diff --git a/cmd/k8s-operator/connector_test.go b/cmd/k8s-operator/connector_test.go
index 01c60bc9e..a4ba90d3d 100644
--- a/cmd/k8s-operator/connector_test.go
+++ b/cmd/k8s-operator/connector_test.go
@@ -278,7 +278,7 @@ func TestConnectorWithProxyClass(t *testing.T) {
pc.Status = tsapi.ProxyClassStatus{
Conditions: []metav1.Condition{{
Status: metav1.ConditionTrue,
- Type: string(tsapi.ProxyClassready),
+ Type: string(tsapi.ProxyClassReady),
ObservedGeneration: pc.Generation,
}}}
})
diff --git a/cmd/k8s-operator/deploy/chart/values.yaml b/cmd/k8s-operator/deploy/chart/values.yaml
index de003f149..e6f4cada4 100644
--- a/cmd/k8s-operator/deploy/chart/values.yaml
+++ b/cmd/k8s-operator/deploy/chart/values.yaml
@@ -80,7 +80,7 @@ proxyConfig:
firewallMode: auto
# If defined, this proxy class will be used as the default proxy class for
# service and ingress resources that do not have a proxy class defined. It
- # does not apply to Connector and ProxyGroup resources.
+ # does not apply to Connector resources.
defaultProxyClass: ""
# apiServerProxyConfig allows to configure whether the operator should expose
diff --git a/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml b/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml
index 035d04786..66701bdf4 100644
--- a/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml
+++ b/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml
@@ -63,8 +63,9 @@ spec:
description: |-
ProxyClass is the name of the ProxyClass custom resource that contains
configuration options that should be applied to the resources created
- for this ProxyGroup. If unset, the operator will create resources with
- the default configuration.
+ for this ProxyGroup. If unset, and there is no default ProxyClass
+ configured, the operator will create resources with the default
+ configuration.
type: string
replicas:
description: |-
diff --git a/cmd/k8s-operator/deploy/manifests/operator.yaml b/cmd/k8s-operator/deploy/manifests/operator.yaml
index 14166fed9..1a812b736 100644
--- a/cmd/k8s-operator/deploy/manifests/operator.yaml
+++ b/cmd/k8s-operator/deploy/manifests/operator.yaml
@@ -2475,8 +2475,9 @@ spec:
description: |-
ProxyClass is the name of the ProxyClass custom resource that contains
configuration options that should be applied to the resources created
- for this ProxyGroup. If unset, the operator will create resources with
- the default configuration.
+ for this ProxyGroup. If unset, and there is no default ProxyClass
+ configured, the operator will create resources with the default
+ configuration.
type: string
replicas:
description: |-
diff --git a/cmd/k8s-operator/ingress.go b/cmd/k8s-operator/ingress.go
index 700cf4be8..acc90d465 100644
--- a/cmd/k8s-operator/ingress.go
+++ b/cmd/k8s-operator/ingress.go
@@ -48,7 +48,7 @@ type IngressReconciler struct {
// managing. This is only used for metrics.
