cmd/{k8s-operator,k8s-proxy},kube: use consistent type for auth mode config (#16626)

Updates k8s-proxy's config so its auth mode config matches that we set in kube-apiserver ProxyGroups for consistency. Updates #13358 Change-Id: I95e29cec6ded2dc7c6d2d03f968a25c822bc0e01 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-08-22 02:50:42 +00:00 · 2025-07-22 14:46:38 +01:00
parent 6f7e78b10f
commit 22a8e0ac50
10 changed files with 99 additions and 48 deletions
--- a/kube/k8s-proxy/conf/conf.go
+++ b/kube/k8s-proxy/conf/conf.go
@@ -14,6 +14,7 @@ import (
 	"net/netip"

 	"github.com/tailscale/hujson"
+	"tailscale.com/kube/kubetypes"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/opt"
 )
@@ -66,10 +67,10 @@ type ConfigV1Alpha1 struct {
 }

 type APIServerProxyConfig struct {
-	Enabled     opt.Bool             `json:",omitempty"` // Whether to enable the API Server proxy.
-	AuthMode    opt.Bool             `json:",omitempty"` // Run in auth or noauth mode.
-	ServiceName *tailcfg.ServiceName `json:",omitempty"` // Name of the Tailscale Service to advertise.
-	IssueCerts  opt.Bool             `json:",omitempty"` // Whether this replica should issue TLS certs for the Tailscale Service.
+	Enabled     opt.Bool                      `json:",omitempty"` // Whether to enable the API Server proxy.
+	Mode        *kubetypes.APIServerProxyMode `json:",omitempty"` // "auth" or "noauth" mode.
+	ServiceName *tailcfg.ServiceName          `json:",omitempty"` // Name of the Tailscale Service to advertise.
+	IssueCerts  opt.Bool                      `json:",omitempty"` // Whether this replica should issue TLS certs for the Tailscale Service.
 }

 // Load reads and parses the config file at the provided path on disk.