14 Commits (2cb408f9b1c972d5b780dc1ee029977699cb0681)

Author	SHA1	Message	Date
Irbe Krumina	8cc2738609	cmd/{containerboot,k8s-operator}: store proxy device ID early to help with cleanup for broken proxies (#12425) ... * cmd/containerboot: store device ID before setting up proxy routes. For containerboot instances whose state needs to be stored in a Kubernetes Secret, we additonally store the device's ID, FQDN and IPs. This is used, between other, by the Kubernetes operator, who uses the ID to delete the device when resources need cleaning up and writes the FQDN and IPs on various kube resource statuses for visibility. This change shifts storing device ID earlier in the proxy setup flow, to ensure that if proxy routing setup fails, the device can still be deleted. Updates tailscale/tailscale#12146 Signed-off-by: Irbe Krumina <irbe@tailscale.com> * code review feedback Signed-off-by: Irbe Krumina <irbe@tailscale.com> --------- Signed-off-by: Irbe Krumina <irbe@tailscale.com>	3 months ago
ChandonPierre	0a5bd63d32	ipn/store/kubestore, cmd/containerboot: allow overriding client api server URL via ENV (#12115) ... Updates tailscale/tailscale#11397 Signed-off-by: Chandon Pierre <cpierre@coreweave.com>	4 months ago
Irbe Krumina	1452faf510	cmd/containerboot,kube,ipn/store/kubestore: allow interactive login on kube, check Secret create perms, allow empty state Secret (#11326) ... cmd/containerboot,kube,ipn/store/kubestore: allow interactive login and empty state Secrets, check perms * Allow users to pre-create empty state Secrets * Add a fake internal kube client, test functionality that has dependencies on kube client operations. * Fix an issue where interactive login was not allowed in an edge case where state Secret does not exist * Make the CheckSecretPermissions method report whether we have permissions to create/patch a Secret if it's determined that these operations will be needed Updates tailscale/tailscale#11170 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	5 months ago
Mike Beaumont	3451b89e5f	cmd/k8s-operator: put Tailscale IPs in Service ingress status ... Updates #502 Signed-off-by: Mike Beaumont <mjboamail@gmail.com>	1 year ago
Maisem Ali	e1530cdfcc	cmd/containerboot,kube: consolidate the two kube clients ... We had two implemenetations of the kube client, merge them. containerboot was also using a raw http.Transport, this also has the side effect of making it use a http.Client Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Will Norris	71029cea2d	all: update copyright and license headers ... This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
David Anderson	1b65630e83	cmd/containerboot: switch to IPN bus monitoring instead of polling. ... We still have to shell out to `tailscale up` because the container image's API includes "arbitrary flags to tailscale up", unfortunately. But this should still speed up startup a little, and also enables k8s-bound containers to update their device information as new netmap updates come in. Fixes #6657 Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	367228ef82	cmd/containerboot: gracefully degrade if missing patch permissions in k8s. ... Fixes #6629. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	e36c27bcd1	cmd/containerboot: check that k8s secret permissions are correct. ... Updates #6629. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	a469ec8ff6	cmd/containerboot: fix some lint. ... Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	65f3dab4c6	cmd/containerboot: make a tests table, add more tests. ... Also fix a bugs found while adding the tests, oops. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	e0669555dd	cmd/containerboot: don't write device ID into non-existent secret. ... Fixes #6211 Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags ... The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
David Anderson	76904b82e7	cmd/containerboot: PID1 for running tailscaled in a container. ... This implements the same functionality as the former run.sh, but in Go and with a little better awareness of tailscaled's lifecycle. Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had where it would unconditionally try to reauth every time if you gave it an authkey, rather than try to use it only if auth is actually needed. This makes it a bit nicer to deploy these containers in automation, since you don't have to run the container once, then go and edit its definition to remove authkeys. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago