archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cmd/k8s-operator: rename VIPService -> Tailscale Service in L3 HA Service Reconciler (#16014)

Browse Source 
Also changes wording tests for L7 HA Reconciler

Updates #15895

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
pull/16016/head
Tom Meadows 7 months ago committed by GitHub
parent 7fe27496c8
commit b5770c81c9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 137 additions and 137 deletions
Show Stats Download Patch File Download Diff File

72
cmd/k8s-operator/ingress-for-pg_test.go
Unescape Escape View File

@ -68,7 +68,7 @@ func TestIngressPGReconciler(t *testing.T) {
populateTLSSecret(context.Background(), fc, "test-pg", "my-svc.ts.net") populateTLSSecret(context.Background(), fc, "test-pg", "my-svc.ts.net")
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
verifyServeConfig(t, fc, "svc:my-svc", false) verifyServeConfig(t, fc, "svc:my-svc", false)
verifyVIPService(t, ft, "svc:my-svc", []string{"443"}) verifyTailscaleService(t, ft, "svc:my-svc", []string{"443"})
verifyTailscaledConfig(t, fc, []string{"svc:my-svc"}) verifyTailscaledConfig(t, fc, []string{"svc:my-svc"})
// Verify that Role and RoleBinding have been created for the first Ingress. // Verify that Role and RoleBinding have been created for the first Ingress.
@ -81,20 +81,20 @@ func TestIngressPGReconciler(t *testing.T) {
}) })
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
// Verify VIPService uses custom tags // Verify Tailscale Service uses custom tags
vipSvc, err := ft.GetVIPService(context.Background(), "svc:my-svc") tsSvc, err := ft.GetVIPService(context.Background(), "svc:my-svc")
if err != nil { if err != nil {
t.Fatalf("getting VIPService: %v", err) t.Fatalf("getting Tailscale Service: %v", err)
} }
if vipSvc == nil { if tsSvc == nil {
t.Fatal("VIPService not created") t.Fatal("Tailscale Service not created")
} }
wantTags := []string{"tag:custom", "tag:test"} // custom tags only wantTags := []string{"tag:custom", "tag:test"} // custom tags only
gotTags := slices.Clone(vipSvc.Tags) gotTags := slices.Clone(tsSvc.Tags)
slices.Sort(gotTags) slices.Sort(gotTags)
slices.Sort(wantTags) slices.Sort(wantTags)
if !slices.Equal(gotTags, wantTags) { if !slices.Equal(gotTags, wantTags) {
t.Errorf("incorrect VIPService tags: got %v, want %v", gotTags, wantTags) t.Errorf("incorrect Tailscale Service tags: got %v, want %v", gotTags, wantTags)
} }
// Create second Ingress // Create second Ingress
@ -130,7 +130,7 @@ func TestIngressPGReconciler(t *testing.T) {
populateTLSSecret(context.Background(), fc, "test-pg", "my-other-svc.ts.net") populateTLSSecret(context.Background(), fc, "test-pg", "my-other-svc.ts.net")
expectReconciled(t, ingPGR, "default", "my-other-ingress") expectReconciled(t, ingPGR, "default", "my-other-ingress")
verifyServeConfig(t, fc, "svc:my-other-svc", false) verifyServeConfig(t, fc, "svc:my-other-svc", false)
verifyVIPService(t, ft, "svc:my-other-svc", []string{"443"}) verifyTailscaleService(t, ft, "svc:my-other-svc", []string{"443"})
// Verify that Role and RoleBinding have been created for the first Ingress. // Verify that Role and RoleBinding have been created for the first Ingress.
// Do not verify the cert Secret as that was already verified implicitly above. // Do not verify the cert Secret as that was already verified implicitly above.
@ -139,7 +139,7 @@ func TestIngressPGReconciler(t *testing.T) {
// Verify first Ingress is still working // Verify first Ingress is still working
verifyServeConfig(t, fc, "svc:my-svc", false) verifyServeConfig(t, fc, "svc:my-svc", false)
verifyVIPService(t, ft, "svc:my-svc", []string{"443"}) verifyTailscaleService(t, ft, "svc:my-svc", []string{"443"})
verifyTailscaledConfig(t, fc, []string{"svc:my-svc", "svc:my-other-svc"}) verifyTailscaledConfig(t, fc, []string{"svc:my-svc", "svc:my-other-svc"})
@ -244,10 +244,10 @@ func TestIngressPGReconciler_UpdateIngressHostname(t *testing.T) {
populateTLSSecret(context.Background(), fc, "test-pg", "my-svc.ts.net") populateTLSSecret(context.Background(), fc, "test-pg", "my-svc.ts.net")
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
verifyServeConfig(t, fc, "svc:my-svc", false) verifyServeConfig(t, fc, "svc:my-svc", false)
verifyVIPService(t, ft, "svc:my-svc", []string{"443"}) verifyTailscaleService(t, ft, "svc:my-svc", []string{"443"})
verifyTailscaledConfig(t, fc, []string{"svc:my-svc"}) verifyTailscaledConfig(t, fc, []string{"svc:my-svc"})
// Update the Ingress hostname and make sure the original VIPService is deleted. // Update the Ingress hostname and make sure the original Tailscale Service is deleted.
