ipn/store: add ability to store data as k8s secrets.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali
Maisem Ali
@@ -0,0 +1,20 @@
|
||||
# Using Kubernetes Secrets as the state store for Tailscale
|
||||
Tailscale supports using Kubernetes Secrets as the state store, however there is some configuration required in order for it to work.
|
||||
|
||||
**Note: this only works if `tailscaled` runs inside a pod in the cluster.**
|
||||
|
||||
1. Create a service account for Tailscale (optional)
|
||||
```
|
||||
kubectl create -f sa.yaml
|
||||
```
|
||||
|
||||
1. Create role and role bindings for the service account
|
||||
```
|
||||
kubectl create -f role.yaml
|
||||
kubectl create -f rolebinding.yaml
|
||||
```
|
||||
|
||||
1. Launch `tailscaled` with a Kubernetes Secret as the state store.
|
||||
```
|
||||
tailscaled --state=kube:tailscale
|
||||
```
|
||||
@@ -0,0 +1,10 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
namespace: default
|
||||
name: tailscale
|
||||
rules:
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resourceNames: ["tailscale"]
|
||||
resources: ["secrets"]
|
||||
verbs: ["create", "get", "update"]
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
namespace: default
|
||||
name: tailscale
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: tailscale
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: tailscale
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@@ -0,0 +1,5 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: tailscale
|
||||
namespace: default
|
||||
Reference in New Issue
Block a user