mirror of https://github.com/tailscale/tailscale/
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
8.6 KiB
Go
202 lines
8.6 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
//go:build !plan9
|
|
|
|
package v1alpha1
|
|
|
|
import (
|
|
corev1 "k8s.io/api/core/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
var ProxyClassKind = "ProxyClass"
|
|
|
|
// +kubebuilder:object:root=true
|
|
// +kubebuilder:subresource:status
|
|
// +kubebuilder:resource:scope=Cluster
|
|
// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.conditions[?(@.type == "ProxyClassReady")].reason`,description="Status of the ProxyClass."
|
|
|
|
// ProxyClass describes a set of configuration parameters that can be applied to
|
|
// proxy resources created by the Tailscale Kubernetes operator.
|
|
// To apply a given ProxyClass to resources created for a tailscale Ingress or
|
|
// Service, use tailscale.com/proxy-class=<proxyclass-name> label. To apply a
|
|
// given ProxyClass to resources created for a Connector, use
|
|
// connector.spec.proxyClass field.
|
|
// ProxyClass is a cluster scoped resource.
|
|
// More info:
|
|
// https://tailscale.com/kb/1236/kubernetes-operator#cluster-resource-customization-using-proxyclass-custom-resource.
|
|
type ProxyClass struct {
|
|
metav1.TypeMeta `json:",inline"`
|
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
|
|
// Specification of the desired state of the ProxyClass resource.
|
|
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
|
Spec ProxyClassSpec `json:"spec"`
|
|
|
|
// +optional
|
|
// Status of the ProxyClass. This is set and managed automatically.
|
|
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
|
Status ProxyClassStatus `json:"status"`
|
|
}
|
|
|
|
// +kubebuilder:object:root=true
|
|
type ProxyClassList struct {
|
|
metav1.TypeMeta `json:",inline"`
|
|
metav1.ListMeta `json:"metadata"`
|
|
|
|
Items []ProxyClass `json:"items"`
|
|
}
|
|
|
|
type ProxyClassSpec struct {
|
|
// Configuration parameters for the proxy's StatefulSet. Tailscale
|
|
// Kubernetes operator deploys a StatefulSet for each of the user
|
|
// configured proxies (Tailscale Ingress, Tailscale Service, Connector).
|
|
// +optional
|
|
StatefulSet *StatefulSet `json:"statefulSet"`
|
|
// Configuration for proxy metrics. Metrics are currently not supported
|
|
// for egress proxies and for Ingress proxies that have been configured
|
|
// with tailscale.com/experimental-forward-cluster-traffic-via-ingress
|
|
// annotation.
|
|
// +optional
|
|
Metrics *Metrics `json:"metrics,omitempty"`
|
|
}
|
|
|
|
type StatefulSet struct {
|
|
// Labels that will be added to the StatefulSet created for the proxy.
|
|
// Any labels specified here will be merged with the default labels
|
|
// applied to the StatefulSet by the Tailscale Kubernetes operator as
|
|
// well as any other labels that might have been applied by other
|
|
// actors.
|
|
// Label keys and values must be valid Kubernetes label keys and values.
|
|
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
|
|
// +optional
|
|
Labels map[string]string `json:"labels,omitempty"`
|
|
// Annotations that will be added to the StatefulSet created for the proxy.
|
|
// Any Annotations specified here will be merged with the default annotations
|
|
// applied to the StatefulSet by the Tailscale Kubernetes operator as
|
|
// well as any other annotations that might have been applied by other
|
|
// actors.
|
|
// Annotations must be valid Kubernetes annotations.
|
|
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
|
|
// +optional
|
|
Annotations map[string]string `json:"annotations,omitempty"`
|
|
// Configuration for the proxy Pod.
|
|
// +optional
|
|
Pod *Pod `json:"pod,omitempty"`
|
|
}
|
|
|
|
type Pod struct {
|
|
// Labels that will be added to the proxy Pod.
|
|
// Any labels specified here will be merged with the default labels
|
|
// applied to the Pod by the Tailscale Kubernetes operator.
|
|
// Label keys and values must be valid Kubernetes label keys and values.
