chore: add proxy class for tailscale

kashalls · Oct 23, 2024 · 9f79d4c · 9f79d4c
1 parent ae546a4
commit 9f79d4c
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/kubernetes/main/apps/game-servers/minecraft/app/tailscale.yaml b/kubernetes/main/apps/game-servers/minecraft/app/tailscale.yaml
@@ -6,6 +6,8 @@ metadata:
 spec:
   annotations:
     tailscale.com/hostname: "kashmc"
+  labels:
+    tailscale.com/proxy-class: "tun-access"
   type: LoadBalancer
   loadBalancerClass: tailscale
   selector:

diff --git a/kubernetes/main/apps/networking/tailscale/app/kustomization.yaml b/kubernetes/main/apps/networking/tailscale/app/kustomization.yaml
@@ -5,3 +5,4 @@ kind: Kustomization
 resources:
   - ./externalsecret.yaml
   - ./helmrelease.yaml
+  - ./proxyclass.yaml
diff --git a/kubernetes/main/apps/networking/tailscale/app/proxyclass.yaml b/kubernetes/main/apps/networking/tailscale/app/proxyclass.yaml
@@ -0,0 +1,18 @@
+apiVersion: tailscale.com/v1alpha1
+kind: ProxyClass
+metadata:
+  name: tun-access
+spec:
+  statefulSet:
+    pod:
+      tailscaleContainer:
+        resources:
+          limits:
+            kernel.org/tun: "1"
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+            add:
+              - NET_ADMIN