cmd/k8s-operator: add initial support for k8s ingress #9048

maisem · 2023-08-23T20:35:31Z

Previously, the operator would only monitor Services and create
a Tailscale StatefulSet which acted as a L3 proxy which proxied
traffic inbound to the Tailscale IP onto the services ClusterIP.

This extends that functionality to also monitor Ingress resources
where the ingressClassName=tailscale and similarly creates a
Tailscale StatefulSet, acting as a L7 proxy instead.

Users can override the desired hostname by setting:

- tls
  hosts:
  - "foo"

Hostnames specified under rules are ignored as we only create a single
host. This is emitted as an event for users to see.

Depends on #9074

Updates #7895

cmd/k8s-operator/ingress.go

danderson · 2023-08-24T21:56:35Z

cmd/k8s-operator/manifests/proxy.yaml

@@ -2,7 +2,7 @@
 # at build time and then uses to construct Tailscale proxy pods.
 apiVersion: apps/v1
 kind: StatefulSet
-metadata:
+metadata: {}


? I guess a linter did this?

it seemed like it was missing, and i wasn't sure if yaml just allowed this or not. thought being explicit was nicer

cmd/k8s-operator/operator_test.go

Previously, the operator would only monitor Services and create a Tailscale StatefulSet which acted as a L3 proxy which proxied traffic inbound to the Tailscale IP onto the services ClusterIP. This extends that functionality to also monitor Ingress resources where the `ingressClassName=tailscale` and similarly creates a Tailscale StatefulSet, acting as a L7 proxy instead. Users can override the desired hostname by setting: ``` - tls hosts: - "foo" ``` Hostnames specified under `rules` are ignored as we only create a single host. This is emitted as an event for users to see. Fixes #7895 Signed-off-by: Maisem Ali <maisem@tailscale.com>

maisem requested a review from shayne August 23, 2023 20:35

maisem force-pushed the maisem/ig1 branch 2 times, most recently from b6f86e9 to 7598875 Compare August 24, 2023 21:25

maisem changed the base branch from main to maisem/ig-4 August 24, 2023 21:25

maisem requested a review from danderson August 24, 2023 21:26

maisem marked this pull request as ready for review August 24, 2023 21:26

danderson approved these changes Aug 24, 2023

View reviewed changes

maisem force-pushed the maisem/ig1 branch from 7598875 to d9c4506 Compare August 24, 2023 22:03

Base automatically changed from maisem/ig-4 to main August 24, 2023 22:57

maisem force-pushed the maisem/ig1 branch 2 times, most recently from 7c630e5 to e21298f Compare August 24, 2023 23:08

maisem force-pushed the maisem/ig1 branch from e21298f to d1b2543 Compare August 25, 2023 03:40

maisem merged commit c8dea67 into main Aug 25, 2023
37 checks passed

maisem deleted the maisem/ig1 branch August 25, 2023 04:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cmd/k8s-operator: add initial support for k8s ingress #9048

cmd/k8s-operator: add initial support for k8s ingress #9048

maisem commented Aug 23, 2023 •

edited

danderson Aug 24, 2023

maisem Aug 24, 2023

cmd/k8s-operator: add initial support for k8s ingress #9048

cmd/k8s-operator: add initial support for k8s ingress #9048

Conversation

maisem commented Aug 23, 2023 • edited

danderson Aug 24, 2023

Choose a reason for hiding this comment

maisem Aug 24, 2023

Choose a reason for hiding this comment

maisem commented Aug 23, 2023 •

edited