archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cm/k8s-operator,cmd/containerboot: fix STS config, more tests (#9155)

Browse Source 
Ensures that Statefulset reconciler config has only one of Cluster target IP or tailnet target IP.
Adds a test case for containerboot egress proxy mode.

Updates tailscale/tailscale#8184

Signed-off-by: irbekrm <irbekrm@gmail.com>
pull/9160/head
Irbe Krumina 1 year ago committed by GitHub
parent 29a35d4a5d
commit 17438a98c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File

26
cmd/containerboot/main_test.go
Unescape Escape View File

@ -312,7 +312,7 @@ func TestContainerBoot(t *testing.T) {
}, },
}, },
{ {
Name: "proxy", Name: "ingres proxy",
Env: map[string]string{ Env: map[string]string{
"TS_AUTHKEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_DEST_IP": "1.2.3.4", "TS_DEST_IP": "1.2.3.4",
@ -334,6 +334,30 @@ func TestContainerBoot(t *testing.T) {
}, },
}, },
}, },
{
Name: "egress proxy",
Env: map[string]string{
"TS_AUTHKEY": "tskey-key",
"TS_TAILNET_TARGET_IP": "100.99.99.99",
"TS_USERSPACE": "false",
},
Phases: []phase{
{
WantCmds: []string{
"/usr/bin/tailscaled --socket=/tmp/tailscaled.sock --state=mem: --statedir=/tmp",
"/usr/bin/tailscale --socket=/tmp/tailscaled.sock login --authkey=tskey-key",
},
},
{
Notify: runningNotify,
WantCmds: []string{
"/usr/bin/tailscale --socket=/tmp/tailscaled.sock set --accept-dns=false",
"/usr/bin/iptables -t nat -I PREROUTING 1 ! -i tailscale0 -j DNAT --to-destination 100.99.99.99",
"/usr/bin/iptables -t nat -I POSTROUTING 1 --destination 100.99.99.99 -j SNAT --to-source 100.64.0.1",
},
},
},
},
{ {
Name: "authkey_once", Name: "authkey_once",
Env: map[string]string{ Env: map[string]string{

8
cmd/k8s-operator/svc.go
Unescape Escape View File

@ -125,11 +125,15 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
sts := &tailscaleSTSConfig{ sts := &tailscaleSTSConfig{
ParentResourceName: svc.Name, ParentResourceName: svc.Name,
ParentResourceUID: string(svc.UID), ParentResourceUID: string(svc.UID),
ClusterTargetIP: svc.Spec.ClusterIP,
Hostname: hostname, Hostname: hostname,
Tags: tags, Tags: tags,
ChildResourceLabels: crl, ChildResourceLabels: crl,
TailnetTargetIP: svc.Annotations[AnnotationTailnetTargetIP], }
if a.shouldExpose(svc) {
sts.ClusterTargetIP = svc.Spec.ClusterIP
} else if a.hasTailnetTargetAnnotation(svc) {
sts.TailnetTargetIP = svc.Annotations[AnnotationTailnetTargetIP]
} }
var hsvc *corev1.Service var hsvc *corev1.Service

Write Preview
Loading…
Cancel
Save