, change this + # namespace: default # Adjust namespace as needed \ No newline at end of file