From 2b665c370c50a85f65edf4b9cb15c41bc45a8008 Mon Sep 17 00:00:00 2001
From: David Bond <davidsbond@users.noreply.github.com>
Date: Thu, 10 Jul 2025 14:33:30 +0100
Subject: [PATCH] cmd/{k8s-operator,k8s-proxy}: allow setting login server url
 (#16504)

This commit modifies the k8s proxy application configuration to include a
new field named `ServerURL` which, when set, modifies
the tailscale coordination server used by the proxy. This works in the same
way as the operator and the proxies it deploys.

If unset, the default coordination server is used.

Updates https://github.com/tailscale/tailscale/issues/13358

Signed-off-by: David Bond <davidsbond93@gmail.com>
---
 cmd/k8s-operator/proxygroup.go | 5 +++++
 cmd/k8s-proxy/k8s-proxy.go     | 5 +++++
 kube/k8s-proxy/conf/conf.go    | 1 +
 3 files changed, 11 insertions(+)

diff --git a/cmd/k8s-operator/proxygroup.go b/cmd/k8s-operator/proxygroup.go
index 3dfb004f1..7b8a0754e 100644
--- a/cmd/k8s-operator/proxygroup.go
+++ b/cmd/k8s-operator/proxygroup.go
@@ -815,6 +815,11 @@ func (r *ProxyGroupReconciler) ensureConfigSecretsCreated(ctx context.Context, p
 					},
 				},
 			}
+
+			if r.loginServer != "" {
+				cfg.ServerURL = &r.loginServer
+			}
+
 			cfgB, err := json.Marshal(cfg)
 			if err != nil {
 				return nil, fmt.Errorf("error marshalling k8s-proxy config: %w", err)
diff --git a/cmd/k8s-proxy/k8s-proxy.go b/cmd/k8s-proxy/k8s-proxy.go
index 6e7eadb73..81a5a8483 100644
--- a/cmd/k8s-proxy/k8s-proxy.go
+++ b/cmd/k8s-proxy/k8s-proxy.go
@@ -91,6 +91,11 @@ func run(logger *zap.SugaredLogger) error {
 		Store:    st,
 		AuthKey:  authKey,
 	}
+
+	if cfg.Parsed.ServerURL != nil {
+		ts.ControlURL = *cfg.Parsed.ServerURL
+	}
+
 	if cfg.Parsed.Hostname != nil {
 		ts.Hostname = *cfg.Parsed.Hostname
 	}
diff --git a/kube/k8s-proxy/conf/conf.go b/kube/k8s-proxy/conf/conf.go
index 6b0e853c5..2901e7b44 100644
--- a/kube/k8s-proxy/conf/conf.go
+++ b/kube/k8s-proxy/conf/conf.go
@@ -53,6 +53,7 @@ type ConfigV1Alpha1 struct {
 	LogLevel      *string        `json:",omitempty"` // "debug", "info". Defaults to "info".
 	App           *string        `json:",omitempty"` // e.g. kubetypes.AppProxyGroupKubeAPIServer
 	KubeAPIServer *KubeAPIServer `json:",omitempty"` // Config specific to the API Server proxy.
+	ServerURL     *string        `json:",omitempty"` // URL of the Tailscale coordination server.
 }
 
 type KubeAPIServer struct {