cm/k8s-operator,cmd/containerboot: fix STS config, more tests (#9155)

Ensures that Statefulset reconciler config has only one of Cluster target IP or tailnet target IP. Adds a test case for containerboot egress proxy mode. Updates tailscale/tailscale#8184 Signed-off-by: irbekrm <irbekrm@gmail.com>
2025-08-20 01:47:33 +00:00 · 2023-08-30 14:22:06 +01:00
parent 29a35d4a5d
commit 17438a98c0
2 changed files with 31 additions and 3 deletions
--- a/cmd/k8s-operator/svc.go
+++ b/cmd/k8s-operator/svc.go
@@ -125,11 +125,15 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
 	sts := &tailscaleSTSConfig{
 		ParentResourceName:  svc.Name,
 		ParentResourceUID:   string(svc.UID),
-		ClusterTargetIP:     svc.Spec.ClusterIP,
 		Hostname:            hostname,
 		Tags:                tags,
 		ChildResourceLabels: crl,
-		TailnetTargetIP:     svc.Annotations[AnnotationTailnetTargetIP],
+	}
+
+	if a.shouldExpose(svc) {
+		sts.ClusterTargetIP = svc.Spec.ClusterIP
+	} else if a.hasTailnetTargetAnnotation(svc) {
+		sts.TailnetTargetIP = svc.Annotations[AnnotationTailnetTargetIP]
 	}

 	var hsvc *corev1.Service