A new ProxyClass.tailscaledConfig.acceptRoutes field (defaults to false)
can be used to configure proxies created by the operator to be ran with
--accept-routes via the declarative config.
Updates tailscale/tailscale#10684
Signed-off-by: Irbe Krumina <irbe@tailscale.com>
description:Annotations that will be added to the StatefulSet created for the proxy. Any Annotations specified here will be merged with the default annotations applied to the StatefulSet by the Tailscale Kubernetes operator as well as any other annotations that might have been applied by other actors. Annotations must be valid Kubernetes annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
description:Annotations that will be added to the StatefulSet created for the proxy. Any annotations specified here will be merged with the default annotations applied to the StatefulSet by the Tailscale Kubernetes operator as well as any other annotations that might have been applied by other actors. Annotations must be valid Kubernetes annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
type:object
additionalProperties:
type:string
@ -452,6 +450,16 @@ spec:
value:
description:Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
type:string
tailscaledConfig:
description:Configuration for tailscaled running in the proxy.
type:object
properties:
acceptRoutes:
description:AcceptRoutes can be set to "true" to configure the proxy to accept routes advertized by by other nodes on your tailnet, such as subnet routers and app connectors. This is equivalent of running 'tailscale up --accept-routes'. https://tailscale.com/kb/1072/client-preferences#use-tailscale-subnets The value of this field must be a string ("true" or "false"), defaults to "false".
description:Annotations that will be added to the StatefulSet created for the proxy. Any Annotations specified here will be merged with the default annotations applied to the StatefulSet by the Tailscale Kubernetes operator as well as any other annotations that might have been applied by other actors. Annotations must be valid Kubernetes annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
description:Annotations that will be added to the StatefulSet created for the proxy. Any annotations specified here will be merged with the default annotations applied to the StatefulSet by the Tailscale Kubernetes operator as well as any other annotations that might have been applied by other actors. Annotations must be valid Kubernetes annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
type:object
labels:
additionalProperties:
@ -604,8 +604,16 @@ spec:
type:array
type:object
type:object
required:
- statefulSet
tailscaledConfig:
description:Configuration for tailscaled running in the proxy.
properties:
acceptRoutes:
description:AcceptRoutes can be set to true to make the proxy to accept routes. from subnet routers and route traffic via exit nodes (defaults to false). https://tailscale.com/kb/1019/subnets
type:string
x-kubernetes-validations:
- message:acceptRoutes must be set to a string value. Accepted values are 'true' and 'false'
ifsts.ServeConfig!=nil&&sts.ForwardClusterTrafficViaL7IngressProxy!=true{// If forwarding cluster traffic via is required we need non-userspace + NET_ADMIN + forwarding
Configuration for tailscaled running in the proxy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
@ -360,7 +367,7 @@ Proxy's StatefulSet spec.
<td><b>annotations</b></td>
<td>map[string]string</td>
<td>
Annotations that will be added to the StatefulSet created for the proxy. Any Annotations specified here will be merged with the default annotations applied to the StatefulSet by the Tailscale Kubernetes operator as well as any other annotations that might have been applied by other actors. Annotations must be valid Kubernetes annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set<br/>
Annotations that will be added to the StatefulSet created for the proxy. Any annotations specified here will be merged with the default annotations applied to the StatefulSet by the Tailscale Kubernetes operator as well as any other annotations that might have been applied by other actors. Annotations must be valid Kubernetes annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set<br/>
</td>
<td>false</td>
</tr><tr>
@ -1551,6 +1558,35 @@ The pod this Toleration is attached to tolerates any taint that matches the trip
</table>
### ProxyClass.spec.tailscaledConfig
<sup><sup>[↩ Parent](#proxyclassspec)</sup></sup>
Configuration for tailscaled running in the proxy.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>acceptRoutes</b></td>
<td>string</td>
<td>
AcceptRoutes can be set to "true" to configure the proxy to accept routes advertized by by other nodes on your tailnet, such as subnet routers and app connectors. This is equivalent of running 'tailscale up --accept-routes'. https://tailscale.com/kb/1072/client-preferences#use-tailscale-subnets The value of this field must be a string ("true" or "false"), defaults to "false".<br/>
<br/>
<i>Validations</i>:<li>type(self) == string && (self=='true' || self=='false'): acceptRoutes must be set to a string value. Accepted values are 'true' and 'false'</li>
// The value of this field must be a string ("true" or "false"),
// defaults to "false".
AcceptRoutesBool`json:"acceptRoutes,omitempty"`
}
// +kubebuilder:validation:XValidation:rule="type(self) == string && (self=='true' || self=='false')",message="acceptRoutes must be set to a string value. Accepted values are 'true' and 'false'"
typeBoolstring
typeStatefulSetstruct{
// Labels that will be added to the StatefulSet created for the proxy.
// Any labels specified here will be merged with the default labels
@ -51,7 +69,7 @@ type StatefulSet struct {
// +optional
Labelsmap[string]string`json:"labels,omitempty"`
// Annotations that will be added to the StatefulSet created for the proxy.
// Any Annotations specified here will be merged with the default annotations
// Any annotations specified here will be merged with the default annotations
// applied to the StatefulSet by the Tailscale Kubernetes operator as
// well as any other annotations that might have been applied by other