Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/k8s-operator: add initial support for k8s ingress #9048

Merged
merged 1 commit into from
Aug 25, 2023
Merged

cmd/k8s-operator: add initial support for k8s ingress #9048

merged 1 commit into from
Aug 25, 2023

Conversation

maisem
Copy link
Contributor

@maisem maisem commented Aug 23, 2023
edited
Loading

Previously, the operator would only monitor Services and create
a Tailscale StatefulSet which acted as a L3 proxy which proxied
traffic inbound to the Tailscale IP onto the services ClusterIP.

This extends that functionality to also monitor Ingress resources
where the ingressClassName=tailscale and similarly creates a
Tailscale StatefulSet, acting as a L7 proxy instead.

Users can override the desired hostname by setting:

- tls
  hosts:
  - "foo"

Hostnames specified under rules are ignored as we only create a single
host. This is emitted as an event for users to see.

Depends on #9074

Updates #7895

@maisem maisem requested a review from shayne August 23, 2023 20:35
@maisem maisem force-pushed the maisem/ig1 branch 2 times, most recently from b6f86e9 to 7598875 Compare August 24, 2023 21:25
@maisem maisem changed the base branch from main to maisem/ig-4 August 24, 2023 21:25
@maisem maisem requested a review from danderson August 24, 2023 21:26
@maisem maisem marked this pull request as ready for review August 24, 2023 21:26
danderson
danderson approved these changes Aug 24, 2023
View reviewed changes
cmd/k8s-operator/manifests/proxy.yaml
@@ -2,7 +2,7 @@
# at build time and then uses to construct Tailscale proxy pods.
apiVersion: apps/v1
kind: StatefulSet
metadata:
metadata: {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

? I guess a linter did this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seemed like it was missing, and i wasn't sure if yaml just allowed this or not. thought being explicit was nicer

Base automatically changed from maisem/ig-4 to main August 24, 2023 22:57
@maisem maisem force-pushed the maisem/ig1 branch 2 times, most recently from 7c630e5 to e21298f Compare August 24, 2023 23:08
cmd/k8s-operator: add support for Ingress resources
d1b2543 
Previously, the operator would only monitor Services and create
a Tailscale StatefulSet which acted as a L3 proxy which proxied
traffic inbound to the Tailscale IP onto the services ClusterIP.

This extends that functionality to also monitor Ingress resources
where the `ingressClassName=tailscale` and similarly creates a
Tailscale StatefulSet, acting as a L7 proxy instead.

Users can override the desired hostname by setting:

```
- tls
  hosts:
  - "foo"
```

Hostnames specified under `rules` are ignored as we only create a single
host. This is emitted as an event for users to see.

Fixes #7895

Signed-off-by: Maisem Ali <maisem@tailscale.com>
@maisem maisem merged commit c8dea67 into main Aug 25, 2023
@maisem maisem deleted the maisem/ig1 branch August 25, 2023 04:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danderson danderson danderson approved these changes

@shayne shayne Awaiting requested review from shayne

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maisem @danderson