TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-29 07:09:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bcd79b161acbf90dfcfe71cbde847a320a41b7fe
tailscale/cmd/k8s-operator/e2e/acl.hujson

33 lines
757 B
Plaintext
Raw Normal View History

cmd/k8s-operator: simplify scope of e2e tests (#17076) Removes ACL edits from e2e tests in favour of trying to simplify the tests and separate the actual test logic from the environment setup logic as much as possible. Also aims to fit in with the requirements that will generally be filled anyway for most devs working on the operator; in particular using tags that fit in with our documentation. Updates tailscale/corp#32085 Change-Id: I7659246e39ec0b7bcc4ec0a00c6310f25fe6fac2 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-09-10 13:02:59 +01:00
// To run the e2e tests against a tailnet, ensure its access controls are a
// superset of the following:
{
"tagOwners": {
"tag:k8s-operator": [],
"tag:k8s": ["tag:k8s-operator"],
"tag:k8s-recorder": ["tag:k8s-operator"],
},
"autoApprovers": {
// Could be relaxed if we coordinated with the cluster config, but this
// wide subnet maximises compatibility for most clusters.
"routes": {
"10.0.0.0/8": ["tag:k8s"],
},
"services": {
"tag:k8s": ["tag:k8s"],
},
},
"grants": [
{
"src": ["tag:k8s"],
"dst": ["tag:k8s", "tag:k8s-operator"],
"ip": ["tcp:80", "tcp:443"],
"app": {
"tailscale.com/cap/kubernetes": [{
"impersonate": {
"groups": ["ts:e2e-test-proxy"],
},
}],
},
},
],
}
Reference in New Issue Copy Permalink