TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-08 23:49:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/k8s-operator,k8s-operator: allow optionally using LE staging endpoint for Ingress (#15360)

Browse Source 
cmd/k8s-operator,k8s-operator: allow using LE staging endpoint for Ingress

Allow to optionally use LetsEncrypt staging endpoint to issue
certs for Ingress/HA Ingress, so that it is easier to
experiment with initial Ingress setup without hiting rate limits.

Updates tailscale/corp#24795


Signed-off-by: Irbe Krumina <irbe@tailscale.com>
This commit is contained in:
Irbe Krumina
2025-03-21 08:53:41 +00:00
committed by GitHub
parent f3f2f72f96
commit 196ae1cd74
8 changed files with 413 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
k8s-operator/api.md
View File

@@ -517,6 +517,7 @@ _Appears in:_
| `statefulSet` _[StatefulSet](#statefulset)_ | Configuration parameters for the proxy's StatefulSet. Tailscale<br />Kubernetes operator deploys a StatefulSet for each of the user<br />configured proxies (Tailscale Ingress, Tailscale Service, Connector). | | |
| `metrics` _[Metrics](#metrics)_ | Configuration for proxy metrics. Metrics are currently not supported<br />for egress proxies and for Ingress proxies that have been configured<br />with tailscale.com/experimental-forward-cluster-traffic-via-ingress<br />annotation. Note that the metrics are currently considered unstable<br />and will likely change in breaking ways in the future - we only<br />recommend that you use those for debugging purposes. | | |
| `tailscale` _[TailscaleConfig](#tailscaleconfig)_ | TailscaleConfig contains options to configure the tailscale-specific<br />parameters of proxies. | | |
| `useLetsEncryptStagingEnvironment` _boolean_ | Set UseLetsEncryptStagingEnvironment to true to issue TLS<br />certificates for any HTTPS endpoints exposed to the tailnet from<br />LetsEncrypt's staging environment.<br />https://letsencrypt.org/docs/staging-environment/<br />This setting only affects Tailscale Ingress resources.<br />By default Ingress TLS certificates are issued from LetsEncrypt's<br />production environment.<br />Changing this setting true -> false, will result in any<br />existing certs being re-issued from the production environment.<br />Changing this setting false (default) -> true, when certs have already<br />been provisioned from production environment will NOT result in certs<br />being re-issued from the staging environment before they need to be<br />renewed. | | |
#### ProxyClassStatus

15
k8s-operator/apis/v1alpha1/types_proxyclass.go
View File

@@ -66,6 +66,21 @@ type ProxyClassSpec struct {
// parameters of proxies.
// +optional
TailscaleConfig *TailscaleConfig `json:"tailscale,omitempty"`
// Set UseLetsEncryptStagingEnvironment to true to issue TLS
// certificates for any HTTPS endpoints exposed to the tailnet from
// LetsEncrypt's staging environment.
// https://letsencrypt.org/docs/staging-environment/
// This setting only affects Tailscale Ingress resources.
// By default Ingress TLS certificates are issued from LetsEncrypt's
// production environment.
// Changing this setting true -> false, will result in any
// existing certs being re-issued from the production environment.
// Changing this setting false (default) -> true, when certs have already
// been provisioned from production environment will NOT result in certs
// being re-issued from the staging environment before they need to be
// renewed.
// +optional
UseLetsEncryptStagingEnvironment bool `json:"useLetsEncryptStagingEnvironment,omitempty"`
}
type TailscaleConfig struct {