From 10d80e3452daefd458f700b18233e02cd8ba4719 Mon Sep 17 00:00:00 2001
From: Marcus Noble <github@marcusnoble.co.uk>
Date: Thu, 4 Nov 2021 19:01:50 +0000
Subject: [PATCH] Added non-auth proxy

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
---
 manifests/auth-proxy/non-auth-proxy.yaml | 101 +++++++++++++++++++++++
 1 file changed, 101 insertions(+)
 create mode 100644 manifests/auth-proxy/non-auth-proxy.yaml

diff --git a/manifests/auth-proxy/non-auth-proxy.yaml b/manifests/auth-proxy/non-auth-proxy.yaml
new file mode 100644
index 0000000..84f534b
--- /dev/null
+++ b/manifests/auth-proxy/non-auth-proxy.yaml
@@ -0,0 +1,101 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: host-mappings
+  namespace: auth-proxy
+  labels:
+    app: proxy
+data:
+  mapping.json: |
+    {
+      "tekton-el.auth-proxy.svc": "tekton-el.cluster.local"
+    }
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: proxy
+  namespace: auth-proxy
+  labels:
+    app: proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: proxy
+  template:
+    metadata:
+      labels:
+        app: proxy
+    spec:
+      dnsPolicy: None
+      dnsConfig:
+        nameservers:
+          - 100.100.100.100
+      containers:
+      - name: proxy
+        image: docker.cluster.fun/averagemarcus/proxy:latest
+        imagePullPolicy: Always
+        env:
+        - name: PROXY_DESTINATION
+          value: talos.averagemarcus.github.beta.tailscale.net
+        - name: PORT
+          value: "8080"
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        volumeMounts:
+        - name: host-mappings
+          mountPath: /config/
+      - name: tailscale
+        image: ghcr.io/tailscale/tailscale:latest
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: AUTH_KEY
+          valueFrom:
+            secretKeyRef:
+              name: tailscale-auth
+              key: password
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+        command:
+        - sh
+        - -c
+        - |
+          export PATH=$PATH:/tailscale/bin
+          if [[ ! -d /dev/net ]]; then mkdir -p /dev/net; fi
+          if [[ ! -c /dev/net/tun ]]; then mknod /dev/net/tun c 10 200; fi
+          echo "Starting tailscaled"
+          tailscaled --socket=/tmp/tailscaled.sock &
+          PID=$!
+          echo "Running tailscale up"
+          tailscale --socket=/tmp/tailscaled.sock up \
+            --accept-dns=true \
+            --authkey=${AUTH_KEY} \
+            --hostname=auth-proxy
+          wait ${PID}
+      volumes:
+      - name: host-mappings
+        configMap:
+          name: host-mappings
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tekton-el
+  namespace: auth-proxy
+  labels:
+    app: proxy
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: proxy
+  type: ClusterIP
+---