managedIngresses set.Slice[types.UID]
- proxyDefaultClass string
+ defaultProxyClass string
}
var (
@@ -136,7 +136,7 @@ func (a *IngressReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
}
}
- proxyClass := proxyClassForObject(ing, a.proxyDefaultClass)
+ proxyClass := proxyClassForObject(ing, a.defaultProxyClass)
if proxyClass != "" {
if ready, err := proxyClassIsReady(ctx, proxyClass, a.Client); err != nil {
return fmt.Errorf("error verifying ProxyClass for Ingress: %w", err)
diff --git a/cmd/k8s-operator/ingress_test.go b/cmd/k8s-operator/ingress_test.go
index 8b18776b4..38a041dde 100644
--- a/cmd/k8s-operator/ingress_test.go
+++ b/cmd/k8s-operator/ingress_test.go
@@ -253,7 +253,7 @@ func TestTailscaleIngressWithProxyClass(t *testing.T) {
pc.Status = tsapi.ProxyClassStatus{
Conditions: []metav1.Condition{{
Status: metav1.ConditionTrue,
- Type: string(tsapi.ProxyClassready),
+ Type: string(tsapi.ProxyClassReady),
ObservedGeneration: pc.Generation,
}}}
})
diff --git a/cmd/k8s-operator/operator.go b/cmd/k8s-operator/operator.go
index 28895269d..ff29618df 100644
--- a/cmd/k8s-operator/operator.go
+++ b/cmd/k8s-operator/operator.go
@@ -109,7 +109,7 @@ func main() {
proxyActAsDefaultLoadBalancer: isDefaultLoadBalancer,
proxyTags: tags,
proxyFirewallMode: tsFirewallMode,
- proxyDefaultClass: defaultProxyClass,
+ defaultProxyClass: defaultProxyClass,
}
runReconcilers(rOpts)
}
@@ -286,7 +286,7 @@ func runReconcilers(opts reconcilerOpts) {
recorder: eventRecorder,
tsNamespace: opts.tailscaleNamespace,
clock: tstime.DefaultClock{},
- proxyDefaultClass: opts.proxyDefaultClass,
+ defaultProxyClass: opts.defaultProxyClass,
})
if err != nil {
startlog.Fatalf("could not create service reconciler: %v", err)
@@ -309,7 +309,7 @@ func runReconcilers(opts reconcilerOpts) {
recorder: eventRecorder,
Client: mgr.GetClient(),
logger: opts.log.Named("ingress-reconciler"),
- proxyDefaultClass: opts.proxyDefaultClass,
+ defaultProxyClass: opts.defaultProxyClass,
})
if err != nil {
startlog.Fatalf("could not create ingress reconciler: %v", err)
@@ -476,10 +476,11 @@ func runReconcilers(opts reconcilerOpts) {
clock: tstime.DefaultClock{},
tsClient: opts.tsClient,
- tsNamespace: opts.tailscaleNamespace,
- proxyImage: opts.proxyImage,
- defaultTags: strings.Split(opts.proxyTags, ","),
- tsFirewallMode: opts.proxyFirewallMode,
+ tsNamespace: opts.tailscaleNamespace,
+ proxyImage: opts.proxyImage,
+ defaultTags: strings.Split(opts.proxyTags, ","),
+ tsFirewallMode: opts.proxyFirewallMode,
+ defaultProxyClass: opts.defaultProxyClass,
})
if err != nil {
startlog.Fatalf("could not create ProxyGroup reconciler: %v", err)
@@ -525,10 +526,10 @@ type reconcilerOpts struct {
// Auto is usually the best choice, unless you want to explicitly set
// specific mode for debugging purposes.
proxyFirewallMode string
- // proxyDefaultClass is the name of the ProxyClass to use as the default
+ // defaultProxyClass is the name of the ProxyClass to use as the default
// class for proxies that do not have a ProxyClass set.
// this is defined by an operator env variable.
