cmd/{k8s-operator,k8s-proxy},kube: use consistent type for auth mode config (#16626)

Updates k8s-proxy's config so its auth mode config matches that we set in kube-apiserver ProxyGroups for consistency. Updates #13358 Change-Id: I95e29cec6ded2dc7c6d2d03f968a25c822bc0e01 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-08-22 02:50:42 +00:00 · 2025-07-22 14:46:38 +01:00
parent 6f7e78b10f
commit 22a8e0ac50
10 changed files with 99 additions and 48 deletions
--- a/cmd/k8s-proxy/k8s-proxy.go
+++ b/cmd/k8s-proxy/k8s-proxy.go
@@ -34,6 +34,7 @@ import (
 	apiproxy "tailscale.com/k8s-operator/api-proxy"
 	"tailscale.com/kube/certs"
 	"tailscale.com/kube/k8s-proxy/conf"
+	"tailscale.com/kube/kubetypes"
 	klc "tailscale.com/kube/localclient"
 	"tailscale.com/kube/services"
 	"tailscale.com/kube/state"
@@ -238,11 +239,11 @@ func run(logger *zap.SugaredLogger) error {
 	}

 	// Setup for the API server proxy.
-	authMode := true
-	if cfg.Parsed.APIServerProxy != nil && cfg.Parsed.APIServerProxy.AuthMode.EqualBool(false) {
-		authMode = false
+	mode := kubetypes.APIServerProxyModeAuth
+	if cfg.Parsed.APIServerProxy != nil && cfg.Parsed.APIServerProxy.Mode != nil {
+		mode = *cfg.Parsed.APIServerProxy.Mode
 	}
-	ap, err := apiproxy.NewAPIServerProxy(logger.Named("apiserver-proxy"), restConfig, ts, authMode, false)
+	ap, err := apiproxy.NewAPIServerProxy(logger.Named("apiserver-proxy"), restConfig, ts, mode, false)
 	if err != nil {
 		return fmt.Errorf("error creating api server proxy: %w", err)
 	}