fix: Increase permissions and resolve mirror cache issues (#1961)

Co-authored-by: 0x7fffff92 <0x7fffff92@example.com>
2026-05-23 08:48:25 +00:00 · 2025-10-21 23:59:36 +08:00 · 2025-10-21 23:59:36 +08:00 · fd08ef8816
commit fd08ef8816
parent a176a5dc7a
1 changed files with 24 additions and 1 deletions
--- a/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
+++ b/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
@ -71,6 +71,29 @@ roleRef:
  name: admin
  apiGroup: rbac.authorization.k8s.io

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:sysenv-reader
+rules:
+- apiGroups: ["sys.bytetrade.io"]
+  resources: ["systemenvs"]
+  verbs: ["get","list","watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:sysenv-reader
+subjects:
+- kind: ServiceAccount
+  name: tailscale
+  namespace: user-space-{{ .Values.bfl.username }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:sysenv-reader
+  apiGroup: rbac.authorization.k8s.io

 ---
 apiVersion: apps/v1
@ -128,7 +151,7 @@ spec:
        - |
          chown -R 1000:1000 /headscale 
      - name: init
-        image: beclab/headscale-init:v0.1.12
+        image: beclab/headscale-init:v0.1.13
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true