tailscale/cmd/k8s-operator/deploy/chart/values.yaml

# Copyright (c) Tailscale Inc & AUTHORS
# SPDX-License-Identifier: BSD-3-Clause

# Operator oauth credentials. If set a Kubernetes Secret with the provided
# values will be created in the operator namespace. If unset a Secret named
# operator-oauth must be precreated.
oauth: {}
  # clientId: ""
  # clientSecret: ""

# enableConnector determines whether the operator should reconcile
# connector.tailscale.com custom resources. If set to true you have to install
# connector CRD in a separate step.
# You can do so by running 'kubectl apply -f ./cmd/k8s-operator/deploy/crds'.
enableConnector: "false"

operatorConfig:
  image:
    repo: tailscale/k8s-operator
    # Digest will be prioritized over tag. If neither are set appVersion will be
    # used.
    tag: ""
    digest: ""
    pullPolicy: Always
  logging: "info" # info, debug, dev
  hostname: "tailscale-operator"
  nodeSelector:
    kubernetes.io/os: linux

  resources: {}

  podAnnotations: {}

  tolerations: []

  affinity: {}

  podSecurityContext: {}

  securityContext: {}

# proxyConfig contains configuraton that will be applied to any ingress/egress
# proxies created by the operator.
# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-ingress
# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-egress
proxyConfig:
  image:
    repo: tailscale/tailscale
    # Digest will be prioritized over tag. If neither are set appVersion will be
    # used.
    tag: ""
    digest: ""
  # ACL tag that operator will tag proxies with. Operator must be made owner of
  # these tags
  # https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
  # Multiple tags can be passed as a comma-separated string i.e 'tag:k8s-proxies,tag:prod'.
  # Note that if you pass multiple tags to this field via `--set` flag to helm upgrade/install commands you must escape the comma (for example, "tag:k8s-proxies\,tag:prod"). See https://github.com/helm/helm/issues/1556
  defaultTags: "tag:k8s"
  firewallMode: auto

# apiServerProxyConfig allows to configure whether the operator should expose
# Kubernetes API server.
# https://tailscale.com/kb/1236/kubernetes-operator/#accessing-the-kubernetes-control-plane-using-an-api-server-proxy
apiServerProxyConfig:
  mode: "false" # "true", "false", "noauth"

imagePullSecrets: []
cmd/k8s-operator: allow to install operator via helm (#9920) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com> 2023-10-30 18:18:09 +00:00			`# Copyright (c) Tailscale Inc & AUTHORS`
			`# SPDX-License-Identifier: BSD-3-Clause`

			`# Operator oauth credentials. If set a Kubernetes Secret with the provided`
			`# values will be created in the operator namespace. If unset a Secret named`
			`# operator-oauth must be precreated.`
cmd/k8s-operator: helm chart add missing keys (#10296) * cmd/k8s-operator: add missing keys to Helm values file Updates #10182 Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt> 2023-11-22 11:02:54 +00:00			`oauth: {}`
			`# clientId: ""`
			`# clientSecret: ""`
cmd/k8s-operator: allow to install operator via helm (#9920) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com> 2023-10-30 18:18:09 +00:00
cmd/k8s-operator: operator can create subnetrouter (#9505) * k8s-operator,cmd/k8s-operator,Makefile,scripts,.github/workflows: add Connector kube CRD. Connector CRD allows users to configure the Tailscale Kubernetes operator to deploy a subnet router to expose cluster CIDRs or other CIDRs available from within the cluster to their tailnet. Also adds various CRD related machinery to generate CRD YAML, deep copy implementations etc. Engineers will now have to run 'make kube-generate-all` after changing kube files to ensure that all generated files are up to date. * cmd/k8s-operator,k8s-operator: reconcile Connector resources Reconcile Connector resources, create/delete subnetrouter resources in response to changes to Connector(s). Connector reconciler will not be started unless ENABLE_CONNECTOR env var is set to true. This means that users who don't want to use the alpha Connector custom resource don't have to install the Connector CRD to their cluster. For users who do want to use it the flow is: - install the CRD - install the operator (via Helm chart or using static manifests). For Helm users set .values.enableConnector to true, for static manifest users, set ENABLE_CONNECTOR to true in the static manifest. Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com> 2023-12-14 13:51:59 +00:00			`# enableConnector determines whether the operator should reconcile`
			`# connector.tailscale.com custom resources. If set to true you have to install`
			`# connector CRD in a separate step.`
			`# You can do so by running 'kubectl apply -f ./cmd/k8s-operator/deploy/crds'.`
			`enableConnector: "false"`

