feat(documentation): Added readme content and adjusted config

Headscale/README.md

@@ -0,0 +1,5 @@
+# Headscale
+Headscale is a self-hosted TailScale server. As far as I can tell, there isn't really a web frontend provided with the container image and all management actions are done on the command line
+
+## Using this kubernetes config
+Set the headscale domain name in `ingress.yml`. This config assumes you have cert-manager installed on your cluster, so if you want to provide HTTPS another way, feel free to comment out the `spec.tls` section (the annotation shouldn't affect anything, but you can comment it out as well if you want). Then look through the `config.yml` file and configure Headscale to fit your needs.

Headscale/config.yml

@@ -15,14 +15,13 @@ data:
     #
     # https://myheadscale.example.com:443
     #
-    # server_url: http://127.0.0.1:8080
+    server_url: http://127.0.0.1:8080
-    server_url: https://headscale.foxhawk.co.uk
 
     # Address to listen to / bind to on the server
     #
     # For production:
-    listen_addr: 0.0.0.0:8080
+    # listen_addr: 0.0.0.0:8080
-    # listen_addr: 127.0.0.1:8080
+    listen_addr: 127.0.0.1:8080
 
     # Address to listen to /metrics and /debug, you may want
     # to keep this endpoint private to your internal network
@@ -207,31 +206,31 @@ data:
     # TLS for a domain with Let's Encrypt.
     #
     # URL to ACME directory
-    #acme_url: https://acme-v02.api.letsencrypt.org/directory
+    acme_url: https://acme-v02.api.letsencrypt.org/directory
 
     # Email to register with ACME provider
-    #acme_email: ""
+    acme_email: ""
 
     # Domain name to request a TLS certificate for:
-    #tls_letsencrypt_hostname: ""
+    tls_letsencrypt_hostname: ""
 
     # Path to store certificates and metadata needed by
     # letsencrypt
     # For production:
-    #tls_letsencrypt_cache_dir: /var/lib/headscale/cache
+    tls_letsencrypt_cache_dir: /var/lib/headscale/cache
 
     # Type of ACME challenge to use, currently supported types:
     # HTTP-01 or TLS-ALPN-01
     # See: docs/ref/tls.md for more information
-    #tls_letsencrypt_challenge_type: HTTP-01
+    tls_letsencrypt_challenge_type: HTTP-01
     # When HTTP-01 challenge is chosen, letsencrypt must set up a
     # verification endpoint, and it will be listening on:
     # :http = port 80
-    #tls_letsencrypt_listen: ":http"
+    tls_letsencrypt_listen: ":http"
 
     ## Use already defined certificates:
-    #tls_cert_path: ""
+    tls_cert_path: ""
-    #tls_key_path: ""
+    tls_key_path: ""
 
     log:
       # Valid log levels: panic, fatal, error, warn, info, debug, trace
@@ -282,7 +281,7 @@ data:
       # `base_domain` must be a FQDN, without the trailing dot.
       # The FQDN of the hosts will be
       # `hostname.base_domain` (e.g., _myhost.example.com_).
-      base_domain: foxhawk.vpn
+      base_domain: example.com
 
       # Whether to use the local DNS settings of a node or override the local DNS
       # settings (default) and force the use of Headscale's DNS configuration.

Headscale/deployment.yml

@@ -19,7 +19,7 @@ spec:
             - serve
           resources:
             limits:
-              memory: "128Mi"
+              memory: "512Mi"
               cpu: "500m"
           ports:
             - containerPort: 8080

Headscale/ingress.yml

@@ -2,9 +2,15 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: headscale
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
 spec:
+  tls:
+    - hosts:
+        - <headscale url>
+      secret-name: headscale-tls
   rules:
-    - host: headscale.foxhawk.co.uk
+    - host: <headscale url>
       http:
         paths:
           - pathType: Prefix