Update catalog information

catalog.json

@@ -49,7 +49,7 @@
             "latest_version": "1.0.2",
             "latest_app_version": "8.7.0",
             "latest_human_version": "8.7.0_1.0.2",
-            "last_update": "2023-04-12 13:31:20",
+            "last_update": "2023-04-19 22:29:44",
             "name": "elastic-search",
             "recommended": false,
             "title": "Elastic Search",
@@ -382,6 +382,25 @@
             "title": "Chia",
             "icon_url": "https://www.chia.net/wp-content/uploads/2022/09/chia-logo.svg"
         },
+        "tailscale": {
+            "app_readme": "<h1>Tailscale</h1>\n<p><a href=\"https://tailscale.com\">Tailscale</a> Secure remote access to shared resources</p>\n<ul>\n<li>When <code>Userspace</code> is <strong>disabled</strong>, <code>Tailscale</code> will run as root, with <code>/dev/net/tun</code> device mounted from the host.</li>\n<li>When <code>Userspace</code> is <strong>enabled</strong>, <code>Tailscale</code> will run as a non-root user.</li>\n</ul>",
+            "categories": [
+                "vpn",
+                "tailscale"
+            ],
+            "description": "Secure remote access to shared resources",
+            "healthy": true,
+            "healthy_error": null,
+            "location": "/__w/charts/charts/community/tailscale",
+            "latest_version": "1.0.0",
+            "latest_app_version": "v1.38.4",
+            "latest_human_version": "v1.38.4_1.0.0",
+            "last_update": null,
+            "name": "tailscale",
+            "recommended": false,
+            "title": "Tailscale",
+            "icon_url": "https://avatars.githubusercontent.com/u/48932923"
+        },
         "radarr": {
             "app_readme": "<h1>Radarr</h1>\n<p><a href=\"https://github.com/Radarr/Radarr\">Radarr</a> is a movie collection manager for Usenet and BitTorrent users.</p>\n<blockquote>\n<p>When application is installed, a container will be launched with <strong>root</strong> privileges.\nThis is required in order to apply the correct permissions to the <code>Radarr</code> directories.\nAfterward, the <code>Radarr</code> container will run as a <strong>non</strong>-root user (Default: <code>568</code>).\nAll mounted storage(s) will be <code>chown</code>ed only if the parent directory does not match the configured user.</p>\n</blockquote>",
             "categories": [

community/tailscale/1.0.0/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../common
+  version: 1.0.5
+digest: sha256:cf1db8c2ae650987a3e3d8d98767caab62c341bd0fb15309213b00dce87111cc
+generated: "2023-04-17T12:58:28.51235027+03:00"

community/tailscale/1.0.0/Chart.yaml

@@ -0,0 +1,25 @@
+name: tailscale
+description: Secure remote access to shared resources
+annotations:
+  title: Tailscale
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: 'v1.38.4'
+kubeVersion: '>=1.16.0-0'
+maintainers:
+  - name: truenas
+    url: https://www.truenas.com/
+dependencies:
+  - name: common
+    repository: file://../../../common
+    version: 1.0.5
+home: https://tailscale.com/
+icon: https://avatars.githubusercontent.com/u/48932923
+sources:
+  - https://tailscale.com/
+  - https://github.com/truenas/charts/tree/master/community/tailscale
+  - https://hub.docker.com/r/tailscale/tailscale
+keywords:
+  - vpn
+  - tailscale

community/tailscale/1.0.0/README.md

@@ -0,0 +1,6 @@
+# Tailscale
+
+[Tailscale](https://tailscale.com) Secure remote access to shared resources
+
+- When `Userspace` is **disabled**, `Tailscale` will run as root, with `/dev/net/tun` device mounted from the host.
+- When `Userspace` is **enabled**, `Tailscale` will run as a non-root user.

community/tailscale/1.0.0/app-readme.md

@@ -0,0 +1,6 @@
+# Tailscale
+
+[Tailscale](https://tailscale.com) Secure remote access to shared resources
+
+- When `Userspace` is **disabled**, `Tailscale` will run as root, with `/dev/net/tun` device mounted from the host.
+- When `Userspace` is **enabled**, `Tailscale` will run as a non-root user.

