cmd/k8s-operator: use our own container image instead of busybox

We already have sysctl in the `tailscale/tailscale` image, just use that.

Updates #cleanup

Signed-off-by: Maisem Ali <maisem@tailscale.com>
pull/9769/head
Maisem Ali 1 year ago committed by Maisem Ali
parent 1fc3573446
commit f53c3be07c

@ -12,7 +12,6 @@ spec:
serviceAccountName: proxies serviceAccountName: proxies
initContainers: initContainers:
- name: sysctler - name: sysctler
image: busybox
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/sh"] command: ["/bin/sh"]

@ -899,7 +899,7 @@ func expectedSTS(stsName, secretName, hostname, priorityClassName string) *appsv
InitContainers: []corev1.Container{ InitContainers: []corev1.Container{
{ {
Name: "sysctler", Name: "sysctler",
Image: "busybox", Image: "tailscale/tailscale",
Command: []string{"/bin/sh"}, Command: []string{"/bin/sh"},
Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"},
SecurityContext: &corev1.SecurityContext{ SecurityContext: &corev1.SecurityContext{
@ -968,7 +968,7 @@ func expectedEgressSTS(stsName, secretName, tailnetTargetIP, hostname, priorityC
InitContainers: []corev1.Container{ InitContainers: []corev1.Container{
{ {
Name: "sysctler", Name: "sysctler",
Image: "busybox", Image: "tailscale/tailscale",
Command: []string{"/bin/sh"}, Command: []string{"/bin/sh"},
Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"},
SecurityContext: &corev1.SecurityContext{ SecurityContext: &corev1.SecurityContext{

@ -307,6 +307,13 @@ func (a *tailscaleSTSReconciler) reconcileSTS(ctx context.Context, logger *zap.S
if err := yaml.Unmarshal(proxyYaml, &ss); err != nil { if err := yaml.Unmarshal(proxyYaml, &ss); err != nil {
return nil, fmt.Errorf("failed to unmarshal proxy spec: %w", err) return nil, fmt.Errorf("failed to unmarshal proxy spec: %w", err)
} }
for i := range ss.Spec.Template.Spec.InitContainers {
c := &ss.Spec.Template.Spec.InitContainers[i]
if c.Name == "sysctler" {
c.Image = a.proxyImage
break
}
}
} }
container := &ss.Spec.Template.Spec.Containers[0] container := &ss.Spec.Template.Spec.Containers[0]
container.Image = a.proxyImage container.Image = a.proxyImage

@ -11,7 +11,7 @@ spec:
# the container. The `net.ipv4.ip_forward` sysctl is not allowlisted # the container. The `net.ipv4.ip_forward` sysctl is not allowlisted
# in Kubelet by default. # in Kubelet by default.
- name: sysctler - name: sysctler
image: busybox image: "ghcr.io/tailscale/tailscale:latest"
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/sh"] command: ["/bin/sh"]

Loading…
Cancel
Save