mustUpdate(t, fc, "default", "test-ingress", func(ing *networkingv1.Ingress) { mustUpdate(t, fc, "default", "test-ingress", func(ing *networkingv1.Ingress) {
ing.Spec.TLS[0].Hosts[0] = "updated-svc" ing.Spec.TLS[0].Hosts[0] = "updated-svc"
}) })
@ -255,7 +255,7 @@ func TestIngressPGReconciler_UpdateIngressHostname(t *testing.T) {
populateTLSSecret(context.Background(), fc, "test-pg", "updated-svc.ts.net") populateTLSSecret(context.Background(), fc, "test-pg", "updated-svc.ts.net")
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
verifyServeConfig(t, fc, "svc:updated-svc", false) verifyServeConfig(t, fc, "svc:updated-svc", false)
verifyVIPService(t, ft, "svc:updated-svc", []string{"443"}) verifyTailscaleService(t, ft, "svc:updated-svc", []string{"443"})
verifyTailscaledConfig(t, fc, []string{"svc:updated-svc"}) verifyTailscaledConfig(t, fc, []string{"svc:updated-svc"})
_, err := ft.GetVIPService(context.Background(), tailcfg.ServiceName("svc:my-svc")) _, err := ft.GetVIPService(context.Background(), tailcfg.ServiceName("svc:my-svc"))
@ -475,7 +475,7 @@ func TestIngressPGReconciler_HTTPEndpoint(t *testing.T) {
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
populateTLSSecret(context.Background(), fc, "test-pg", "my-svc.ts.net") populateTLSSecret(context.Background(), fc, "test-pg", "my-svc.ts.net")
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
verifyVIPService(t, ft, "svc:my-svc", []string{"80", "443"}) verifyTailscaleService(t, ft, "svc:my-svc", []string{"80", "443"})
verifyServeConfig(t, fc, "svc:my-svc", true) verifyServeConfig(t, fc, "svc:my-svc", true)
// Verify Ingress status // Verify Ingress status
@ -487,13 +487,13 @@ func TestIngressPGReconciler_HTTPEndpoint(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
// Status will be empty until the VIPService shows up in prefs. // Status will be empty until the Tailscale Service shows up in prefs.
if !reflect.DeepEqual(ing.Status.LoadBalancer.Ingress, []networkingv1.IngressLoadBalancerIngress(nil)) { if !reflect.DeepEqual(ing.Status.LoadBalancer.Ingress, []networkingv1.IngressLoadBalancerIngress(nil)) {
t.Errorf("incorrect Ingress status: got %v, want empty", t.Errorf("incorrect Ingress status: got %v, want empty",
ing.Status.LoadBalancer.Ingress) ing.Status.LoadBalancer.Ingress)
} }
// Add the VIPService to prefs to have the Ingress recognised as ready. // Add the Tailscale Service to prefs to have the Ingress recognised as ready.
mustCreate(t, fc, &corev1.Secret{ mustCreate(t, fc, &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "test-pg-0", Name: "test-pg-0",
@ -528,7 +528,7 @@ func TestIngressPGReconciler_HTTPEndpoint(t *testing.T) {
// Verify reconciliation after removing HTTP // Verify reconciliation after removing HTTP
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
verifyVIPService(t, ft, "svc:my-svc", []string{"443"}) verifyTailscaleService(t, ft, "svc:my-svc", []string{"443"})
verifyServeConfig(t, fc, "svc:my-svc", false) verifyServeConfig(t, fc, "svc:my-svc", false)
// Verify Ingress status // Verify Ingress status
@ -549,20 +549,20 @@ func TestIngressPGReconciler_HTTPEndpoint(t *testing.T) {
} }
} }
func verifyVIPService(t *testing.T, ft *fakeTSClient, serviceName string, wantPorts []string) { func verifyTailscaleService(t *testing.T, ft *fakeTSClient, serviceName string, wantPorts []string) {
t.Helper() t.Helper()
vipSvc, err := ft.GetVIPService(context.Background(), tailcfg.ServiceName(serviceName)) tsSvc, err := ft.GetVIPService(context.Background(), tailcfg.ServiceName(serviceName))
if err != nil { if err != nil {
t.Fatalf("getting VIPService %q: %v", serviceName, err) t.Fatalf("getting Tailscale Service %q: %v", serviceName, err)
} }
if vipSvc == nil { if tsSvc == nil {
t.Fatalf("VIPService %q not created", serviceName) t.Fatalf("Tailscale Service %q not created", serviceName)
} }
gotPorts := slices.Clone(vipSvc.Ports) gotPorts := slices.Clone(tsSvc.Ports)
slices.Sort(gotPorts) slices.Sort(gotPorts)
slices.Sort(wantPorts) slices.Sort(wantPorts)
if !slices.Equal(gotPorts, wantPorts) { if !slices.Equal(gotPorts, wantPorts) {
t.Errorf("incorrect ports for VIPService %q: got %v, want %v", serviceName, gotPorts, wantPorts) t.Errorf("incorrect ports for Tailscale Service %q: got %v, want %v", serviceName, gotPorts, wantPorts)
} }
} }
@ -750,7 +750,7 @@ func TestIngressPGReconciler_MultiCluster(t *testing.T) {
} }
mustCreate(t, fc, ing) mustCreate(t, fc, ing)
// Simulate existing VIPService from another cluster // Simulate existing Tailscale Service from another cluster
existingVIPSvc := &tailscale.VIPService{ existingVIPSvc := &tailscale.VIPService{
Name: "svc:my-svc", Name: "svc:my-svc",
Annotations: map[string]string{ Annotations: map[string]string{
@ -764,15 +764,15 @@ func TestIngressPGReconciler_MultiCluster(t *testing.T) {
// Verify reconciliation adds our operator reference // Verify reconciliation adds our operator reference
expectReconciled(t, ingPGR, "default", "test-ingress") expectReconciled(t, ingPGR, "default", "test-ingress")
vipSvc, err := ft.GetVIPService(context.Background(), "svc:my-svc") tsSvc, err := ft.GetVIPService(context.Background(), "svc:my-svc")
if err != nil { if err != nil {
t.Fatalf("getting VIPService: %v", err) t.Fatalf("getting Tailscale Service: %v", err)
} }
if vipSvc == nil { if tsSvc == nil {
t.Fatal("VIPService not found") t.Fatal("Tailscale Service not found")
} }
o, err := parseOwnerAnnotation(vipSvc) o, err := parseOwnerAnnotation(tsSvc)
if err != nil { if err != nil {
t.Fatalf("parsing owner annotation: %v", err) t.Fatalf("parsing owner annotation: %v", err)
} }
@ -785,21 +785,21 @@ func TestIngressPGReconciler_MultiCluster(t *testing.T) {
t.Errorf("incorrect owner refs\ngot: %+v\nwant: %+v", o.OwnerRefs, wantOwnerRefs) t.Errorf("incorrect owner refs\ngot: %+v\nwant: %+v", o.OwnerRefs, wantOwnerRefs)
} }
// Delete the Ingress and verify VIPService still exists with one owner ref // Delete the Ingress and verify Tailscale Service still exists with one owner ref
if err := fc.Delete(context.Background(), ing); err != nil { if err := fc.Delete(context.Background(), ing); err != nil {
t.Fatalf("deleting Ingress: %v", err) t.Fatalf("deleting Ingress: %v", err)
} }
expectRequeue(t, ingPGR, "default", "test-ingress") expectRequeue(t, ingPGR, "default", "test-ingress")
vipSvc, err = ft.GetVIPService(context.Background(), "svc:my-svc") tsSvc, err = ft.GetVIPService(context.Background(), "svc:my-svc")
if err != nil { if err != nil {
t.Fatalf("getting VIPService after deletion: %v", err) t.Fatalf("getting Tailscale Service after deletion: %v", err)
} }
if vipSvc == nil { if tsSvc == nil {
t.Fatal("VIPService was incorrectly deleted") t.Fatal("Tailscale Service was incorrectly deleted")
} }
o, err = parseOwnerAnnotation(vipSvc) o, err = parseOwnerAnnotation(tsSvc)
if err != nil { if err != nil {
t.Fatalf("parsing owner annotation: %v", err) t.Fatalf("parsing owner annotation: %v", err)
} }

178
cmd/k8s-operator/svc-for-pg.go
Unescape Escape View File

@ -77,12 +77,12 @@ type HAServiceReconciler struct {
// Reconcile reconciles Services that should be exposed over Tailscale in HA // Reconcile reconciles Services that should be exposed over Tailscale in HA
// mode (on a ProxyGroup). It looks at all Services with // mode (on a ProxyGroup). It looks at all Services with
// tailscale.com/proxy-group annotation. For each such Service, it ensures that // tailscale.com/proxy-group annotation. For each such Service, it ensures that
// a VIPService named after the hostname of the Service exists and is up to // a Tailscale Service named after the hostname of the Service exists and is up to
// date. // date.