- proxyDefaultClass string
+ defaultProxyClass string
}
// enqueueAllIngressEgressProxySvcsinNS returns a reconcile request for each
diff --git a/cmd/k8s-operator/operator_test.go b/cmd/k8s-operator/operator_test.go
index 7ea8c09e1..21e1d4313 100644
--- a/cmd/k8s-operator/operator_test.go
+++ b/cmd/k8s-operator/operator_test.go
@@ -1064,7 +1064,7 @@ func TestProxyClassForService(t *testing.T) {
pc.Status = tsapi.ProxyClassStatus{
Conditions: []metav1.Condition{{
Status: metav1.ConditionTrue,
- Type: string(tsapi.ProxyClassready),
+ Type: string(tsapi.ProxyClassReady),
ObservedGeneration: pc.Generation,
}}}
})
diff --git a/cmd/k8s-operator/proxyclass.go b/cmd/k8s-operator/proxyclass.go
index b5d213746..882a9030f 100644
--- a/cmd/k8s-operator/proxyclass.go
+++ b/cmd/k8s-operator/proxyclass.go
@@ -98,9 +98,9 @@ func (pcr *ProxyClassReconciler) Reconcile(ctx context.Context, req reconcile.Re
if errs := pcr.validate(pc); errs != nil {
msg := fmt.Sprintf(messageProxyClassInvalid, errs.ToAggregate().Error())
pcr.recorder.Event(pc, corev1.EventTypeWarning, reasonProxyClassInvalid, msg)
- tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassready, metav1.ConditionFalse, reasonProxyClassInvalid, msg, pc.Generation, pcr.clock, logger)
+ tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassReady, metav1.ConditionFalse, reasonProxyClassInvalid, msg, pc.Generation, pcr.clock, logger)
} else {
- tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassready, metav1.ConditionTrue, reasonProxyClassValid, reasonProxyClassValid, pc.Generation, pcr.clock, logger)
+ tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassReady, metav1.ConditionTrue, reasonProxyClassValid, reasonProxyClassValid, pc.Generation, pcr.clock, logger)
}
if !apiequality.Semantic.DeepEqual(oldPCStatus, pc.Status) {
if err := pcr.Client.Status().Update(ctx, pc); err != nil {
diff --git a/cmd/k8s-operator/proxyclass_test.go b/cmd/k8s-operator/proxyclass_test.go
index c52fbb187..eb68811fc 100644
--- a/cmd/k8s-operator/proxyclass_test.go
+++ b/cmd/k8s-operator/proxyclass_test.go
@@ -69,7 +69,7 @@ func TestProxyClass(t *testing.T) {
// 1. A valid ProxyClass resource gets its status updated to Ready.
expectReconciled(t, pcr, "", "test")
pc.Status.Conditions = append(pc.Status.Conditions, metav1.Condition{
- Type: string(tsapi.ProxyClassready),
+ Type: string(tsapi.ProxyClassReady),
Status: metav1.ConditionTrue,
Reason: reasonProxyClassValid,
Message: reasonProxyClassValid,
@@ -85,7 +85,7 @@ func TestProxyClass(t *testing.T) {
})
expectReconciled(t, pcr, "", "test")
msg := `ProxyClass is not valid: .spec.statefulSet.labels: Invalid value: "?!someVal": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')`
- tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassready, metav1.ConditionFalse, reasonProxyClassInvalid, msg, 0, cl, zl.Sugar())
+ tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassReady, metav1.ConditionFalse, reasonProxyClassInvalid, msg, 0, cl, zl.Sugar())
expectEqual(t, fc, pc, nil)
expectedEvent := "Warning ProxyClassInvalid ProxyClass is not valid: .spec.statefulSet.labels: Invalid value: \"?!someVal\": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')"
expectEvents(t, fr, []string{expectedEvent})
@@ -99,7 +99,7 @@ func TestProxyClass(t *testing.T) {
})
expectReconciled(t, pcr, "", "test")
