apiVersion: apps/v1
kind: Deployment
metadata:
  name: protonmail-bridge-tailscale
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
    spec:
      containers:
        - image: shenxn/protonmail-bridge:{{ .Values.containers.protonmail-bridge.tag }}
          name: protonmail-bridge
          volumeMounts:
            - mountPath: /root
              name: protonmail
            - mountPath: /certs
              name: certificates
        - image: tailscale/tailscale:{{ .Values.containers.tailscale.tag }}
          name: ts-protonmail-bridge
          env:
            - name: TS_HOSTNAME
              value: {{ .Values.containers.tailscale.hostname }}
            - name: TS_STATE_DIR
              value: /var/lib/tailscale
            - name: TS_AUTHKEY
              valueFrom:
                secretKeyRef:
                  name: tailscale-auth
                  key: TS_AUTHKEY
            - name: TS_EXTRA_ARGS
              valueFrom:
                secretKeyRef:
                  name: tailscale-auth
                  key: TS_EXTRA_ARGS
            - name: TS_USERSPACE
              value: false
          securityContext:
            capabilities:
              add: ["NET_ADMIN", "SYS_MODULE"]
          volumeMounts:
            - mountPath: /certs
              name: certificates
            - mountPath: /var/lib/tailscale
              name: tailscale-state
      restartPolicy: Always
      volumes:
        - name: protonmail
          persistentVolumeClaim:
            claimName: protonmail-bridge-pvc
        - name: certificates
          persistentVolumeClaim:
            claimName: certificates-pvc
        - name: tailscale-state
          persistentVolumeClaim:
            claimName: tailscale-state-pvc