// HA Servicees support multi-cluster Service setup. // HA Servicees support multi-cluster Service setup.
// Each VIPService contains a list of owner references that uniquely identify // Each Tailscale Service contains a list of owner references that uniquely identify
// the operator. When an Service that acts as a // the operator. When an Service that acts as a
// backend is being deleted, the corresponding VIPService is only deleted if the // backend is being deleted, the corresponding Tailscale Service is only deleted if the
// only owner reference that it contains is for this operator. If other owner // only owner reference that it contains is for this operator. If other owner
// references are found, then cleanup operation only removes this operator's owner // references are found, then cleanup operation only removes this operator's owner
// reference. // reference.
@ -110,9 +110,9 @@ func (r *HAServiceReconciler) Reconcile(ctx context.Context, req reconcile.Reque
return res, err return res, err
} }
// needsRequeue is set to true if the underlying VIPService has changed as a result of this reconcile. If that // needsRequeue is set to true if the underlying Tailscale Service has changed as a result of this reconcile. If that
// is the case, we reconcile the Ingress one more time to ensure that concurrent updates to the VIPService in a // is the case, we reconcile the Ingress one more time to ensure that concurrent updates to the Tailscale Service in a
// multi-cluster Ingress setup have not resulted in another actor overwriting our VIPService update. // multi-cluster Ingress setup have not resulted in another actor overwriting our Tailscale Service update.
needsRequeue := false needsRequeue := false
needsRequeue, err = r.maybeProvision(ctx, hostname, svc, logger) needsRequeue, err = r.maybeProvision(ctx, hostname, svc, logger)
if err != nil { if err != nil {
@ -129,14 +129,14 @@ func (r *HAServiceReconciler) Reconcile(ctx context.Context, req reconcile.Reque
return reconcile.Result{}, nil return reconcile.Result{}, nil
} }
// maybeProvision ensures that a VIPService for this Ingress exists and is up to date and that the serve config for the // maybeProvision ensures that a Tailscale Service for this Ingress exists and is up to date and that the serve config for the
// corresponding ProxyGroup contains the Ingress backend's definition. // corresponding ProxyGroup contains the Ingress backend's definition.
// If a VIPService does not exist, it will be created. // If a Tailscale Service does not exist, it will be created.
// If a VIPService exists, but only with owner references from other operator instances, an owner reference for this // If a Tailscale Service exists, but only with owner references from other operator instances, an owner reference for this
// operator instance is added. // operator instance is added.
// If a VIPService exists, but does not have an owner reference from any operator, we error // If a Tailscale Service exists, but does not have an owner reference from any operator, we error
// out assuming that this is an owner reference created by an unknown actor. // out assuming that this is an owner reference created by an unknown actor.
// Returns true if the operation resulted in a VIPService update. // Returns true if the operation resulted in a Tailscale Service update.
func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname string, svc *corev1.Service, logger *zap.SugaredLogger) (svcsChanged bool, err error) { func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname string, svc *corev1.Service, logger *zap.SugaredLogger) (svcsChanged bool, err error) {
oldSvcStatus := svc.Status.DeepCopy() oldSvcStatus := svc.Status.DeepCopy()
defer func() { defer func() {
@ -148,7 +148,7 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
pgName := svc.Annotations[AnnotationProxyGroup] pgName := svc.Annotations[AnnotationProxyGroup]
if pgName == "" { if pgName == "" {
logger.Infof("[unexpected] no ProxyGroup annotation, skipping VIPService provisioning") logger.Infof("[unexpected] no ProxyGroup annotation, skipping Tailscale Service provisioning")
return false, nil return false, nil
} }
@ -194,23 +194,23 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
r.mu.Unlock() r.mu.Unlock()
} }
// 1. Ensure that if Service's hostname/name has changed, any VIPService // 1. Ensure that if Service's hostname/name has changed, any Tailscale Service
// resources corresponding to the old hostname are cleaned up. // resources corresponding to the old hostname are cleaned up.