msg = `ProxyClass is not valid: spec.statefulSet.pod.tailscaleContainer.image: Invalid value: "FOO bar": invalid reference format: repository name (library/FOO bar) must be lowercase`
- tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassready, metav1.ConditionFalse, reasonProxyClassInvalid, msg, 0, cl, zl.Sugar())
+ tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassReady, metav1.ConditionFalse, reasonProxyClassInvalid, msg, 0, cl, zl.Sugar())
expectEqual(t, fc, pc, nil)
expectedEvent = `Warning ProxyClassInvalid ProxyClass is not valid: spec.statefulSet.pod.tailscaleContainer.image: Invalid value: "FOO bar": invalid reference format: repository name (library/FOO bar) must be lowercase`
expectEvents(t, fr, []string{expectedEvent})
@@ -118,7 +118,7 @@ func TestProxyClass(t *testing.T) {
})
expectReconciled(t, pcr, "", "test")
msg = `ProxyClass is not valid: spec.statefulSet.pod.tailscaleInitContainer.image: Invalid value: "FOO bar": invalid reference format: repository name (library/FOO bar) must be lowercase`
- tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassready, metav1.ConditionFalse, reasonProxyClassInvalid, msg, 0, cl, zl.Sugar())
+ tsoperator.SetProxyClassCondition(pc, tsapi.ProxyClassReady, metav1.ConditionFalse, reasonProxyClassInvalid, msg, 0, cl, zl.Sugar())
expectEqual(t, fc, pc, nil)
expectedEvent = `Warning ProxyClassInvalid ProxyClass is not valid: spec.statefulSet.pod.tailscaleInitContainer.image: Invalid value: "FOO bar": invalid reference format: repository name (library/FOO bar) must be lowercase`
expectEvents(t, fr, []string{expectedEvent})
diff --git a/cmd/k8s-operator/proxygroup.go b/cmd/k8s-operator/proxygroup.go
index 99f48f323..7ba59586b 100644
--- a/cmd/k8s-operator/proxygroup.go
+++ b/cmd/k8s-operator/proxygroup.go
@@ -58,10 +58,11 @@ type ProxyGroupReconciler struct {
tsClient tsClient
// User-specified defaults from the helm installation.
- tsNamespace string
- proxyImage string
- defaultTags []string
- tsFirewallMode string
+ tsNamespace string
+ proxyImage string
+ defaultTags []string
+ tsFirewallMode string
+ defaultProxyClass string
mu sync.Mutex // protects following
proxyGroups set.Slice[types.UID] // for proxygroups gauge
@@ -125,24 +126,42 @@ func (r *ProxyGroupReconciler) Reconcile(ctx context.Context, req reconcile.Requ
// operation is underway.
logger.Infof("ensuring ProxyGroup is set up")
pg.Finalizers = append(pg.Finalizers, FinalizerName)
- if err := r.Update(ctx, pg); err != nil {
- logger.Errorf("error adding finalizer: %w", err)
+ if err = r.Update(ctx, pg); err != nil {
+ err = fmt.Errorf("error adding finalizer: %w", err)
return setStatusReady(pg, metav1.ConditionFalse, reasonProxyGroupCreationFailed, reasonProxyGroupCreationFailed)
}
}
- if err := r.validate(pg); err != nil {
- logger.Errorf("error validating ProxyGroup spec: %w", err)
+ if err = r.validate(pg); err != nil {
message := fmt.Sprintf("ProxyGroup is invalid: %s", err)
r.recorder.Eventf(pg, corev1.EventTypeWarning, reasonProxyGroupInvalid, message)
return setStatusReady(pg, metav1.ConditionFalse, reasonProxyGroupInvalid, message)
}
- if err = r.maybeProvision(ctx, pg); err != nil {
- logger.Errorf("error provisioning ProxyGroup resources: %w", err)
- message := fmt.Sprintf("failed provisioning ProxyGroup: %s", err)
- r.recorder.Eventf(pg, corev1.EventTypeWarning, reasonProxyGroupCreationFailed, message)