cmd/k8s-operator: allow to install operator via helm (#9920) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com> 2023-10-30 18:18:09 +00:00			`operatorConfig:`
			`image:`
			`repo: tailscale/k8s-operator`
			`# Digest will be prioritized over tag. If neither are set appVersion will be`
			`# used.`
			`tag: ""`
			`digest: ""`
cmd/k8s-operator: helm chart add missing keys (#10296) * cmd/k8s-operator: add missing keys to Helm values file Updates #10182 Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt> 2023-11-22 11:02:54 +00:00			`pullPolicy: Always`
cmd/k8s-operator/deploy/chart: document passing multiple proxy tags + log level values (#10624) Updates #cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com> 2023-12-18 10:28:06 +00:00			`logging: "info" # info, debug, dev`
cmd/k8s-operator: allow to install operator via helm (#9920) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com> 2023-10-30 18:18:09 +00:00			`hostname: "tailscale-operator"`
			`nodeSelector:`
			`kubernetes.io/os: linux`

cmd/k8s-operator: helm chart add missing keys (#10296) * cmd/k8s-operator: add missing keys to Helm values file Updates #10182 Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt> 2023-11-22 11:02:54 +00:00			`resources: {}`

			`podAnnotations: {}`

			`tolerations: []`

			`affinity: {}`

			`podSecurityContext: {}`

			`securityContext: {}`
cmd/k8s-operator: allow to install operator via helm (#9920) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com> 2023-10-30 18:18:09 +00:00
			`# proxyConfig contains configuraton that will be applied to any ingress/egress`
			`# proxies created by the operator.`
			`# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-ingress`
			`# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-egress`
			`proxyConfig:`
			`image:`
			`repo: tailscale/tailscale`
			`# Digest will be prioritized over tag. If neither are set appVersion will be`
			`# used.`
			`tag: ""`
			`digest: ""`
			`# ACL tag that operator will tag proxies with. Operator must be made owner of`
			`# these tags`
			`# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator`
cmd/k8s-operator/deploy/chart: document passing multiple proxy tags + log level values (#10624) Updates #cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com> 2023-12-18 10:28:06 +00:00			`# Multiple tags can be passed as a comma-separated string i.e 'tag:k8s-proxies,tag:prod'.`
			# Note that if you pass multiple tags to this field via `--set` flag to helm upgrade/install commands you must escape the comma (for example, "tag:k8s-proxies\,tag:prod"). See https://github.com/helm/helm/issues/1556
			`defaultTags: "tag:k8s"`
cmd/k8s-operator: allow to install operator via helm (#9920) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com> 2023-10-30 18:18:09 +00:00			`firewallMode: auto`

			`# apiServerProxyConfig allows to configure whether the operator should expose`
			`# Kubernetes API server.`
			`# https://tailscale.com/kb/1236/kubernetes-operator/#accessing-the-kubernetes-control-plane-using-an-api-server-proxy`
			`apiServerProxyConfig:`
			`mode: "false" # "true", "false", "noauth"`
cmd/k8s-operator: helm chart add missing keys (#10296) * cmd/k8s-operator: add missing keys to Helm values file Updates #10182 Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt> 2023-11-22 11:02:54 +00:00
			`imagePullSecrets: []`