// In practice, this function will ensure that any VIPServices that are // In practice, this function will ensure that any Tailscale Services that are
// associated with the provided ProxyGroup and no longer owned by a // associated with the provided ProxyGroup and no longer owned by a
// Service are cleaned up. This is fine- it is not expensive and ensures // Service are cleaned up. This is fine- it is not expensive and ensures
// that in edge cases (a single update changed both hostname and removed // that in edge cases (a single update changed both hostname and removed
// ProxyGroup annotation) the VIPService is more likely to be // ProxyGroup annotation) the Tailscale Service is more likely to be
// (eventually) removed. // (eventually) removed.
svcsChanged, err = r.maybeCleanupProxyGroup(ctx, pgName, logger) svcsChanged, err = r.maybeCleanupProxyGroup(ctx, pgName, logger)
if err != nil { if err != nil {
return false, fmt.Errorf("failed to cleanup VIPService resources for ProxyGroup: %w", err) return false, fmt.Errorf("failed to cleanup Tailscale Service resources for ProxyGroup: %w", err)
} }
// 2. Ensure that there isn't a VIPService with the same hostname // 2. Ensure that there isn't a Tailscale Service with the same hostname
// already created and not owned by this Service. // already created and not owned by this Service.
serviceName := tailcfg.ServiceName("svc:" + hostname) serviceName := tailcfg.ServiceName("svc:" + hostname)
existingVIPSvc, err := r.tsClient.GetVIPService(ctx, serviceName) existingTSSvc, err := r.tsClient.GetVIPService(ctx, serviceName)
if isErrorFeatureFlagNotEnabled(err) { if isErrorFeatureFlagNotEnabled(err) {
logger.Warn(msgFeatureFlagNotEnabled) logger.Warn(msgFeatureFlagNotEnabled)
r.recorder.Event(svc, corev1.EventTypeWarning, warningTailscaleServiceFeatureFlagNotEnabled, msgFeatureFlagNotEnabled) r.recorder.Event(svc, corev1.EventTypeWarning, warningTailscaleServiceFeatureFlagNotEnabled, msgFeatureFlagNotEnabled)
@ -220,16 +220,16 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
return false, fmt.Errorf("error getting Tailscale Service %q: %w", hostname, err) return false, fmt.Errorf("error getting Tailscale Service %q: %w", hostname, err)
} }
// 3. Generate the VIPService owner annotation for new or existing Tailscale Service. // 3. Generate the Tailscale Service owner annotation for new or existing Tailscale Service.
// This checks and ensures that VIPService's owner references are updated // This checks and ensures that Tailscale Service's owner references are updated
// for this Service and errors if that is not possible (i.e. because it // for this Service and errors if that is not possible (i.e. because it
// appears that the VIPService has been created by a non-operator actor). // appears that the Tailscale Service has been created by a non-operator actor).
updatedAnnotations, err := r.ownerAnnotations(existingVIPSvc) updatedAnnotations, err := r.ownerAnnotations(existingTSSvc)
if err != nil { if err != nil {
instr := fmt.Sprintf("To proceed, you can either manually delete the existing Tailscale Service or choose a different hostname with the '%s' annotaion", AnnotationHostname) instr := fmt.Sprintf("To proceed, you can either manually delete the existing Tailscale Service or choose a different hostname with the '%s' annotaion", AnnotationHostname)
msg := fmt.Sprintf("error ensuring ownership of VIPService %s: %v. %s", hostname, err, instr) msg := fmt.Sprintf("error ensuring ownership of Tailscale Service %s: %v. %s", hostname, err, instr)
logger.Warn(msg) logger.Warn(msg)
r.recorder.Event(svc, corev1.EventTypeWarning, "InvalidVIPService", msg) r.recorder.Event(svc, corev1.EventTypeWarning, "InvalidTailscaleService", msg)
tsoperator.SetServiceCondition(svc, tsapi.IngressSvcValid, metav1.ConditionFalse, reasonIngressSvcInvalid, msg, r.clock, logger) tsoperator.SetServiceCondition(svc, tsapi.IngressSvcValid, metav1.ConditionFalse, reasonIngressSvcInvalid, msg, r.clock, logger)
return false, nil return false, nil
} }
@ -239,28 +239,28 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
tags = strings.Split(tstr, ",") tags = strings.Split(tstr, ",")
} }
vipSvc := &tailscale.VIPService{ tsSvc := &tailscale.VIPService{
Name: serviceName, Name: serviceName,
Tags: tags, Tags: tags,
Ports: []string{"do-not-validate"}, // we don't want to validate ports Ports: []string{"do-not-validate"}, // we don't want to validate ports
Comment: managedTSServiceComment, Comment: managedTSServiceComment,
Annotations: updatedAnnotations, Annotations: updatedAnnotations,
} }
if existingVIPSvc != nil { if existingTSSvc != nil {
vipSvc.Addrs = existingVIPSvc.Addrs tsSvc.Addrs = existingTSSvc.Addrs
} }
// TODO(irbekrm): right now if two Service resources attempt to apply different VIPService configs (different // TODO(irbekrm): right now if two Service resources attempt to apply different Tailscale Service configs (different
// tags) we can end up reconciling those in a loop. We should detect when a Service // tags) we can end up reconciling those in a loop. We should detect when a Service
// with the same generation number has been reconciled ~more than N times and stop attempting to apply updates. // with the same generation number has been reconciled ~more than N times and stop attempting to apply updates.
