Commit Graph

11 Commits (main)

Author SHA1 Message Date
Irbe Krumina ebeb5da202
cmd/k8s-operator,kube/kubeclient,docs/k8s: update rbac to emit events + small fixes (#14164)
This is a follow-up to #14112 where our internal kube client was updated
to allow it to emit Events - this updates our sample kube manifests
and tsrecorder manifest templates so they can benefit from this functionality.

Updates tailscale/tailscale#14080

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2 days ago
Irbe Krumina dff6f3377f
docs/k8s: update docs (#11307)
Update docs for static Tailscale deployments on kube
to always use firewall mode autodection when in non-userspace.
Also add a note about running multiple replicas and a few suggestions how folks could do that.

Updates#cleanup

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
Co-authored-by: Anton Tolchanov <1687799+knyar@users.noreply.github.com>
9 months ago
Maisem Ali f53c3be07c cmd/k8s-operator: use our own container image instead of busybox
We already have sysctl in the `tailscale/tailscale` image, just use that.

Updates #cleanup

Signed-off-by: Maisem Ali <maisem@tailscale.com>
1 year ago
Will Norris 71029cea2d all: update copyright and license headers
This updates all source files to use a new standard header for copyright
and license declaration.  Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.

This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.

Updates #6865

Signed-off-by: Will Norris <will@tailscale.com>
2 years ago
Walter Poupore 11f7f7d4a0
docs/k8s: Use TS_AUTHKEY instead of TS_AUTH_KEY (#7092)
Updates https://github.com/tailscale/tailscale-www/issues/2199.

Signed-off-by: Walter Poupore <walterp@tailscale.com>
2 years ago
David Anderson 76904b82e7 cmd/containerboot: PID1 for running tailscaled in a container.
This implements the same functionality as the former run.sh, but in Go
and with a little better awareness of tailscaled's lifecycle.

Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had
where it would unconditionally try to reauth every time if you gave it
an authkey, rather than try to use it only if auth is actually needed.
This makes it a bit nicer to deploy these containers in automation, since
you don't have to run the container once, then go and edit its definition
to remove authkeys.

Signed-off-by: David Anderson <danderson@tailscale.com>
2 years ago
Maisem Ali 5fc8843c4c docs/k8s: [proxy] fix sysctl command
Fixes #5805

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2 years ago
hlts2 d988c9f098 fix auth key name
Signed-off-by: hlts2 <hiroto.funakoshi.hiroto@gmail.com>
2 years ago
Denton Gentry 0ae0439668 docs/k8s: add IPv6 forwarding in proxy.yaml
Fixes https://github.com/tailscale/tailscale/issues/4999

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2 years ago
Maisem Ali 3b55bf9306 build_docker.sh: add run.sh as an entrypoint to the docker image
Fixes #4071

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2 years ago
Maisem Ali 2c403cbb31 docs/k8s: add instructions on how to run as a sidecar or a proxy.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
3 years ago