Merge e0963cb11765f03244fcce47a3abb6edabd3f148 into 156cd53e7734407dc42e30af2f12cf6956cd9e24

2025-03-27 19:43:01 +00:00 · 2025-03-24 11:18:11 -07:00 · 2025-03-24 11:18:11 -07:00 · 13c2be3abd
commit 13c2be3abd
parent 156cd53e77 e0963cb117
2 changed files with 23 additions and 2 deletions
--- a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
@ -1,6 +1,5 @@
 # Copyright (c) Tailscale Inc & AUTHORS
 # SPDX-License-Identifier: BSD-3-Clause
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -25,6 +24,10 @@ spec:
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
+      {{- if .Values.operatorConfig.hostNetwork.enabled }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      {{- end }}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -48,6 +51,11 @@ spec:
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
+          {{- if .Values.operatorConfig.port.enabled }}
+          ports:
+            - containerPort: {{ .Values.operatorConfig.port.containerPort }}
+              protocol: UDP
+          {{- end }}
          {{- with .Values.operatorConfig.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
@ -72,6 +80,10 @@ spec:
              value: /oauth/client_id
            - name: CLIENT_SECRET_FILE
              value: /oauth/client_secret
+            {{- if .Values.operatorConfig.port.enabled }}
+            - name: TS_PORT
+              value: {{ .Values.operatorConfig.port.containerPort | quote }}
+            {{- end }}
            {{- $proxyTag := printf ":%s" ( .Values.proxyConfig.image.tag | default .Chart.AppVersion )}}
            - name: PROXY_IMAGE
              value: {{ coalesce .Values.proxyConfig.image.repo .Values.proxyConfig.image.repository }}{{- if .Values.proxyConfig.image.digest -}}{{ printf "@%s" .Values.proxyConfig.image.digest}}{{- else -}}{{ printf "%s" $proxyTag }}{{- end }}
@ -111,4 +123,4 @@ spec:
      {{- with .Values.operatorConfig.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
-      {{- end }}
+      {{- end }}
--- a/cmd/k8s-operator/deploy/chart/values.yaml
+++ b/cmd/k8s-operator/deploy/chart/values.yaml
@ -37,6 +37,15 @@ operatorConfig:
  defaultTags:
    - "tag:k8s-operator"

+  # Manual configuration of tsnet port. If unset, a random port is selected.
+  port:
+    enabled: false
+    containerPort: 8080
+
+  # Optional host network configuration. Likely only needed for public Kubernetes nodes
+  hostNetwork:
+    enabled: false
+
  image:
    # Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/k8s-operator.
    repository: tailscale/k8s-operator