if existingVIPSvc == nil || if existingTSSvc == nil ||
!reflect.DeepEqual(vipSvc.Tags, existingVIPSvc.Tags) || !reflect.DeepEqual(tsSvc.Tags, existingTSSvc.Tags) ||
!ownersAreSetAndEqual(vipSvc, existingVIPSvc) { !ownersAreSetAndEqual(tsSvc, existingTSSvc) {
logger.Infof("Ensuring VIPService exists and is up to date") logger.Infof("Ensuring Tailscale Service exists and is up to date")
if err := r.tsClient.CreateOrUpdateVIPService(ctx, vipSvc); err != nil { if err := r.tsClient.CreateOrUpdateVIPService(ctx, tsSvc); err != nil {
return false, fmt.Errorf("error creating VIPService: %w", err) return false, fmt.Errorf("error creating Tailscale Service: %w", err)
} }
existingVIPSvc = vipSvc existingTSSvc = tsSvc
} }
cm, cfgs, err := ingressSvcsConfigs(ctx, r.Client, pgName, r.tsNamespace) cm, cfgs, err := ingressSvcsConfigs(ctx, r.Client, pgName, r.tsNamespace)
@ -272,29 +272,29 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
return false, nil return false, nil
} }
if existingVIPSvc.Addrs == nil { if existingTSSvc.Addrs == nil {
existingVIPSvc, err = r.tsClient.GetVIPService(ctx, vipSvc.Name) existingTSSvc, err = r.tsClient.GetVIPService(ctx, tsSvc.Name)
if err != nil { if err != nil {
return false, fmt.Errorf("error getting VIPService: %w", err) return false, fmt.Errorf("error getting Tailscale Service: %w", err)
} }
if existingVIPSvc.Addrs == nil { if existingTSSvc.Addrs == nil {
// TODO(irbekrm): this should be a retry // TODO(irbekrm): this should be a retry
return false, fmt.Errorf("unexpected: VIPService addresses not populated") return false, fmt.Errorf("unexpected: Tailscale Service addresses not populated")
} }
} }
var vipv4 netip.Addr var tsSvcIPv4 netip.Addr
var vipv6 netip.Addr var tsSvcIPv6 netip.Addr
for _, vip := range existingVIPSvc.Addrs { for _, tsip := range existingTSSvc.Addrs {
ip, err := netip.ParseAddr(vip) ip, err := netip.ParseAddr(tsip)
if err != nil { if err != nil {
return false, fmt.Errorf("error parsing Tailscale Service address: %w", err) return false, fmt.Errorf("error parsing Tailscale Service address: %w", err)
} }
if ip.Is4() { if ip.Is4() {
vipv4 = ip tsSvcIPv4 = ip
} else if ip.Is6() { } else if ip.Is6() {
vipv6 = ip tsSvcIPv6 = ip
} }
} }
@ -308,12 +308,12 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
if ip.Is4() { if ip.Is4() {
cfg.IPv4Mapping = &ingressservices.Mapping{ cfg.IPv4Mapping = &ingressservices.Mapping{
ClusterIP: ip, ClusterIP: ip,
TailscaleServiceIP: vipv4, TailscaleServiceIP: tsSvcIPv4,
} }
} else if ip.Is6() { } else if ip.Is6() {
cfg.IPv6Mapping = &ingressservices.Mapping{ cfg.IPv6Mapping = &ingressservices.Mapping{
ClusterIP: ip, ClusterIP: ip,
TailscaleServiceIP: vipv6, TailscaleServiceIP: tsSvcIPv6,
} }
} }
} }
@ -332,7 +332,7 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
} }
logger.Infof("updating AdvertiseServices config") logger.Infof("updating AdvertiseServices config")
// 4. Update tailscaled's AdvertiseServices config, which should add the VIPService // 4. Update tailscaled's AdvertiseServices config, which should add the Tailscale Service
// IPs to the ProxyGroup Pods' AllowedIPs in the next netmap update if approved. // IPs to the ProxyGroup Pods' AllowedIPs in the next netmap update if approved.
if err = r.maybeUpdateAdvertiseServicesConfig(ctx, svc, pg.Name, serviceName, &cfg, true, logger); err != nil { if err = r.maybeUpdateAdvertiseServicesConfig(ctx, svc, pg.Name, serviceName, &cfg, true, logger); err != nil {
return false, fmt.Errorf("failed to update tailscaled config: %w", err) return false, fmt.Errorf("failed to update tailscaled config: %w", err)
@ -343,7 +343,7 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
return false, fmt.Errorf("failed to get number of advertised Pods: %w", err) return false, fmt.Errorf("failed to get number of advertised Pods: %w", err)
} }
// TODO(irbekrm): here and when creating the VIPService, verify if the // TODO(irbekrm): here and when creating the Tailscale Service, verify if the
// error is not terminal (and therefore should not be reconciled). For // error is not terminal (and therefore should not be reconciled). For
// example, if the hostname is already a hostname of a Tailscale node, // example, if the hostname is already a hostname of a Tailscale node,
// the GET here will fail. // the GET here will fail.
@ -362,7 +362,7 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
lbs = []corev1.LoadBalancerIngress{ lbs = []corev1.LoadBalancerIngress{
{ {
Hostname: dnsName, Hostname: dnsName,
IP: vipv4.String(), IP: tsSvcIPv4.String(),
}, },
} }
@ -376,8 +376,8 @@ func (r *HAServiceReconciler) maybeProvision(ctx context.Context, hostname strin
return svcsChanged, nil return svcsChanged, nil
} }
// maybeCleanup ensures that any resources, such as a VIPService created for this Service, are cleaned up when the // maybeCleanup ensures that any resources, such as a Tailscale Service created for this Service, are cleaned up when the
// Service is being deleted or is unexposed. The cleanup is safe for a multi-cluster setup- the VIPService is only // Service is being deleted or is unexposed. The cleanup is safe for a multi-cluster setup- the Tailscale Service is only
// deleted if it does not contain any other owner references. If it does the cleanup only removes the owner reference // deleted if it does not contain any other owner references. If it does the cleanup only removes the owner reference
// corresponding to this Service. // corresponding to this Service.
func (r *HAServiceReconciler) maybeCleanup(ctx context.Context, hostname string, svc *corev1.Service, logger *zap.SugaredLogger) (svcChanged bool, err error) { func (r *HAServiceReconciler) maybeCleanup(ctx context.Context, hostname string, svc *corev1.Service, logger *zap.SugaredLogger) (svcChanged bool, err error) {
@ -387,7 +387,7 @@ func (r *HAServiceReconciler) maybeCleanup(ctx context.Context, hostname string,
logger.Debugf("no finalizer, nothing to do") logger.Debugf("no finalizer, nothing to do")
return false, nil return false, nil
} }
logger.Infof("Ensuring that VIPService %q configuration is cleaned up", hostname) logger.Infof("Ensuring that Tailscale Service %q configuration is cleaned up", hostname)
defer func() { defer func() {
if err != nil { if err != nil {
@ -397,13 +397,13 @@ func (r *HAServiceReconciler) maybeCleanup(ctx context.Context, hostname string,
}() }()
serviceName := tailcfg.ServiceName("svc:" + hostname) serviceName := tailcfg.ServiceName("svc:" + hostname)
// 1. Clean up the VIPService. // 1. Clean up the Tailscale Service.