- return setStatusReady(pg, metav1.ConditionFalse, reasonProxyGroupCreationFailed, message)
+ proxyClassName := r.defaultProxyClass
+ if pg.Spec.ProxyClass != "" {
+ proxyClassName = pg.Spec.ProxyClass
+ }
+
+ var proxyClass *tsapi.ProxyClass
+ if proxyClassName != "" {
+ proxyClass = new(tsapi.ProxyClass)
+ if err = r.Get(ctx, types.NamespacedName{Name: proxyClassName}, proxyClass); err != nil {
+ err = fmt.Errorf("error getting ProxyGroup's ProxyClass %s: %s", proxyClassName, err)
+ r.recorder.Eventf(pg, corev1.EventTypeWarning, reasonProxyGroupCreationFailed, err.Error())
+ return setStatusReady(pg, metav1.ConditionFalse, reasonProxyGroupCreationFailed, err.Error())
+ }
+ if !tsoperator.ProxyClassIsReady(proxyClass) {
+ message := fmt.Sprintf("the ProxyGroup's ProxyClass %s is not yet in a ready state, waiting...", proxyClassName)
+ logger.Info(message)
+ return setStatusReady(pg, metav1.ConditionFalse, reasonProxyGroupCreating, message)
+ }
+ }
+
+ if err = r.maybeProvision(ctx, pg, proxyClass); err != nil {
+ err = fmt.Errorf("error provisioning ProxyGroup resources: %w", err)
+ r.recorder.Eventf(pg, corev1.EventTypeWarning, reasonProxyGroupCreationFailed, err.Error())
+ return setStatusReady(pg, metav1.ConditionFalse, reasonProxyGroupCreationFailed, err.Error())
}
desiredReplicas := int(pgReplicas(pg))
@@ -162,25 +181,13 @@ func (r *ProxyGroupReconciler) Reconcile(ctx context.Context, req reconcile.Requ
return setStatusReady(pg, metav1.ConditionTrue, reasonProxyGroupReady, reasonProxyGroupReady)
}
-func (r *ProxyGroupReconciler) maybeProvision(ctx context.Context, pg *tsapi.ProxyGroup) error {
+func (r *ProxyGroupReconciler) maybeProvision(ctx context.Context, pg *tsapi.ProxyGroup, proxyClass *tsapi.ProxyClass) error {
logger := r.logger(pg.Name)
r.mu.Lock()
r.proxyGroups.Add(pg.UID)
gaugeProxyGroupResources.Set(int64(r.proxyGroups.Len()))
r.mu.Unlock()
- var proxyClass *tsapi.ProxyClass
- if pg.Spec.ProxyClass != "" {
- proxyClass = new(tsapi.ProxyClass)
- if err := r.Get(ctx, types.NamespacedName{Name: pg.Spec.ProxyClass}, proxyClass); err != nil {
- return fmt.Errorf("failed to get ProxyClass: %w", err)
- }
- if !tsoperator.ProxyClassIsReady(proxyClass) {
- logger.Infof("ProxyClass %s specified for the ProxyGroup, but it is not (yet) in a ready state, waiting...", pg.Spec.ProxyClass)
- return nil
- }
- }
-
cfgHash, err := r.ensureConfigSecretsCreated(ctx, pg, proxyClass)
if err != nil {
return fmt.Errorf("error provisioning config Secrets: %w", err)
diff --git a/cmd/k8s-operator/proxygroup_test.go b/cmd/k8s-operator/proxygroup_test.go
index 402d67949..b5a6a4d8d 100644
--- a/cmd/k8s-operator/proxygroup_test.go
+++ b/cmd/k8s-operator/proxygroup_test.go
@@ -10,6 +10,7 @@ import (
"encoding/json"
"fmt"
"testing"
+ "time"
"github.com/google/go-cmp/cmp"
"go.uber.org/zap"
@@ -29,7 +30,21 @@ import (
const testProxyImage = "tailscale/tailscale:test"
+var defaultProxyClassAnnotations = map[string]string{
+ "some-annotation": "from-the-proxy-class",
+}
+
func TestProxyGroup(t *testing.T) {
+ pc := &tsapi.ProxyClass{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "default-pc",
+ },
+ Spec: tsapi.ProxyClassSpec{
+ StatefulSet: &tsapi.StatefulSet{
+ Annotations: defaultProxyClassAnnotations,
+ },
+ },
+ }
pg := &tsapi.ProxyGroup{
ObjectMeta: metav1.ObjectMeta{
Name: "test",
@@ -39,26 +54,48 @@ func TestProxyGroup(t *testing.T) {
fc := fake.NewClientBuilder().
