You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/cmd
Irbe Krumina 3af0f526b8
cmd{containerboot,k8s-operator},util/linuxfw: support ExternalName Services (#11802)
* cmd/containerboot,util/linuxfw: support proxy backends specified by DNS name

Adds support for optionally configuring containerboot to proxy
traffic to backends configured by passing TS_EXPERIMENTAL_DEST_DNS_NAME env var
to containerboot.
Containerboot will periodically (every 10 minutes) attempt to resolve
the DNS name and ensure that all traffic sent to the node's
tailnet IP gets forwarded to the resolved backend IP addresses.

Currently:
- if the firewall mode is iptables, traffic will be load balanced
accross the backend IP addresses using round robin. There are
no health checks for whether the IPs are reachable.
- if the firewall mode is nftables traffic will only be forwarded
to the first IP address in the list. This is to be improved.

* cmd/k8s-operator: support ExternalName Services

 Adds support for exposing endpoints, accessible from within
a cluster to the tailnet via DNS names using ExternalName Services.
This can be done by annotating the ExternalName Service with
tailscale.com/expose: "true" annotation.
The operator will deploy a proxy configured to route tailnet
traffic to the backend IPs that service.spec.externalName
resolves to. The backend IPs must be reachable from the operator's
namespace.

Updates tailscale/tailscale#10606

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
7 months ago
..
addlicense all: update tools that manage copyright headers 2 years ago
build-webclient client/web: precompress assets 12 months ago
cloner all: use Go 1.22 range-over-int 7 months ago
connector-gen cmd/connector-gen: add helper tool for wide app connector configurations 12 months ago
containerboot cmd{containerboot,k8s-operator},util/linuxfw: support ExternalName Services (#11802) 7 months ago
derper hostinfo: use Distro field for distinguishing Windows Server builds 7 months ago
derpprobe cmd/{derper,derpprobe}: add --version flag 8 months ago
dist release/dist/qnap: add qnap target builder 7 months ago
get-authkey util/cmpx: delete now that we're using Go 1.22 10 months ago
gitops-pusher cmd/gitops-pusher: only use OAuth creds if non-empty string 10 months ago
hello cmd/hello: link to the Hello KB article (#11022) 10 months ago
k8s-operator cmd{containerboot,k8s-operator},util/linuxfw: support ExternalName Services (#11802) 7 months ago
mkmanifest cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS 2 years ago
mkpkg go.mod: upgrade nfpm to v2 (#8786) 1 year ago
mkversion version/mkversion: open-source version generation logic 2 years ago
nardump all: update copyright and license headers 2 years ago
netlogfmt all: use Go 1.22 range-over-int 7 months ago
nginx-auth tailcfg,all: add and use Node.IsTagged() 2 years ago
pgproxy various: add golangci-lint, fix issues (#7905) 2 years ago
printdep cmd/printdep: print correct toolchain URL 2 years ago
proxy-to-grafana all: use Go 1.22 range-over-int 7 months ago
sniproxy all: use Go 1.22 range-over-int 7 months ago
speedtest all: update copyright and license headers 2 years ago
ssh-auth-none-demo all: replace deprecated ioutil references 1 year ago
stunc all: update copyright and license headers 2 years ago
stund build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#11410) 7 months ago
sync-containers all: adjust some build tags for plan9 1 year ago
tailscale hostinfo: use Distro field for distinguishing Windows Server builds 7 months ago
tailscaled ipn/local: log OS-specific diagnostic information as JSON (#11700) 7 months ago
testcontrol all: use Go 1.22 range-over-int 7 months ago
testwrapper cmd/testwrapper: apply results of all unit tests to coverage for all packages 9 months ago
tsconnect ipn/ipnlocal: make StartLoginInteractive take (yet unused) context 7 months ago
tsidp cmd/tsidp: add start of OIDC Tailscale IdP 1 year ago
tsshd all: update copyright and license headers 2 years ago
viewer all: use Go 1.22 range-over-int 7 months ago