tailscale

Commit Graph

Author	SHA1	Message	Date
Jonathan Nobels	b451878c9a	ipn/ipnlocal, net/netmon: address code review comments updates tailscale/corp#33891 Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	4 days ago
Jonathan Nobels	403011dc9d	ipn/ipnlocal, net/netmon: remove ChangeDelta.New and Old updates tailscale/corp#33891 Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	4 days ago
Jonathan Nobels	b9ce0d207a	ipn/ipnlocal, net/netmon: remove netmon.State dependencies updates tailscale/corp#33891 This further reduces (but does not completely eliminate) the need to pass around netmon.State and leans on the netmon.ChangeDelta and its precomputed fields. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	4 days ago
Jonathan Nobels	49c635631f	net/netmon: remove ChangeDelta.Major and start the TODOs updates tailscale/corp#33891 We've had some TODO's in netmon for ages related to asking more pointed questions of ChangeDelta. We're also seeing a lot of ChangeDelta's being flagged as "Major" when they are not interesting, triggering rebinds in wgengine that are not needed. This removes the "Major" flag and replaces it with a set of precomputed values that hint at what the ChangeDelta means. The dependencies are cleaned up a bit, notably removing dependency on netmon itself for calculating what is interesting, and what is not. This includes letting individual platforms set a bespoke global "IsInterestingInterface" function. This was only used on Darwin. RebindRequired roughly flows from how "Major" was historically calculated but includes some additional checks for various uninteresting events such as changes in interface addresses that shouldn't trigger a rebind to minimize thrashing. The individual values that we roll into RebindRequired are also exposed so that components consuming netmap.ChangeDelta can ask more targeted questions. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com> wgengine/userspace: skip rebind and restun if all of our interfaces are down updates tailscale/corp#33891 Skip rebind and restun if we have called SetNetworkUp with false. Neither cares about this state and it's just flappy to try to reStun and rebind if there are no usable interfaces available. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com> Add viability flag and fix bug in state	4 days ago
Tom Proctor	d0d993f5d6	.github,cmd/cigocacher: add flags --version --stats --cigocached-host Add flags: * --cigocached-host to support alternative host resolution in other environments, like the corp repo. * --stats to reduce the amount of bash script we need. * --version to support a caching tool/cigocacher script that will download from GitHub releases. Updates tailscale/corp#10808 Change-Id: Ib2447bc5f79058669a70f2c49cef6aedd7afc049 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	4 days ago
Tom Meadows	d7a5624841	cmd/k8s-operator: fix statefulset template yaml indentation (#18194 ) Fixes #17000 Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>	4 days ago
Irbe Krumina	cb5fa35f57	.github/workfkows,Dockerfile,Dockerfile.base: add a test for base image (#18180 ) Test that the base image builds and has the right iptables binary linked. Updates #17854 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	7 days ago
James 'zofrex' Sanderson	3ef9787379	tsweb: add Unwrap to loggingResponseWriter for ResponseController (#18195 ) The new http.ResponseController type added in Go 1.20: https://go.dev/doc/go1.20#http_responsecontroller requires ResponseWriters that are wrapping the original passed to ServeHTTP to implement an Unwrap method: https://pkg.go.dev/net/http#NewResponseController With this in place, it is possible to call methods such as Flush and SetReadDeadline on a loggingResponseWriter without needing to implement them there ourselves. Updates tailscale/corp#34763 Updates tailscale/corp#34813 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	1 week ago
Raj Singh	65182f2119	ipn/ipnlocal: add ProxyProtocol support to VIP service TCP handler (#18175 ) tcpHandlerForVIPService was missing ProxyProtocol support that tcpHandlerForServe already had. Extract the shared logic into forwardTCPWithProxyProtocol helper and use it in both handlers. Fixes #18172 Signed-off-by: Raj Singh <raj@tailscale.com>	1 week ago
Joe Tsai	9613b4eecc	logtail: add metrics (#18184 ) Add metrics about logtail uploading and underlying buffer. Add metrics to the in-memory buffer implementation. Updates tailscale/corp#21363 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 week ago
Brad Fitzpatrick	0df4631308	ipn/ipnlocal: avoid ResetAndStop panic Updates #18187 Change-Id: If7375efb7df0452a5e85b742fc4c4eecbbd62717 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 week ago
Simon Law	6ace3995f0	portlist: skip tests on Linux 6.14.x with /proc/net/tcp bug (#18185 ) PR #18033 skipped tests for the versions of Linux 6.6 and 6.12 that had a regression in /proc/net/tcp that causes seek operations to fail with “illegal seek”. This PR skips tests for Linux 6.14.0, which is the default Ubuntu kernel, that also contains this regression. Updates #16966 Signed-off-by: Simon Law <sfllaw@tailscale.com>	1 week ago
Joe Tsai	6428ba01ef	logtail/filch: rewrite the package (#18143 ) The filch implementation is fairly broken: * When Filch.cur exceeds MaxFileSize, it calls moveContents to copy the entirety of cur into alt (while holding the write lock). By nature, this is the movement of a lot of data in a hot path, meaning that all log calls will be globally blocked! It also means that log uploads will be blocked during the move. * The implementation of moveContents is buggy in that it copies data from cur into the start of alt, but fails to truncate alt to the number of bytes copied. Consequently, there are unrelated lines near the end, leading to out-of-order lines when being read back. * Data filched via stderr do not directly respect MaxFileSize, which is only checked every 100 Filch.Write calls. This means that it is possible that the file grows far beyond the specified max file size before moveContents is called. * If both log files have data when New is called, it also copies the entirety of cur into alt. This can block the startup of a process copying lots of data before the process can do any useful work. * TryReadLine is implemented using bufio.Scanner. Unfortunately, it will choke on any lines longer than bufio.MaxScanTokenSize, rather than gracefully skip over them. The re-implementation avoids a lot of these problems by fundamentally eliminating the need for moveContent. We enforce MaxFileSize by simply rotating the log files whenever the current file exceeds MaxFileSize/2. This is a constant-time operation regardless of file size. To more gracefully handle lines longer than bufio.MaxScanTokenSize, we skip over these lines (without growing the read buffer) and report an error. This allows subsequent lines to be read. In order to improve debugging, we add a lot of metrics. Note that the the mechanism of dup2 with stderr is inherently racy with a the two file approach. The order of operations during a rotation is carefully chosen to reduce the race window to be as short as possible. Thus, this is slightly less racy than before. Updates tailscale/corp#21363 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 week ago
Claus Lensbøl	c870d3811d	net/{packet,tstun},wgengine: update disco key when receiving via TSMP (#18158 ) When receiving a TSMPDiscoAdvertisement from peer, update the discokey for said peer. Some parts taken from: https://github.com/tailscale/tailscale/pull/18073/ Updates #12639 Co-authored-by: James Tucker <james@tailscale.com>	1 week ago
Irbe Krumina	723b9af21a	Dockerfile,Dockerfile.base: link iptables to legacy binary (#18177 ) Re-instate the linking of iptables installed in Tailscale container to the legacy iptables version. In environments where the legacy iptables is not needed, we should be able to run nftables instead, but this will ensure that Tailscale keeps working in environments that don't support nftables, such as some Synology NAS hosts. Updates #17854 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 week ago