svcChanged, err = r.cleanupVIPService(ctx, serviceName, logger) svcChanged, err = r.cleanupTailscaleService(ctx, serviceName, logger)
if err != nil { if err != nil {
return false, fmt.Errorf("error deleting VIPService: %w", err) return false, fmt.Errorf("error deleting Tailscale Service: %w", err)
} }
// 2. Unadvertise the VIPService. // 2. Unadvertise the Tailscale Service.
pgName := svc.Annotations[AnnotationProxyGroup] pgName := svc.Annotations[AnnotationProxyGroup]
if err = r.maybeUpdateAdvertiseServicesConfig(ctx, svc, pgName, serviceName, nil, false, logger); err != nil { if err = r.maybeUpdateAdvertiseServicesConfig(ctx, svc, pgName, serviceName, nil, false, logger); err != nil {
return false, fmt.Errorf("failed to update tailscaled config services: %w", err) return false, fmt.Errorf("failed to update tailscaled config services: %w", err)
@ -419,7 +419,7 @@ func (r *HAServiceReconciler) maybeCleanup(ctx context.Context, hostname string,
if cm == nil || cfgs == nil { if cm == nil || cfgs == nil {
return true, nil return true, nil
} }
logger.Infof("Removing VIPService %q from ingress config for ProxyGroup %q", hostname, pgName) logger.Infof("Removing Tailscale Service %q from ingress config for ProxyGroup %q", hostname, pgName)
delete(cfgs, serviceName.String()) delete(cfgs, serviceName.String())
cfgBytes, err := json.Marshal(cfgs) cfgBytes, err := json.Marshal(cfgs)
if err != nil { if err != nil {
@ -429,8 +429,8 @@ func (r *HAServiceReconciler) maybeCleanup(ctx context.Context, hostname string,
return true, r.Update(ctx, cm) return true, r.Update(ctx, cm)
} }
// VIPServices that are associated with the provided ProxyGroup and no longer managed this operator's instance are deleted, if not owned by other operator instances, else the owner reference is cleaned up. // Tailscale Services that are associated with the provided ProxyGroup and no longer managed this operator's instance are deleted, if not owned by other operator instances, else the owner reference is cleaned up.
// Returns true if the operation resulted in existing VIPService updates (owner reference removal). // Returns true if the operation resulted in existing Tailscale Service updates (owner reference removal).
func (r *HAServiceReconciler) maybeCleanupProxyGroup(ctx context.Context, proxyGroupName string, logger *zap.SugaredLogger) (svcsChanged bool, err error) { func (r *HAServiceReconciler) maybeCleanupProxyGroup(ctx context.Context, proxyGroupName string, logger *zap.SugaredLogger) (svcsChanged bool, err error) {
cm, config, err := ingressSvcsConfigs(ctx, r.Client, proxyGroupName, r.tsNamespace) cm, config, err := ingressSvcsConfigs(ctx, r.Client, proxyGroupName, r.tsNamespace)
if err != nil { if err != nil {
@ -443,31 +443,31 @@ func (r *HAServiceReconciler) maybeCleanupProxyGroup(ctx context.Context, proxyG
} }
ingressConfigChanged := false ingressConfigChanged := false
for vipSvcName, cfg := range config { for tsSvcName, cfg := range config {
found := false found := false
for _, svc := range svcList.Items { for _, svc := range svcList.Items {
if strings.EqualFold(fmt.Sprintf("svc:%s", nameForService(&svc)), vipSvcName) { if strings.EqualFold(fmt.Sprintf("svc:%s", nameForService(&svc)), tsSvcName) {
found = true found = true
break break
} }
} }
if !found { if !found {
logger.Infof("VIPService %q is not owned by any Service, cleaning up", vipSvcName) logger.Infof("Tailscale Service %q is not owned by any Service, cleaning up", tsSvcName)
// Make sure the VIPService is not advertised in tailscaled or serve config. // Make sure the Tailscale Service is not advertised in tailscaled or serve config.
if err = r.maybeUpdateAdvertiseServicesConfig(ctx, nil, proxyGroupName, tailcfg.ServiceName(vipSvcName), &cfg, false, logger); err != nil { if err = r.maybeUpdateAdvertiseServicesConfig(ctx, nil, proxyGroupName, tailcfg.ServiceName(tsSvcName), &cfg, false, logger); err != nil {
return false, fmt.Errorf("failed to update tailscaled config services: %w", err) return false, fmt.Errorf("failed to update tailscaled config services: %w", err)
} }
svcsChanged, err = r.cleanupVIPService(ctx, tailcfg.ServiceName(vipSvcName), logger) svcsChanged, err = r.cleanupTailscaleService(ctx, tailcfg.ServiceName(tsSvcName), logger)
if err != nil { if err != nil {
return false, fmt.Errorf("deleting VIPService %q: %w", vipSvcName, err) return false, fmt.Errorf("deleting Tailscale Service %q: %w", tsSvcName, err)
} }
_, ok := config[vipSvcName] _, ok := config[tsSvcName]
if ok { if ok {
logger.Infof("Removing VIPService %q from serve config", vipSvcName) logger.Infof("Removing Tailscale Service %q from serve config", tsSvcName)
delete(config, vipSvcName) delete(config, tsSvcName)
ingressConfigChanged = true ingressConfigChanged = true
} }
} }
@ -528,11 +528,11 @@ func (r *HAServiceReconciler) tailnetCertDomain(ctx context.Context) (string, er
return st.CurrentTailnet.MagicDNSSuffix, nil return st.CurrentTailnet.MagicDNSSuffix, nil
} }
// cleanupVIPService deletes any VIPService by the provided name if it is not owned by operator instances other than this one. // cleanupTailscaleService deletes any Tailscale Service by the provided name if it is not owned by operator instances other than this one.
// If a VIPService is found, but contains other owner references, only removes this operator's owner reference. // If a Tailscale Service is found, but contains other owner references, only removes this operator's owner reference.
// If a VIPService by the given name is not found or does not contain this operator's owner reference, do nothing. // If a Tailscale Service by the given name is not found or does not contain this operator's owner reference, do nothing.
