apiVersion: apps/v1
kind: Deployment
metadata:
  name: headscale
spec:
  replicas: 2
  selector:
    matchLabels:
      app: headscale
  template:
    metadata:
      labels:
        app: headscale
    spec:
      containers:
        - name: headscale
          image: "headscale:latest"
          imagePullPolicy: IfNotPresent
          command: ["/go/bin/headscale", "serve"]
          env:
            - name: SERVER_URL
              value: $(PUBLIC_PROTO)://$(PUBLIC_HOSTNAME)
            - name: LISTEN_ADDR
              valueFrom:
                configMapKeyRef:
                  name: headscale-config
                  key: listen_addr
            - name: METRICS_LISTEN_ADDR
              valueFrom:
                configMapKeyRef:
                  name: headscale-config
                  key: metrics_listen_addr
            - name: DERP_MAP_PATH
              value: /vol/config/derp.yaml
            - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  name: headscale-config
                  key: ephemeral_node_inactivity_timeout
            - name: DB_TYPE
              value: postgres
            - name: DB_HOST
              value: postgres.headscale.svc.cluster.local
            - name: DB_PORT
              value: "5432"
            - name: DB_USER
              value: headscale
            - name: DB_PASS
              valueFrom:
                secretKeyRef:
                  name: postgresql
                  key: password
            - name: DB_NAME
              value: headscale
          ports:
            - name: http
              protocol: TCP
              containerPort: 8080
          livenessProbe:
            tcpSocket:
              port: http
            initialDelaySeconds: 30
            timeoutSeconds: 5
            periodSeconds: 15
          volumeMounts:
            - name: config
              mountPath: /vol/config
            - name: secret
              mountPath: /vol/secret
            - name: etc
              mountPath: /etc/headscale
      volumes:
        - name: config
          configMap:
            name: headscale-site
        - name: etc
          configMap:
            name: headscale-etc
        - name: secret
          secret:
            secretName: headscale