Raj Singh	8eda947530	cmd/derper: add GCP Certificate Manager support (#18161 ) Add --certmode=gcp for using Google Cloud Certificate Manager's public CA instead of Let's Encrypt. GCP requires External Account Binding (EAB) credentials for ACME registration, so this adds --acme-eab-kid and --acme-eab-key flags. The EAB key accepts both base64url and standard base64 encoding to support both ACME spec format and gcloud output. Fixes tailscale/corp#34881 Signed-off-by: Raj Singh <raj@tailscale.com> Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 week ago
Claus Lensbøl	1dfdee8521	net/dns: retrample resolve.conf when another process has trampled it (#18069 ) When using the resolve.conf file for setting DNS, it is possible that some other services will trample the file and overwrite our set DNS server. Experiments has shown this to be a racy error depending on how quickly processes start. Make an attempt to trample back the file a limited number of times if the file is changed. Updates #16635 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	1 week ago
Jordan Whited	a9b37c510c	net/udprelay: re-use mono.Time in control packet handling Fixes tailscale/corp#35100 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 week ago
Simar	363d882306	net/udprelay: use `mono.Time` instead of `time.Time` Fixes: https://github.com/tailscale/tailscale/issues/18064 Signed-off-by: Simar <simar@linux.com>	1 week ago
Fran Bull	076d5c7214	appc,feature: add the start of new conn25 app connector When peers request an IP address mapping to be stored, the connector stores it in memory. Fixes tailscale/corp#34251 Signed-off-by: Fran Bull <fran@tailscale.com>	1 week ago
Tom Proctor	dd1bb8ee42	.github: add cigocacher release workflow To save rebuilding cigocacher on each CI job, build it on-demand, and publish a release similar to how we publish releases for tool/go to consume. Once the first release is done, we can add a new tool/cigocacher script that pins to a specific release for each branch to download. Updates tailscale/corp#10808 Change-Id: I7694b2c2240020ba2335eb467522cdd029469b6c Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	1 week ago
Alex Chan	378ee20b9a	cmd/tailscale/cli: stabilise the output of `tailscale lock status --json` This patch stabilises the JSON output, and improves it in the following ways: * The AUM hash in Head uses the base32-encoded form of an AUM hash, consistent with how it's presented elsewhere * TrustedKeys are the same format as the keys as `tailnet lock log --json` * SigKind, Pubkey and KeyID are all presented consistently with other JSON output in NodeKeySignature * FilteredPeers don't have a NodeKeySignature, because it will always be empty For reference, here's the JSON output from the CLI prior to this change: ```json { "Enabled": true, "Head": [ 196, 69, 63, 243, 213, 133, 123, 46, 183, 203, 143, 34, 184, 85, 80, 1, 221, 92, 49, 213, 93, 106, 5, 206, 176, 250, 58, 165, 155, 136, 11, 13 ], "PublicKey": "nlpub:0f99af5c02216193963ce9304bb4ca418846eddebe237f37a6de1c59097ed0b8", "NodeKey": "nodekey:8abfe98b38151748919f6e346ad16436201c3ecd453b01e9d6d3a38e1826000d", "NodeKeySigned": true, "NodeKeySignature": { "SigKind": 1, "Pubkey": "bnCKv+mLOBUXSJGfbjRq0WQ2IBw+zUU7AenW06OOGCYADQ==", "KeyID": "D5mvXAIhYZOWPOkwS7TKQYhG7d6+I383pt4cWQl+0Lg=", "Signature": "4DPW4v6MyLLwQ8AMDm27BVDGABjeC9gg1EfqRdKgzVXi/mJDwY9PTAoX0+0WTRs5SUksWjY0u1CLxq5xgjFGBA==", "Nested": null, "WrappingPubkey": "D5mvXAIhYZOWPOkwS7TKQYhG7d6+I383pt4cWQl+0Lg=" }, "TrustedKeys": [ { "Key": "nlpub:0f99af5c02216193963ce9304bb4ca418846eddebe237f37a6de1c59097ed0b8", "Metadata": null, "Votes": 1 }, { "Key": "nlpub:de2254c040e728140d92bc967d51284e9daea103a28a97a215694c5bda2128b8", "Metadata": null, "Votes": 1 } ], "VisiblePeers": [ { "Name": "signing2.taila62b.unknown.c.ts.net.", "ID": 7525920332164264, "StableID": "nRX6TbAWm121DEVEL", "TailscaleIPs": [ "100.110.67.20", "fd7a:115c:a1e0::9c01:4314" ], "NodeKey": "nodekey:10bf4a5c168051d700a29123cd81568377849da458abef4b328794ca9cae4313", "NodeKeySignature": { "SigKind": 