You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/cmd/k8s-operator
Tom Proctor 01a7726cf7
cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (#12577)
cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies

Don't skip installing egress forwarding rules for IPv6 (as long as the host
supports IPv6), and set headless services `ipFamilyPolicy` to
`PreferDualStack` to optionally enable both IP families when possible. Note
that even with `PreferDualStack` set, testing a dual-stack GKE cluster with
the default DNS setup of kube-dns did not correctly set both A and
AAAA records for the headless service, and instead only did so when
switching the cluster DNS to Cloud DNS. For both IPv4 and IPv6 to work
simultaneously in a dual-stack cluster, we require headless services to
return both A and AAAA records.

If the host doesn't support IPv6 but the FQDN specified only has IPv6
addresses available, containerboot will exit with error code 1 and an
error message because there is no viable egress route.

Fixes #12215

Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
5 months ago
..
deploy cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
generate cmd/k8s-operator: cleanup runReconciler signature (#11993) 7 months ago
connector.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
connector_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
dnsrecords.go cmd/{k8s-operator,k8s-nameserver},k8s-operator: update nameserver config with records for ingress/egress proxies (#11019) 7 months ago
dnsrecords_test.go cmd/{k8s-operator,k8s-nameserver},k8s-operator: update nameserver config with records for ingress/egress proxies (#11019) 7 months ago
ingress.go cmd/k8s-operator,k8s-operator: allow proxies accept advertized routes. (#12388) 6 months ago
ingress_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
nameserver.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
nameserver_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
operator.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
operator_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
proxy.go tailcfg,cmd/k8s-operator,kube: move Kubernetes cap to a location that can be shared with control (#12236) 6 months ago
proxy_test.go tailcfg,cmd/k8s-operator,kube: move Kubernetes cap to a location that can be shared with control (#12236) 6 months ago
proxyclass.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928) 6 months ago
proxyclass_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
sts.go cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (#12577) 5 months ago
sts_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928) 6 months ago
svc.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 5 months ago
testutils_test.go cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (#12577) 5 months ago