Skip to content

Adding helm chart #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adding helm chart #122

wants to merge 2 commits into from

Conversation

@twentybit
Copy link

@twentybit twentybit commented Nov 19, 2025

This PR contains a working copy of a helm chart used to deploy tsidp on kubernetes. I raised #94 for this request.

I've included fsGroup and runAsUser defaults in the values.yaml to fix PVC storage caused by #113

I've not included a GitHub workflow as I'm not sure how you'd want to lint/test/release this (if this is accepted!). Happy collaborating on that part if this looks like a good base?

Here's a copy of the k8s manifests generated using the default values:
$ helm template --dry-run chart

---
# Source: tsidp/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: release-name-tsidp
  labels:
    helm.sh/chart: tsidp-0.1.0
    app.kubernetes.io/name: tsidp
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "latest"
    app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: true
---
# Source: tsidp/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: release-name-tsidp
  labels:
    helm.sh/chart: tsidp-0.1.0
    app.kubernetes.io/name: tsidp
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "latest"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: tsidp
      app.kubernetes.io/instance: release-name
  template:
    metadata:
      labels:
        helm.sh/chart: tsidp-0.1.0
        app.kubernetes.io/name: tsidp
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/version: "latest"
        app.kubernetes.io/managed-by: Helm
    spec:
      serviceAccountName: release-name-tsidp
      securityContext:
        fsGroup: 1001
      containers:
        - name: tsidp
          securityContext:
            readOnlyRootFilesystem: false
            runAsNonRoot: true
            runAsUser: 1001
          image: "ghcr.io/tailscale/tsidp:latest"
          imagePullPolicy: IfNotPresent
          env:
            - name: TAILSCALE_USE_WIP_CODE
              value: "1"
            - name: TS_STATE_DIR
              value: "/data"
            - name: TS_HOSTNAME
              value: "idp"
            - name: TSIDP_PORT
              value: "443"
            - name: TSIDP_ENABLE_STS
              value: "1"
          volumeMounts:
            - name: tsidp-data
              mountPath: /data
      volumes:
        - name: tsidp-data
          emptyDir: {}

@twentybit
Adding helm chart
e91d1d2 
Signed-off-by: Twentybit <[email protected]>
@twentybit
Adding funnel flag
4d057fb 
Signed-off-by: Twentybit <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@twentybit