1, "Pubkey": "bnAQv0pcFoBR1wCikSPNgVaDd4SdpFir70syh5TKnK5DEw==", "KeyID": "D5mvXAIhYZOWPOkwS7TKQYhG7d6+I383pt4cWQl+0Lg=", "Signature": "h9fhwHiNdkTqOGVQNdW6AVFoio6MFaFobPiK9ydywgmtYxcExJ38b76Tabdc56aNLxf8IfCaRw2VYPcQG2J/AA==", "Nested": null, "WrappingPubkey": "3iJUwEDnKBQNkryWfVEoTp2uoQOiipeiFWlMW9ohKLg=" } } ], "FilteredPeers": [ { "Name": "node3.taila62b.unknown.c.ts.net.", "ID": 5200614049042386, "StableID": "n3jAr7KNch11DEVEL", "TailscaleIPs": [ "100.95.29.124", "fd7a:115c:a1e0::f901:1d7c" ], "NodeKey": "nodekey:454d2c8602c10574c5ec3a6790f159714802012b7b8bb8d2ab47d637f9df1d7b", "NodeKeySignature": { "SigKind": 0, "Pubkey": null, "KeyID": null, "Signature": null, "Nested": null, "WrappingPubkey": null } } ], "StateID": 16885615198276932820 } ``` Updates https://github.com/tailscale/corp/issues/22355 Updates https://github.com/tailscale/tailscale/issues/17619 Signed-off-by: Alex Chan <alexc@tailscale.com> Change-Id: I65b58ff4520033e6b70fc3b1ba7fc91c1f70a960	1 week ago
Nick Khyl	da0ea8ef3e	Revert "ipn/ipnlocal: shut down old control client synchronously on reset" It appears (*controlclient.Auto).Shutdown() can still deadlock when called with b.mu held, and therefore the changes in #18127 are unsafe. This reverts #18127 until we figure out what causes it. This reverts commit `d199ecac80`. Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 weeks ago
Erisa A	c7b10cb39f	scripts/installer.sh: add SteamOS handling (#18159 ) Fixes #12943 Signed-off-by: Erisa A <erisa@tailscale.com>	2 weeks ago
Alex Chan	7d3097d3b5	tka: add some more tests for Bootstrap() This improves our test coverage of the Bootstrap() method, especially around catching AUMs that shouldn't pass validation. Updates #cleanup Change-Id: Idc61fcbc6daaa98c36d20ec61e45ce48771b85de Signed-off-by: Alex Chan <alexc@tailscale.com>	2 weeks ago
Irbe Krumina	2a0ddb7897	cmd/k8s-operator: warn if users attempt to expose a headless Service (#18140 ) Previously, if users attempted to expose a headless Service to tailnet, this just silently did not work. This PR makes the operator throw a warning event + update Service's status with an error message. Updates #18139 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 weeks ago
Irbe Krumina	d5c893195b	cmd/k8s-operator: don't log errors on not found objects. (#18142 ) The event queue gets deleted events, which means that sometimes the object that should be reconciled no longer exists. Don't log user facing errors if that is the case. Updates #18141 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 weeks ago
Claus Lensbøl	d349370e55	client/systray: change systray to start after graphical.target (#18138 ) The service was starting after systemd itself, and while this surprisingly worked for some situations, it broke for others. Change it to start after a GUI has been initialized. Updates #17656 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	2 weeks ago
James 'zofrex' Sanderson	cf40cf5ccb	ipn/ipnlocal: add peer API endpoints to Hostinfo on initial client creation (#17851 ) Previously we only set this when it updated, which was fine for the first call to Start(), but after that point future updates would be skipped if nothing had changed. If Start() was called again, it would wipe the peer API endpoints and they wouldn't get added back again, breaking exit nodes (and anything else requiring peer API to be advertised). Updates tailscale/corp#27173 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	2 weeks ago
Peter A.	f4d34f38be	cmd/tailscale,ipn: add Unix socket support for serve Based on PR #16700 by @lox, adapted to current codebase. Adds support for proxying HTTP requests to Unix domain sockets via tailscale serve unix:/path/to/socket, enabling exposure of services like Docker, containerd, PHP-FPM over Tailscale without TCP bridging. The implementation includes reasonable protections against exposure of tailscaled's own socket. Adaptations from original PR: - Use net.Dialer.DialContext instead of net.Dial for context propagation - Use http.Transport with Protocols API (current h2c approach, not http2.Transport) - Resolve conflicts with hasScheme variable in ExpandProxyTargetValue Updates #9771 Signed-off-by: Peter A. <ink.splatters@pm.me> Co-authored-by: Lachlan Donald <lachlan@ljd.cc>	2 weeks ago