// It returns true if an existing VIPService was updated to remove owner reference, as well as any error that occurred. // It returns true if an existing Tailscale Service was updated to remove owner reference, as well as any error that occurred.
func (r *HAServiceReconciler) cleanupVIPService(ctx context.Context, name tailcfg.ServiceName, logger *zap.SugaredLogger) (updated bool, err error) { func (r *HAServiceReconciler) cleanupTailscaleService(ctx context.Context, name tailcfg.ServiceName, logger *zap.SugaredLogger) (updated bool, err error) {
svc, err := r.tsClient.GetVIPService(ctx, name) svc, err := r.tsClient.GetVIPService(ctx, name)
if isErrorFeatureFlagNotEnabled(err) { if isErrorFeatureFlagNotEnabled(err) {
msg := fmt.Sprintf("Unable to proceed with cleanup: %s.", msgFeatureFlagNotEnabled) msg := fmt.Sprintf("Unable to proceed with cleanup: %s.", msgFeatureFlagNotEnabled)
@ -546,23 +546,23 @@ func (r *HAServiceReconciler) cleanupVIPService(ctx context.Context, name tailcf
return false, nil return false, nil
} }
if !ok { if !ok {
return false, fmt.Errorf("unexpected error getting VIPService %q: %w", name.String(), err) return false, fmt.Errorf("unexpected error getting Tailscale Service %q: %w", name.String(), err)
} }
return false, fmt.Errorf("error getting VIPService: %w", err) return false, fmt.Errorf("error getting Tailscale Service: %w", err)
} }
if svc == nil { if svc == nil {
return false, nil return false, nil
} }
o, err := parseOwnerAnnotation(svc) o, err := parseOwnerAnnotation(svc)
if err != nil { if err != nil {
return false, fmt.Errorf("error parsing VIPService owner annotation: %w", err) return false, fmt.Errorf("error parsing Tailscale Service owner annotation: %w", err)
} }
if o == nil || len(o.OwnerRefs) == 0 { if o == nil || len(o.OwnerRefs) == 0 {
return false, nil return false, nil
} }
// Comparing with the operatorID only means that we will not be able to // Comparing with the operatorID only means that we will not be able to
// clean up VIPServices in cases where the operator was deleted from the // clean up Tailscale Services in cases where the operator was deleted from the
// cluster before deleting the Ingress. Perhaps the comparison could be // cluster before deleting the Ingress. Perhaps the comparison could be
// 'if or.OperatorID == r.operatorID || or.ingressUID == r.ingressUID'. // 'if or.OperatorID == r.operatorID || or.ingressUID == r.ingressUID'.
ix := slices.IndexFunc(o.OwnerRefs, func(or OwnerRef) bool { ix := slices.IndexFunc(o.OwnerRefs, func(or OwnerRef) bool {
@ -572,14 +572,14 @@ func (r *HAServiceReconciler) cleanupVIPService(ctx context.Context, name tailcf
return false, nil return false, nil
} }
if len(o.OwnerRefs) == 1 { if len(o.OwnerRefs) == 1 {
logger.Infof("Deleting VIPService %q", name) logger.Infof("Deleting Tailscale Service %q", name)
return false, r.tsClient.DeleteVIPService(ctx, name) return false, r.tsClient.DeleteVIPService(ctx, name)
} }
o.OwnerRefs = slices.Delete(o.OwnerRefs, ix, ix+1) o.OwnerRefs = slices.Delete(o.OwnerRefs, ix, ix+1)
logger.Infof("Updating VIPService %q", name) logger.Infof("Updating Tailscale Service %q", name)
json, err := json.Marshal(o) json, err := json.Marshal(o)
if err != nil { if err != nil {
return false, fmt.Errorf("error marshalling updated VIPService owner reference: %w", err) return false, fmt.Errorf("error marshalling updated Tailscale Service owner reference: %w", err)
} }
svc.Annotations[ownerAnnotation] = string(json) svc.Annotations[ownerAnnotation] = string(json)
return true, r.tsClient.CreateOrUpdateVIPService(ctx, svc) return true, r.tsClient.CreateOrUpdateVIPService(ctx, svc)
@ -618,7 +618,7 @@ func (a *HAServiceReconciler) backendRoutesSetup(ctx context.Context, serviceNam
return false, fmt.Errorf("error checking ingress config status: %w", err) return false, fmt.Errorf("error checking ingress config status: %w", err)
} }
if !statusUpToDate || !reflect.DeepEqual(gotCfgs.Configs.GetConfig(serviceName), wantsCfg) { if !statusUpToDate || !reflect.DeepEqual(gotCfgs.Configs.GetConfig(serviceName), wantsCfg) {
logger.Debugf("Pod %q is not ready to advertise VIPService", pod.Name) logger.Debugf("Pod %q is not ready to advertise Tailscale Service", pod.Name)
return false, nil return false, nil
} }
return true, nil return true, nil
@ -746,9 +746,9 @@ func (a *HAServiceReconciler) numberPodsAdvertising(ctx context.Context, pgName
} }
// ownerAnnotations returns the updated annotations required to ensure this // ownerAnnotations returns the updated annotations required to ensure this
// instance of the operator is included as an owner. If the VIPService is not // instance of the operator is included as an owner. If the Tailscale Service is not
// nil, but does not contain an owner we return an error as this likely means // nil, but does not contain an owner we return an error as this likely means
// that the VIPService was created by something other than a Tailscale // that the Tailscale Service was created by something other than a Tailscale
// Kubernetes operator. // Kubernetes operator.
