k3s-io · manuelbuil · Sep 28, 2023 · Sep 14, 2023
@@ -157,13 +157,13 @@ var (
 	}
 	VPNAuth = &cli.StringFlag{
 		Name:        "vpn-auth",
-		Usage:       "(agent/networking) (experimental) Credentials for the VPN provider. It must include the provider name and join key in the format name=<vpn-provider>,joinKey=<key>[,controlServerURL=<url>]",
+		Usage:       "(agent/networking) (experimental) Credentials for the VPN provider. It must include the provider name and join key in the format name=<vpn-provider>,joinKey=<key>[,controlServerURL=<url>][,extraArgs=<args>]",
 		EnvVar:      version.ProgramUpper + "_VPN_AUTH",
 		Destination: &AgentConfig.VPNAuth,
 	}
 	VPNAuthFile = &cli.StringFlag{
 		Name:        "vpn-auth-file",
-		Usage:       "(agent/networking) (experimental) File containing credentials for the VPN provider. It must include the provider name and join key in the format name=<vpn-provider>,joinKey=<key>[,controlServerURL=<url>]",
+		Usage:       "(agent/networking) (experimental) File containing credentials for the VPN provider. It must include the provider name and join key in the format name=<vpn-provider>,joinKey=<key>[,controlServerURL=<url>][,extraArgs=<args>]",
 		EnvVar:      version.ProgramUpper + "_VPN_AUTH_FILE",
 		Destination: &AgentConfig.VPNAuthFile,
 	}

@@ -35,6 +35,7 @@ type vpnCliAuthInfo struct {
 	Name             string
 	JoinKey          string
 	ControlServerURL string
+	ExtraCLIFlags    []string
 }
 
 // StartVPN starts the VPN interface. General function in case we want to add more vpn integrations
@@ -53,6 +54,10 @@ func StartVPN(vpnAuthConfigFile string) error {
 		if authInfo.ControlServerURL != "" {
 			args = append(args, "--login-server", authInfo.ControlServerURL)
 		}
+		if len(authInfo.ExtraCLIFlags) > 0 {
+			args = append(args, authInfo.ExtraCLIFlags...)
+		}
+		logrus.Debugf("Flags passed to tailscale up: %v", args)
 		output, err := util.ExecCommand("tailscale", args)
 		if err != nil {
 			return errors.Wrap(err, "tailscale up failed: "+output)
@@ -80,7 +85,12 @@ func GetVPNInfo(vpnAuth string) (VPNInfo, error) {
 // getVPNAuthInfo returns the required authInfo object
 func getVPNAuthInfo(vpnAuth string) (vpnCliAuthInfo, error) {
 	var authInfo vpnCliAuthInfo
-	vpnParameters := strings.Split(vpnAuth, ",")
+
+	// Separate extraArgs which will be passed directly to the vpn binary command
+	vpnCommand, extraArgs := processCLIArgs(vpnAuth)
+	authInfo.ExtraCLIFlags = extraArgs
+
+	vpnParameters := strings.Split(vpnCommand, ",")
 	for _, vpnKeyValues := range vpnParameters {
 		vpnKeyValue := strings.Split(vpnKeyValues, "=")
 		switch vpnKeyValue[0] {
@@ -139,3 +149,13 @@ func getTailscaleInfo() (VPNInfo, error) {
 
 	return VPNInfo{IPv4Address: net.ParseIP(ipv4Address), IPv6Address: net.ParseIP(ipv6Address), NodeID: "", ProviderName: "tailscale", VPNInterface: tailscaleIf}, nil
 }
+
+// processCLIArgs separates the extraArgs part from the command.
+// Note that tailscale flags of type list are comma separated and don't accept spaces, thus we can use strings.Fields to separate flags
+func processCLIArgs(command string) (string, []string) {
+	subCommands := strings.Split(command, ",extraArgs=")
+	if len(subCommands) > 1 {
+		return subCommands[0], strings.Fields(subCommands[1])
+	}
+	return subCommands[0], []string{}
+}