|
|
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
|
|
// +optional
|
|
Labels map[string]string `json:"labels,omitempty"`
|
|
// Annotations that will be added to the proxy Pod.
|
|
// Any annotations specified here will be merged with the default
|
|
// annotations applied to the Pod by the Tailscale Kubernetes operator.
|
|
// Annotations must be valid Kubernetes annotations.
|
|
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
|
|
// +optional
|
|
Annotations map[string]string `json:"annotations,omitempty"`
|
|
// Configuration for the proxy container running tailscale.
|
|
// +optional
|
|
TailscaleContainer *Container `json:"tailscaleContainer,omitempty"`
|
|
// Configuration for the proxy init container that enables forwarding.
|
|
// +optional
|
|
TailscaleInitContainer *Container `json:"tailscaleInitContainer,omitempty"`
|
|
// Proxy Pod's security context.
|
|
// By default Tailscale Kubernetes operator does not apply any Pod
|
|
// security context.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-2
|
|
// +optional
|
|
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
|
|
// Proxy Pod's image pull Secrets.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
|
|
// +optional
|
|
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
|
|
// Proxy Pod's node name.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
|
|
// +optional
|
|
NodeName string `json:"nodeName,omitempty"`
|
|
// Proxy Pod's node selector.
|
|
// By default Tailscale Kubernetes operator does not apply any node
|
|
// selector.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
|
|
// +optional
|
|
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
|
|
// Proxy Pod's tolerations.
|
|
// By default Tailscale Kubernetes operator does not apply any
|
|
// tolerations.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
|
|
// +optional
|
|
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
|
|
// +optional
|
|
}
|
|
|
|
type Metrics struct {
|
|
// Setting enable to true will make the proxy serve Tailscale metrics
|
|
// at <pod-ip>:9001/debug/metrics.
|
|
// Defaults to false.
|
|
Enable bool `json:"enable"`
|
|
}
|
|
|
|
type Container struct {
|
|
// Container security context.
|
|
// Security context specified here will override the security context by the operator.
|
|
// By default the operator:
|
|
// - sets 'privileged: true' for the init container
|
|
// - set NET_ADMIN capability for tailscale container for proxies that
|
|
// are created for Services or Connector.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
|
|
// +optional
|
|
SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
|
|
// Container resource requirements.
|
|
// By default Tailscale Kubernetes operator does not apply any resource
|
|
// requirements. The amount of resources required wil depend on the
|
|
// amount of resources the operator needs to parse, usage patterns and
|
|
// cluster size.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources
|
|
// +optional
|
|
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
|
|
// List of environment variables to set in the container.
|
|
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
|
|
// Note that environment variables provided here will take precedence
|
|
// over Tailscale-specific environment variables set by the operator,
|
|
// however running proxies with custom values for Tailscale environment
|
|
// variables (i.e TS_USERSPACE) is not recommended and might break in
|
|
// the future.
|
|
// +optional
|
|
Env []Env `json:"env,omitempty"`
|
|
}
|
|
|
|
type Env struct {
|
|
// Name of the environment variable. Must be a C_IDENTIFIER.
|
|
Name Name `json:"name"`
|
|
// Variable references $(VAR_NAME) are expanded using the previously defined
|
|
// environment variables in the container and any service environment
|
|
// variables. If a variable cannot be resolved, the reference in the input
|
|
// string will be unchanged. Double $$ are reduced to a single $, which
|
|
// allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
|
|
// produce the string literal "$(VAR_NAME)". Escaped references will never
|
|
// be expanded, regardless of whether the variable exists or not. Defaults
|
|
// to "".
|
|
// +optional
|
|
Value string `json:"value,omitempty"`
|
|
}
|
|
|
|
// +kubebuilder:validation:Type=string
|
|
// +kubebuilder:validation:Pattern=`^[-._a-zA-Z][-._a-zA-Z0-9]*$`
|
|
type Name string
|
|
|
|
type ProxyClassStatus struct {
|
|
// List of status conditions to indicate the status of the ProxyClass.
|
|
// Known condition types are `ProxyClassReady`.
|
|
// +listType=map
|
|
// +listMapKey=type
|
|
// +optional
|
|
Conditions []ConnectorCondition `json:"conditions,omitempty"`
|
|
}
|