Nick Khyl	557457f3c2	ipn/ipnlocal: fix LocalBackend deadlock when packet arrives during profile switch (#18126 ) If a packet arrives while WireGuard is being reconfigured with b.mu held, such as during a profile switch, calling back into (LocalBackend).GetPeerAPIPort from (Wrapper).filterPacketInboundFromWireGuard may deadlock when it tries to acquire b.mu. This occurs because a peer cannot be removed while an inbound packet is being processed. The reconfig and profile switch wait for (*Peer).RoutineSequentialReceiver to return, but it never finishes because GetPeerAPIPort needs b.mu, which the waiting goroutine already holds. In this PR, we make peerAPIPorts a new syncs.AtomicValue field that is written with b.mu held but can be read by GetPeerAPIPort without holding the mutex, which fixes the deadlock. There might be other long-term ways to address the issue, such as moving peer API listeners from LocalBackend to nodeBackend so they can be accessed without holding b.mu, but these changes are too large and risky at this stage in the v1.92 release cycle. Updates #18124 Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 weeks ago
Nick Khyl	d199ecac80	ipn/ipnlocal: shut down old control client synchronously on reset Previously, callers of (LocalBackend).resetControlClientLocked were supposed to call Shutdown on the returned controlclient.Client after releasing b.mu. In #17804, we started calling Shutdown while holding b.mu, which caused deadlocks during profile switches due to the (ExecQueue).RunSync implementation. We first patched this in #18053 by calling Shutdown in a new goroutine, which avoided the deadlocks but made TestStateMachine flaky because the shutdown order was no longer guaranteed. In #18070, we updated (ExecQueue).RunSync to allow shutting down the queue without waiting for RunSync to return. With that change, shutting down the control client while holding b.mu became safe. Therefore, this PR updates (LocalBackend).resetControlClientLocked to shut down the old client synchronously during the reset, instead of returning it and shifting that responsibility to the callers. This fixes the flaky tests and simplifies the code. Fixes #18052 Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 weeks ago
Andrew Lytvynov	7bc25f77f4	go.toolchain.rev: update to Go 1.25.5 (#18123 ) Updates #18122 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 weeks ago
Jordan Whited	6a44990b09	net/udprelay: bind multiple sockets per af on Linux This commit uses SO_REUSEPORT (when supported) to bind multiple sockets per address family. Increasing the number of sockets can increase aggregate throughput when serving many peer relay client flows. Benchmarks show 3x improvement in max aggregate bitrate in some environments. Updates tailscale/corp#34745 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 weeks ago
Alex Chan	e33f6aa3ba	go.mod: bump the version of setec Updates https://github.com/tailscale/corp/issues/34813 Change-Id: I926f1bad5bf143d82ddb36f51f70deb24fa11e71 Signed-off-by: Alex Chan <alexc@tailscale.com>	2 weeks ago
Tom Proctor	f8cd07fb8a	.github: make cigocacher script more robust We got a flake in https://github.com/tailscale/tailscale/actions/runs/19867229792/job/56933249360 but it's not obvious to me where it failed. Make it more robust and print out more useful error messages for next time. Updates tailscale/corp#10808 Change-Id: I9ca08ea1103b9ad968c9cc0c42a493981ea62435 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	2 weeks ago
Brad Fitzpatrick	b8c58ca7c1	wgengine: fix TSMP/ICMP callback leak Fixes #18112 Change-Id: I85d5c482b01673799d51faeb6cb0579903597502 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Gesa Stupperich	536188c1b5	tsnet: enable node registration via federated identity Updates: tailscale.com/corp#34148 Signed-off-by: Gesa Stupperich <gesa@tailscale.com>	2 weeks ago
Joe Tsai	957a443b23	cmd/netlogfmt: allow empty --resolve-addrs flag (#18103 ) Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 weeks ago