func (r *HAServiceReconciler) ownerAnnotations(svc *tailscale.VIPService) (map[string]string, error) { func (r *HAServiceReconciler) ownerAnnotations(svc *tailscale.VIPService) (map[string]string, error) {
ref := OwnerRef{ ref := OwnerRef{
@ -758,7 +758,7 @@ func (r *HAServiceReconciler) ownerAnnotations(svc *tailscale.VIPService) (map[s
c := ownerAnnotationValue{OwnerRefs: []OwnerRef{ref}} c := ownerAnnotationValue{OwnerRefs: []OwnerRef{ref}}
json, err := json.Marshal(c) json, err := json.Marshal(c)
if err != nil { if err != nil {
return nil, fmt.Errorf("[unexpected] unable to marshal VIPService owner annotation contents: %w, please report this", err) return nil, fmt.Errorf("[unexpected] unable to marshal Tailscale Service owner annotation contents: %w, please report this", err)
} }
return map[string]string{ return map[string]string{
ownerAnnotation: string(json), ownerAnnotation: string(json),
@ -769,7 +769,7 @@ func (r *HAServiceReconciler) ownerAnnotations(svc *tailscale.VIPService) (map[s
return nil, err return nil, err
} }
if o == nil || len(o.OwnerRefs) == 0 { if o == nil || len(o.OwnerRefs) == 0 {
return nil, fmt.Errorf("VIPService %s exists, but does not contain owner annotation with owner references; not proceeding as this is likely a resource created by something other than the Tailscale Kubernetes operator", svc.Name) return nil, fmt.Errorf("Tailscale Service %s exists, but does not contain owner annotation with owner references; not proceeding as this is likely a resource created by something other than the Tailscale Kubernetes operator", svc.Name)
} }
if slices.Contains(o.OwnerRefs, ref) { // up to date if slices.Contains(o.OwnerRefs, ref) { // up to date
return svc.Annotations, nil return svc.Annotations, nil
@ -788,7 +788,7 @@ func (r *HAServiceReconciler) ownerAnnotations(svc *tailscale.VIPService) (map[s
return newAnnots, nil return newAnnots, nil
} }
// dnsNameForService returns the DNS name for the given VIPService name. // dnsNameForService returns the DNS name for the given Tailscale Service name.
func (r *HAServiceReconciler) dnsNameForService(ctx context.Context, svc tailcfg.ServiceName) (string, error) { func (r *HAServiceReconciler) dnsNameForService(ctx context.Context, svc tailcfg.ServiceName) (string, error) {
s := svc.WithoutPrefix() s := svc.WithoutPrefix()
tcd, err := r.tailnetCertDomain(ctx) tcd, err := r.tailnetCertDomain(ctx)

24
cmd/k8s-operator/svc-for-pg_test.go
Unescape Escape View File

@ -47,7 +47,7 @@ func TestServicePGReconciler(t *testing.T) {
expectReconciled(t, svcPGR, "default", svc.Name) expectReconciled(t, svcPGR, "default", svc.Name)
config = append(config, fmt.Sprintf("svc:default-%s", svc.Name)) config = append(config, fmt.Sprintf("svc:default-%s", svc.Name))
verifyVIPService(t, ft, fmt.Sprintf("svc:default-%s", svc.Name), []string{"do-not-validate"}) verifyTailscaleService(t, ft, fmt.Sprintf("svc:default-%s", svc.Name), []string{"do-not-validate"})
verifyTailscaledConfig(t, fc, config) verifyTailscaledConfig(t, fc, config)
} }
@ -89,7 +89,7 @@ func TestServicePGReconciler_UpdateHostname(t *testing.T) {
expectReconciled(t, svcPGR, "default", svc.Name) expectReconciled(t, svcPGR, "default", svc.Name)
verifyVIPService(t, ft, fmt.Sprintf("svc:default-%s", svc.Name), []string{"do-not-validate"}) verifyTailscaleService(t, ft, fmt.Sprintf("svc:default-%s", svc.Name), []string{"do-not-validate"})
verifyTailscaledConfig(t, fc, []string{fmt.Sprintf("svc:default-%s", svc.Name)}) verifyTailscaledConfig(t, fc, []string{fmt.Sprintf("svc:default-%s", svc.Name)})
hostname := "foobarbaz" hostname := "foobarbaz"
@ -101,7 +101,7 @@ func TestServicePGReconciler_UpdateHostname(t *testing.T) {
updateIngressConfigSecret(t, fc, stateSecret, hostname, cip) updateIngressConfigSecret(t, fc, stateSecret, hostname, cip)
expectReconciled(t, svcPGR, "default", svc.Name) expectReconciled(t, svcPGR, "default", svc.Name)
verifyVIPService(t, ft, fmt.Sprintf("svc:%s", hostname), []string{"do-not-validate"}) verifyTailscaleService(t, ft, fmt.Sprintf("svc:%s", hostname), []string{"do-not-validate"})
verifyTailscaledConfig(t, fc, []string{fmt.Sprintf("svc:%s", hostname)}) verifyTailscaledConfig(t, fc, []string{fmt.Sprintf("svc:%s", hostname)})
_, err := ft.GetVIPService(context.Background(), tailcfg.ServiceName(fmt.Sprintf("svc:default-%s", svc.Name))) _, err := ft.GetVIPService(context.Background(), tailcfg.ServiceName(fmt.Sprintf("svc:default-%s", svc.Name)))
@ -238,17 +238,17 @@ func TestServicePGReconciler_MultiCluster(t *testing.T) {
svc, _ := setupTestService(t, "test-multi-cluster", "", "4.3.2.1", fc, stateSecret) svc, _ := setupTestService(t, "test-multi-cluster", "", "4.3.2.1", fc, stateSecret)
expectReconciled(t, pgr, "default", svc.Name) expectReconciled(t, pgr, "default", svc.Name)
vipSvcs, err := ft.ListVIPServices(context.Background()) tsSvcs, err := ft.ListVIPServices(context.Background())
if err != nil { if err != nil {
t.Fatalf("getting VIPService: %v", err) t.Fatalf("getting Tailscale Service: %v", err)
} }
if len(vipSvcs) != 1 { if len(tsSvcs) != 1 {
t.Fatalf("unexpected number of VIPServices (%d)", len(vipSvcs)) t.Fatalf("unexpected number of Tailscale Services (%d)", len(tsSvcs))
} }
for name := range vipSvcs { for name := range tsSvcs {
t.Logf("found vip service with name %q", name.String()) t.Logf("found Tailscale Service with name %q", name.String())
} }
} }
} }
@ -279,10 +279,10 @@ func TestIgnoreRegularService(t *testing.T) {
verifyTailscaledConfig(t, fc, nil) verifyTailscaledConfig(t, fc, nil)
vipSvcs, err := ft.ListVIPServices(context.Background()) tsSvcs, err := ft.ListVIPServices(context.Background())
if err == nil { if err == nil {
if len(vipSvcs) > 0 { if len(tsSvcs) > 0 {
t.Fatal("unexpected vip services found") t.Fatal("unexpected Tailscale Services found")
} }
} }
} }

Write Preview
Loading…
Cancel
Save