Zenn
Open4

Tailscale を k8s に deploy したい

K8s
Tailscale
wintwint

env var

https://kubernetes.io/ja/docs/tasks/inject-data-application/distribute-credentials-secure/#secretのすべてのkey-valueペアを環境変数として設定する

§Secretのすべてのkey-valueペアを環境変数として設定する

https://github.com/tailscale/tailscale/blob/main/docs/k8s/Makefile

code

command

kubectl create secret generic tailscale-auth-test-secret \
--from-literal=TS_KUBE_SECRET='tailscale' \
--from-literal=TS_USERSPACE='true' \
--from-literal=TS_AUTH_KEY='tskey-0123456789abcdef' \
--from-literal=TS_ROUTES="10.96.0.0/12" \
# --from-literal=TS_ACCEPT_DNS=true
;

manifest

apiVersion: v1
kind: Pod
metadata:
  name: tailscale-auth-test
spec:
  serviceAccountName: "tailscale"
  containers:
    - name: tailscale-auth-test-container
    image: "ghcr.io/tailscale/tailscale:latest"
    envFrom:
      - secretRef:
        name: tailscale-auth-test-secret
wintwint

なんかある

https://tailscale.com/kb/1080/cli/#configure-alpha

kubeconfig Configure kubectl to connect to a Kubernetes cluster using Tailscale.

$ tailscale configure kubeconfig -h
USAGE
  kubeconfig <hostname-or-fqdn>

Run this command to configure kubectl to connect to a Kubernetes cluster over Tailscale.

The hostname argument should be set to the Tailscale hostname of the peer running as an auth proxy in the cluster.

See: https://tailscale.com/s/k8s-auth-proxy

https://tailscale.com/kb/1236/kubernetes-operator/#enabling-an-auth-proxy