WithScheme(tsapi.GlobalScheme).
- WithObjects(pg).
- WithStatusSubresource(pg).
+ WithObjects(pg, pc).
+ WithStatusSubresource(pg, pc).
Build()
tsClient := &fakeTSClient{}
zl, _ := zap.NewDevelopment()
fr := record.NewFakeRecorder(1)
cl := tstest.NewClock(tstest.ClockOpts{})
reconciler := &ProxyGroupReconciler{
- tsNamespace: tsNamespace,
- proxyImage: testProxyImage,
- defaultTags: []string{"tag:test-tag"},
- tsFirewallMode: "auto",
- Client: fc,
- tsClient: tsClient,
- recorder: fr,
- l: zl.Sugar(),
- clock: cl,
+ tsNamespace: tsNamespace,
+ proxyImage: testProxyImage,
+ defaultTags: []string{"tag:test-tag"},
+ tsFirewallMode: "auto",
+ defaultProxyClass: "default-pc",
+
+ Client: fc,
+ tsClient: tsClient,
+ recorder: fr,
+ l: zl.Sugar(),
+ clock: cl,
}
+ t.Run("proxyclass_not_ready", func(t *testing.T) {
+ expectReconciled(t, reconciler, "", pg.Name)
+
+ tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "the ProxyGroup's ProxyClass default-pc is not yet in a ready state, waiting...", 0, cl, zl.Sugar())
+ expectEqual(t, fc, pg, nil)
+ })
+
t.Run("observe_ProxyGroupCreating_status_reason", func(t *testing.T) {
+ pc.Status = tsapi.ProxyClassStatus{
+ Conditions: []metav1.Condition{{
+ Type: string(tsapi.ProxyClassReady),
+ Status: metav1.ConditionTrue,
+ Reason: reasonProxyClassValid,
+ Message: reasonProxyClassValid,
+ LastTransitionTime: metav1.Time{Time: cl.Now().Truncate(time.Second)},
+ }},
+ }
+ if err := fc.Status().Update(context.Background(), pc); err != nil {
+ t.Fatal(err)
+ }
+
expectReconciled(t, reconciler, "", pg.Name)
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 0, cl, zl.Sugar())
@@ -161,6 +198,7 @@ func expectProxyGroupResources(t *testing.T, fc client.WithWatch, pg *tsapi.Prox
roleBinding := pgRoleBinding(pg, tsNamespace)
serviceAccount := pgServiceAccount(pg, tsNamespace)
statefulSet := pgStatefulSet(pg, tsNamespace, testProxyImage, "auto", "")
+ statefulSet.Annotations = defaultProxyClassAnnotations
if shouldExist {
expectEqual(t, fc, role, nil)
diff --git a/cmd/k8s-operator/svc.go b/cmd/k8s-operator/svc.go
index 22487ee26..f45f92246 100644
--- a/cmd/k8s-operator/svc.go
+++ b/cmd/k8s-operator/svc.go
@@ -64,7 +64,7 @@ type ServiceReconciler struct {
clock tstime.Clock
- proxyDefaultClass string
+ defaultProxyClass string
}
var (
@@ -215,7 +215,7 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
return nil
}
- proxyClass := proxyClassForObject(svc, a.proxyDefaultClass)
+ proxyClass := proxyClassForObject(svc, a.defaultProxyClass)
if proxyClass != "" {
if ready, err := proxyClassIsReady(ctx, proxyClass, a.Client); err != nil {
errMsg := fmt.Errorf("error verifying ProxyClass for Service: %w", err)
diff --git a/k8s-operator/api.md b/k8s-operator/api.md
index fd0a4e6ce..e8a6e248a 100644
--- a/k8s-operator/api.md
+++ b/k8s-operator/api.md
@@ -526,7 +526,7 @@ _Appears in:_
| `tags` _[Tags](#tags)_ | Tags that the Tailscale devices will be tagged with. Defaults to [tag:k8s].
