You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Tom Proctor 64776a0277 cmd/{containerboot,k8s-operator},k8s-operator,kube: add ProxyGroup controller
Implements the controller for the new ProxyGroup CRD, designed for
running proxies in a high availability configuration. Each proxy gets
its own config and state Secret, and its own tailscale node ID.

We are currently mounting all of the config secrets into the container,
but will stop mounting them and instead read them directly from the kube
API once #13578 is implemented.

Updates #13406

Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
4 weeks ago
.bencher
.github .github: Bump github/codeql-action from 3.26.8 to 3.26.9 (#13625) 1 month ago
appc
atomicfile
chirp
client client/web: use tsaddr helpers 1 month ago
clientupdate
cmd cmd/{containerboot,k8s-operator},k8s-operator,kube: add ProxyGroup controller 4 weeks ago
control control/controlclient: include HTTP status string in error message too 4 weeks ago
derp derp: document the RunWatchConnectionLoop callback gotchas 1 month ago
disco
docs docs/windows/policy: add ADMX policy setting to configure the AuthKey 1 month ago
doctor
drive drive/driveimpl: use su instead of sudo 2 months ago
envknob kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: rename packages (#13418) 2 months ago
gokrazy gokrazy, various: use point versions of Go and update Nix deps 2 months ago
health control/controlhttp: fix connectivity on Alaska Air wifi 1 month ago
hostinfo
internal
ipn ipn/ipnlocal: don't run portlist code unless service collection is on 4 weeks ago
jsondb
k8s-operator cmd/{containerboot,k8s-operator},k8s-operator,kube: add ProxyGroup controller 4 weeks ago
kube cmd/{containerboot,k8s-operator},k8s-operator,kube: add ProxyGroup controller 4 weeks ago
licenses licenses: update license notices 2 months ago
log
logpolicy logpolicy: force TLS 1.3 handshake 4 weeks ago
logtail
metrics metrics: revert changes to MultiLabelMap's String method 1 month ago
net net/dns: tweak DoH timeout, limit MaxConnsPerHost, require TLS 1.3 (#13564) 1 month ago
omit
packages/deb
paths
portlist
posture control/controlclient,posture,util/syspolicy: use predefined syspolicy keys instead of string literals 2 months ago
prober
proxymap ipnlocal,proxymap,wgengine/netstack: add optional WhoIs/proxymap debug 2 months ago
release {release,version}: add DSM7.2 specific synology builds (#13405) 1 month ago
safesocket
safeweb safeweb: add StrictTransportSecurityOptions config (#13679) 4 weeks ago
scripts
sessionrecording sessionrecording,ssh/tailssh,k8s-operator: log connected recorder address (#13382) 2 months ago
smallzstd
ssh/tailssh ssh/tailssh: pass window size pixels in IoctlSetWinsize events 4 weeks ago
syncs
tailcfg tailcfg: add func to check for known valid ServiceProtos (#13668) 4 weeks ago
taildrop
tempfork
tka tka: truncate long rotation signature chains 2 months ago
tool tool/gocross: make gocross-wrapper.sh keep multiple Go toolchains around 1 month ago
tsconst
tsd util/usermetrics: make usermetrics non-global 1 month ago
tsnet ipn/ipnlocal: add advertised and primary route metrics 1 month ago
tstest wf/firewall: allow link-local multicast for permitted local routes when the killswitch is on on Windows 4 weeks ago
tstime
tsweb usermetric: add initial user-facing metrics 2 months ago
types cli: add `tailscale dns query` (#13368) 1 month ago
util cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (#13658) 4 weeks ago
version {release,version}: add DSM7.2 specific synology builds (#13405) 1 month ago
wf wf/firewall: allow link-local multicast for permitted local routes when the killswitch is on on Windows 4 weeks ago
wgengine cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (#13658) 4 weeks ago
words
.gitattributes
.gitignore
.golangci.yml
ALPINE.txt
AUTHORS
CODEOWNERS
CODE_OF_CONDUCT.md
Dockerfile all: switch to and require Go 1.23 2 months ago
Dockerfile.base
LICENSE
Makefile
PATENTS
README.md all: switch to and require Go 1.23 2 months ago
SECURITY.md
VERSION.txt VERSION.txt: this is v1.75.0 (#13454) 2 months ago
api.md {api.md,publicapi}: remove old API docs (#13468) 2 months ago
build_dist.sh
build_docker.sh
flake.lock nix: update nix and use go 1.23 2 months ago
flake.nix gokrazy, various: use point versions of Go and update Nix deps 2 months ago
go.mod cmd/{k8s-operator,containerboot},k8s-operator,kube: reconcile ExternalName Services for ProxyGroup (#13635) 4 weeks ago
go.mod.sri go.mod.sri: update SRI hash for go.mod changes 2 months ago
go.sum go.mod: upgrade golangci-lint 1 month ago
go.toolchain.branch all: switch to and require Go 1.23 2 months ago
go.toolchain.rev go.toolchain.rev: bump oss, test toolchain matches go.toolchain.rev 1 month ago
gomod_test.go
header.txt
pkgdoc_test.go
pull-toolchain.sh
shell.nix go.mod.sri: update SRI hash for go.mod changes 2 months ago
staticcheck.conf
update-flake.sh
version-embed.go
version_tailscale_test.go go.toolchain.rev: bump oss, test toolchain matches go.toolchain.rev 1 month ago
version_test.go

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.23. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See git log for our commit message style. It's basically the same as Go's style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.