community/tailscale/1.0.0/ci/basic-values.yaml

@@ -0,0 +1,20 @@
+# FIXME: Find a way to have a test key for CI testing
+tailscaleConfig:
+  authkey: 'tskey-auth-abcd123CNTRL-abcde12345abcde12345abcde12345ab'
+  hostname: 'test-host'
+  advertiseExitNode: true
+  userspace: true
+  acceptDns: true
+
+workload:
+  tailscale:
+    podSpec:
+      containers:
+        tailscale:
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false

community/tailscale/1.0.0/ix_values.yaml

@@ -0,0 +1,23 @@
+image:
+  repository: tailscale/tailscale
+  pullPolicy: IfNotPresent
+  tag: 'v1.38.4'
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+tailscaleConfig:
+  authkey: ''
+  hostname: ''
+  advertiseRoutes: []
+  advertiseExitNode: false
+  userspace: true
+  acceptDns: false
+  extraArgs: []
+  extraDaemonArgs: []
+  additionalEnvs: []
+
+tailscaleNetwork:
+  hostNetwork: false

community/tailscale/1.0.0/questions.yaml

@@ -0,0 +1,158 @@
+groups:
+  - name: Tailscale Configuration
+    description: Configure Tailscale
+  - name: Network Configuration
+    description: Configure Network for Tailscale
+  - name: Resources Configuration
+    description: Configure Resources for Tailscale
+
+questions:
+  - variable: tailscaleConfig
+    label: ""
+    group: Tailscale Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: authkey
+          label: Auth Key
+          description: |
+            The auth key for Tailscale.</br>
+            Same as `--authkey` flag.
+          schema:
+            type: string
+            default: ""
+            required: true
+            private: true
+        - variable: hostname
+          label: Hostname
+          description: |
+            The hostname for Tailscale Node.</br>
+            Only lowercase letters, numbers, and hyphens are allowed.</br>
+            Same as `--hostname` flag.
+          schema:
+            type: string
+            default: "truenas-scale"
+            required: true
+        - variable: advertiseRoutes
+          label: Advertise Routes
+          description: |
+            The routes to advertise.</br>
+            Same as `--advertise-routes` flag.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: routeEntry
+                label: Route
+                schema:
+                  type: string
+                  required: true
+        - variable: advertiseExitNode
+          label: Advertise Exit Node
+          description: |
+            Advertise as Exit Node.</br>
+            Same as `--advertise-exit-node` flag.
+          schema:
+            type: boolean
+            default: false
+        - variable: userspace
+          label: Userspace
+          description: Userspace for Tailscale.
+          schema:
+            type: boolean
+            default: true
+        - variable: acceptDns
+          label: Accept DNS
+          description: |
+            Accept DNS.</br>
+            Same as `--accept-dns` flag.
+          schema:
+            type: boolean
+            default: false
+        - variable: extraArgs
+          label: Extra Arguments
+          description: Extra arguments for Tailscale.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: argEntry
+                label: Argument
+                schema:
+                  type: string
+                  required: true
+        - variable: extraDaemonArgs
+          label: Extra Daemon Arguments
+          description: Extra arguments for Tailscale daemon.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: DaemonArgEntry
+                label: Daemon Argument
+                schema:
+                  type: string
+                  required: true
+
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for Tailscale.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: env
+                label: Environment Variable
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Value
+                      schema:
+                        type: string
+                        required: true
+
+  - variable: tailscaleNetwork
+    label: ""
+    group: Network Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: hostNetwork
+          label: Host Network
+          description: |
+            Bind to the host network. It's recommended to keep this disabled.</br>
+          schema:
+            type: boolean
+            default: false
+
+  - variable: resources
+    group: Resources Configuration
+    label: ""
+    schema:
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for Tailscale.
+                schema:
+                  type: string
+                  default: "4000m"
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for Tailscale.
+                schema:
+                  type: string
+                  default: "8Gi"
+                  required: true

community/tailscale/1.0.0/templates/NOTES.txt

@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}

community/tailscale/1.0.0/templates/_helper.tpl

@@ -0,0 +1,32 @@
+{{- define "tailscale.args" -}}
+  {{- $args := list -}}
+
+  {{- with .Values.tailscaleConfig.hostname -}}
+    {{- $args = mustAppend $args (printf "--hostname %v" .) -}}
+  {{- end -}}
+
+  {{- with .Values.tailscaleConfig.advertiseExitNode -}}
+    {{- $args = mustAppend $args "--advertise-exit-node" -}}
+  {{- end -}}
+
+  {{- with .Values.tailscaleConfig.extraArgs -}}
+    {{- $args = mustAppend $args . -}}
+  {{- end -}}
+
+  {{- if $args -}}
+    {{- $args | join " " -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "tailscale.validation" -}}
+  {{- if not .Values.tailscaleConfig.authkey -}}
+    {{- fail "Tailscale - Expected non-empty [Auth Key]" -}}
+  {{- end -}}
+
+  {{- with .Values.tailscaleConfig.hostname -}}
+    {{- if not (mustRegexMatch "^[a-z0-9-]+$" .) -}}
+      {{- fail "Tailscale - Expected [Hostname] to match the following - [All lowercase, numbers, dashes, No spaces, No underscores]" -}}
+    {{- end -}}
+  {{- end -}}
+
+{{- end -}}