If you specify custom tags here, make sure you also make the operator
an owner of these tags.
See https://tailscale.com/kb/1236/kubernetes-operator/#setting-up-the-kubernetes-operator.
Tags cannot be changed once a ProxyGroup device has been created.
Tag values must be in form ^tag:[a-zA-Z][a-zA-Z0-9-]*$. | | Pattern: `^tag:[a-zA-Z][a-zA-Z0-9-]*$`
Type: string
|
| `replicas` _integer_ | Replicas specifies how many replicas to create the StatefulSet with.
Defaults to 2. | | |
| `hostnamePrefix` _[HostnamePrefix](#hostnameprefix)_ | HostnamePrefix is the hostname prefix to use for tailnet devices created
by the ProxyGroup. Each device will have the integer number from its
StatefulSet pod appended to this prefix to form the full hostname.
HostnamePrefix can contain lower case letters, numbers and dashes, it
must not start with a dash and must be between 1 and 62 characters long. | | Pattern: `^[a-z0-9][a-z0-9-]{0,61}$`
Type: string
|
-| `proxyClass` _string_ | ProxyClass is the name of the ProxyClass custom resource that contains
configuration options that should be applied to the resources created
for this ProxyGroup. If unset, the operator will create resources with
the default configuration. | | |
+| `proxyClass` _string_ | ProxyClass is the name of the ProxyClass custom resource that contains
configuration options that should be applied to the resources created
for this ProxyGroup. If unset, and there is no default ProxyClass
configured, the operator will create resources with the default
configuration. | | |
#### ProxyGroupStatus
diff --git a/k8s-operator/apis/v1alpha1/types_connector.go b/k8s-operator/apis/v1alpha1/types_connector.go
index 175d62eea..07d05e1a5 100644
--- a/k8s-operator/apis/v1alpha1/types_connector.go
+++ b/k8s-operator/apis/v1alpha1/types_connector.go
@@ -171,7 +171,7 @@ type ConditionType string
const (
ConnectorReady ConditionType = `ConnectorReady`
- ProxyClassready ConditionType = `ProxyClassReady`
+ ProxyClassReady ConditionType = `ProxyClassReady`
ProxyGroupReady ConditionType = `ProxyGroupReady`
ProxyReady ConditionType = `TailscaleProxyReady` // a Tailscale-specific condition type for corev1.Service
RecorderReady ConditionType = `RecorderReady`
diff --git a/k8s-operator/apis/v1alpha1/types_proxygroup.go b/k8s-operator/apis/v1alpha1/types_proxygroup.go
index ef1e8c8c1..7e5515ba9 100644
--- a/k8s-operator/apis/v1alpha1/types_proxygroup.go
+++ b/k8s-operator/apis/v1alpha1/types_proxygroup.go
@@ -64,8 +64,9 @@ type ProxyGroupSpec struct {
// ProxyClass is the name of the ProxyClass custom resource that contains
// configuration options that should be applied to the resources created
- // for this ProxyGroup. If unset, the operator will create resources with
- // the default configuration.
+ // for this ProxyGroup. If unset, and there is no default ProxyClass
+ // configured, the operator will create resources with the default
+ // configuration.
// +optional
ProxyClass string `json:"proxyClass,omitempty"`
}
diff --git a/k8s-operator/conditions.go b/k8s-operator/conditions.go
index 702ed2bd3..ace0fb7e3 100644
--- a/k8s-operator/conditions.go
+++ b/k8s-operator/conditions.go
@@ -137,7 +137,7 @@ func updateCondition(conds []metav1.Condition, conditionType tsapi.ConditionType
func ProxyClassIsReady(pc *tsapi.ProxyClass) bool {
idx := xslices.IndexFunc(pc.Status.Conditions, func(cond metav1.Condition) bool {
- return cond.Type == string(tsapi.ProxyClassready)
+ return cond.Type == string(tsapi.ProxyClassReady)
})
if idx == -1 {
return false