feat: Redis on tailnet

ionicsolutions · ionicsolutions · commit 924756bf9046 · 2025-04-16T00:08:14.000+02:00
diff --git a/deploy/charts/nebulous/templates/_helpers.tpl b/deploy/charts/nebulous/templates/_helpers.tpl
@@ -49,6 +49,14 @@ headscale
 https://{{- required ".Values.headscale.domain is required" .Values.headscale.domain }}
 {{- end }}
 
+{{- define "tailscale.loginServer" }}
+{{- if .Values.headscale.create }}
+{{- include "headscale.host" . }}
+{{- else }}
+{{- required ".Values.tailscale.loginServer is required" .Values.tailscale.loginServer }}
+{{- end }}
+{{- end }}
+
 {{- define "postgres.name" -}}
 postgres
 {{- end }}
diff --git a/deploy/charts/nebulous/templates/redis.yaml b/deploy/charts/nebulous/templates/redis.yaml
@@ -30,7 +30,31 @@ spec:
       labels:
         app: {{ include "redis.name" . }}
     spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
       containers:
+        - name: tailscale
+          image: tailscale/tailscale:latest
+          env:
+            - name: TS_STATE_DIR
+              value: /var/lib/tailscale
+            - name: TS_USERSPACE
+              value: "true"
+            - name: TS_AUTH_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.tailscale.secret.name }}
+                  key: {{ .Values.tailscale.secret.keys.authKey }}
+            - name: TS_EXTRA_ARGS
+              value: --login-server {{ include "tailscale.loginServer" . }}
+          volumeMounts:
+            - name: dev-net-tun
+              mountPath: /dev/net/tun
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - NET_RAW
         - name: redis
           image: "redis:{{ .Values.redis.imageTag }}"
           command:
@@ -47,6 +71,11 @@ spec:
                   key: {{ .Values.redis.secret.keys.password }}
           ports:
             - containerPort: 6379
+      volumes:
+        - name: dev-net-tun
+          hostPath:
+            path: /dev/net/tun
+            type: CharDevice
 ---
 apiVersion: v1
 kind: Service
diff --git a/deploy/charts/nebulous/values.yaml b/deploy/charts/nebulous/values.yaml
@@ -56,8 +56,6 @@ tailscale:
     # -- Name of the secret with the Redis connection string and password.
     name: "tailscale-secret"
     keys:
-      # -- The key in the secret containing the Tailscale host.
-      loginServer: "LOGIN_SERVER"
       # -- The key in the secret containing the Tailscale API key
       apiKey: "API_KEY"
       # -- The key in the secret containing the Tailscale auth key