community/tailscale/1.0.0/templates/_tailscale.tpl

@@ -0,0 +1,138 @@
+{{- define "tailscale.workload" -}}
+{{ include "tailscale.validation" $ }}
+workload:
+  tailscale:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      automountServiceAccountToken: true
+      hostNetwork: {{ .Values.tailscaleNetwork.hostNetwork }}
+      sysctls:
+        - name: net.ipv4.ip_forward
+          value: "1"
+        - name: net.ipv6.conf.all.forwarding
+          value: "1"
+      containers:
+        tailscale:
+          enabled: true
+          primary: true
+          imageSelector: image
+          command: /usr/local/bin/containerboot
+          securityContext:
+            {{ if .Values.tailscaleConfig.userspace }}
+            runAsUser: 568
+            runAsGroup: 568
+            {{ else }}
+            runAsUser: 0
+            runAsGroup: 0
+            runAsNonRoot: false
+            {{ end }}
+            readOnlyRootFilesystem: false
+            capabilities:
+              add:
+                - NET_ADMIN
+                - NET_RAW
+          env:
+            TS_KUBE_SECRET: {{ printf "%s-tailscale-secret" (include "ix.v1.common.lib.chart.names.fullname" .) }}
+            TS_SOCKET: /var/run/tailscale/tailscaled.sock
+            TS_USERSPACE: {{ .Values.tailscaleConfig.userspace | quote }}
+            TS_ACCEPT_DNS: {{ .Values.tailscaleConfig.acceptDns | quote }}
+            {{ with .Values.tailscaleConfig.advertiseRoutes }}
+            TS_ROUTES: {{ join "," . }}
+            {{ end }}
+            {{ with (include "tailscale.args" $) }}
+            TS_EXTRA_ARGS: {{ . }}
+            {{ end }}
+            {{ with .Values.tailscaleConfig.extraDaemonArgs }}
+            TS_TAILSCALED_ARGS: {{ join " " . }}
+            {{ end }}
+          {{ with .Values.tailscaleConfig.additionalEnvs }}
+          envList:
+            {{ range $env := . }}
+            - name: {{ $env.name }}
+              value: {{ $env.value }}
+            {{ end }}
+          {{ end }}
+          probes:
+            liveness:
+              enabled: true
+              type: exec
+              command:
+                - tailscale
+                - status
+            readiness:
+              enabled: true
+              type: exec
+              command:
+                - tailscale
+                - status
+            startup:
+              enabled: true
+              type: exec
+              command:
+                - tailscale
+                - status
+
+{{/* RBAC */}}
+serviceAccount:
+  tailscale:
+    enabled: true
+    primary: true
+
+rbac:
+  tailscale:
+    enabled: true
+    primary: true
+    rules:
+      - apiGroups:
+          - ""
+        resources:
+          - secrets
+        verbs:
+          - create
+      - apiGroups:
+          - ""
+        resources:
+          - secrets
+        resourceNames:
+          - {{ printf "%s-tailscale-secret" (include "ix.v1.common.lib.chart.names.fullname" .) }}
+        verbs:
+          - get
+          - update
+          - patch
+
+{{/* Persistence */}}
+persistence:
+  tun-dev:
+    enabled: {{ not .Values.tailscaleConfig.userspace }}
+    type: device
+    hostPath: /dev/net/tun
+    targetSelector:
+      tailscale:
+        tailscale:
+          mountPath: /dev/net/tun
+  var-run:
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      tailscale:
+        tailscale:
+          mountPath: /var/run
+  cache:
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      tailscale:
+        tailscale:
+          mountPath: /.cache
+
+{{/* Secret */}}
+secret:
+  tailscale-secret:
+    enabled: true
+    data:
+      {{/* Name "authkey" must not be changed, it's what tailscale looks for */}}
+      authkey: {{ .Values.tailscaleConfig.authkey }}
+
+{{- end -}}

community/tailscale/1.0.0/templates/common.yaml

@@ -0,0 +1,6 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "tailscale.workload" $ | fromYaml) -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

community/tailscale/item.yaml

@@ -0,0 +1,4 @@
+icon_url: https://avatars.githubusercontent.com/u/48932923
+categories:
+  - vpn
+  - tailscale