Raj Singh	bd5c50909f	scripts/installer: add TAILSCALE_VERSION environment variable (#18014 ) Add support for pinning specific Tailscale versions during installation via the TAILSCALE_VERSION environment variable. Example usage: curl -fsSL https://tailscale.com/install.sh \| TAILSCALE_VERSION=1.88.4 sh Fixes #17776 Signed-off-by: Raj Singh <raj@tailscale.com>	2 weeks ago
Tom Proctor	22a815b6d2	tool: bump binaryen wasm optimiser version 111 -> 125 111 is 3 years old, and there have been a lot of speed improvements since then. We run wasm-opt twice as part of the CI wasm job, and it currently takes about 3 minutes each time. With 125, it takes ~40 seconds, a 4.5x speed-up. Updates #cleanup Change-Id: I671ae6cefa3997a23cdcab6871896b6b03e83a4f Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	2 weeks ago
License Updater	8976b34cb8	licenses: update license notices Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	2 weeks ago
Naasir	77dcdc223e	cleanup: fix typos across multiple files Does not affect code. Updates #cleanup Signed-off-by: Naasir <yoursdeveloper@protonmail.com>	2 weeks ago
Tom Proctor	ece6e27f39	.github,cmd/cigocacher: use cigocacher for windows Implements a new disk put function for cigocacher that does not cause locking issues on Windows when there are multiple processes reading and writing the same files concurrently. Integrates cigocacher into test.yml for Windows where we are running on larger runners that support connecting to private Azure vnet resources where cigocached is hosted. Updates tailscale/corp#10808 Change-Id: I0d0e9b670e49e0f9abf01ff3d605cd660dd85ebb Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	2 weeks ago
Tom Proctor	97f1fd6d48	.github: only save cache on main The cache artifacts from a full run of test.yml are 14GB. Only save artifacts from the main branch to ensure we don't thrash too much. Most branches should get decent performance with a hit from recent main. Fixes tailscale/corp#34739 Change-Id: Ia83269d878e4781e3ddf33f1db2f21d06ea2130f Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	2 weeks ago
Shaikh Naasir	37b4dd047f	k8s-operator: Fix typos in egress-pod-readiness.go Updates #cleanup Signed-off-by: Alex Chan <alexc@tailscale.com>	3 weeks ago
Alex Chan	bd12d8f12f	cmd/tailscale/cli: soften the warning on `--force-reauth` for seamless Thanks to seamless key renewal, you can now do a force-reauth without losing your connection in all circumstances. We softened the interactive warning (see #17262) so let's soften the help text as well. Updates https://github.com/tailscale/corp/issues/32429 Signed-off-by: Alex Chan <alexc@tailscale.com>	3 weeks ago
Anton Tolchanov	34dff57137	feature/posture: log method and full URL for posture identity requests Updates tailscale/corp#34676 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	3 weeks ago
Fernando Serboncini	f36eb81e61	cmd/k8s-operator fix populateTLSSecret on tests (#18088 ) The call for populateTLSSecret was broken between PRs. Updates #cleanup Signed-off-by: Fernando Serboncini <fserb@tailscale.com>	3 weeks ago
Fernando Serboncini	7c5c02b77a	cmd/k8s-operator: add support for taiscale.com/http-redirect (#17596 ) * cmd/k8s-operator: add support for taiscale.com/http-redirect The k8s-operator now supports a tailscale.com/http-redirect annotation on Ingress resources. When enabled, this automatically creates port 80 handlers that automatically redirect to the equivalent HTTPS location. Fixes #11252 Signed-off-by: Fernando Serboncini <fserb@tailscale.com> * Fix for permanent redirect Signed-off-by: Fernando Serboncini <fserb@tailscale.com> * lint Signed-off-by: Fernando Serboncini <fserb@tailscale.com> * warn for redirect+endpoint Signed-off-by: Fernando Serboncini <fserb@tailscale.com> * tests Signed-off-by: Fernando Serboncini <fserb@tailscale.com> --------- Signed-off-by: Fernando Serboncini <fserb@tailscale.com>	3 weeks ago

1 2 3 4 5 ...

10005 Commits (b451878c9a45d60ff73ebc2b18fbb8d35015ffba) All Branches Search

10005 Commits (b451878c9a45d60ff73ebc2b18fbb8d35015ffba)

All Branches