---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: {{ include "tailscale.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
{{ include "tailscale.labels" . | indent 4 }}
spec:
  selector:
    matchLabels:
{{ include "tailscale.labels" . | indent 6 }}
  template:
    metadata:
      labels:
{{ include "tailscale.labels" . | indent 8 }}
    spec:
      automountServiceAccountToken: false
      hostNetwork: true
      containers:
      - name: tailscale
        image: vexxhost/tailscale:latest
        lifecycle:
          postStart:
            exec:
              command: ["/bin/sh", "-c", "while [ ! -S /var/run/tailscale/tailscaled.sock ]; do sleep 1; done; tailscale up -authkey {{ .Values.authKey }}"]
        volumeMounts:
        - name: tailscale-state
          mountPath: /var/lib/tailscale
        - name: dev-tun
          mountPath: /dev/net/tun
        securityContext:
          capabilities:
            add: ["NET_ADMIN"]
      volumes:
      - name: tailscale-state
        hostPath:
          path: /var/lib/tailscale
          type: DirectoryOrCreate
      - name: dev-tun
        hostPath:
          type: CharDevice
          path: /dev/net/tun
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master