Allow tailscale to write pod events

volundsgatan · Feb 6, 2025 · 5dd8bc7 · 5dd8bc7
1 parent 98fb257
commit 5dd8bc7
Show file tree

Hide file tree

Showing 9 changed files with 68 additions and 1 deletion.
diff --git a/kubernetes/ingress/caddy-argocd.yaml b/kubernetes/ingress/caddy-argocd.yaml
@@ -107,6 +107,14 @@ spec:
               value: --hostname=argocd
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/caddy-grafana.yaml b/kubernetes/ingress/caddy-grafana.yaml
@@ -101,6 +101,14 @@ spec:
               value: --hostname=grafana
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/caddy-immich.yaml b/kubernetes/ingress/caddy-immich.yaml
@@ -101,6 +101,14 @@ spec:
               value: --hostname=immich
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/caddy-meta.yaml b/kubernetes/ingress/caddy-meta.yaml
@@ -102,6 +102,14 @@ spec:
               value: --hostname=meta
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/caddy-prometheus.yaml b/kubernetes/ingress/caddy-prometheus.yaml
@@ -101,6 +101,14 @@ spec:
               value: --hostname=prometheus
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/caddy-registry.yaml b/kubernetes/ingress/caddy-registry.yaml
@@ -107,6 +107,14 @@ spec:
               value: --hostname=registry
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:
@@ -148,4 +156,4 @@ spec:
   ports:
     - protocol: TCP
       port: 443
-      targetPort: 443
+      targetPort: 443
diff --git a/kubernetes/ingress/caddy-sonos.yaml b/kubernetes/ingress/caddy-sonos.yaml
@@ -106,6 +106,14 @@ spec:
               value: --hostname=sonos
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/caddy-zigbee2mqtt.yaml b/kubernetes/ingress/caddy-zigbee2mqtt.yaml
@@ -101,6 +101,14 @@ spec:
               value: --hostname=zigbee2mqtt
             - name: TS_SOCKET
               value: /var/run/tailscale/tailscaled.sock
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           securityContext:
             capabilities:
               add:

diff --git a/kubernetes/ingress/tailscale-rbac.yaml b/kubernetes/ingress/tailscale-rbac.yaml
@@ -28,6 +28,9 @@ rules:
       ]
     resources: ["secrets"]
     verbs: ["get", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "update", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding