TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-19 09:30:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/k8s-operator: ProxyClass annotation for Services and Ingresses (#16363)

Browse Source 
* cmd/k8s-operator: ProxyClass annotation for Services and Ingresses

Previously, the ProxyClass could only be configured for Services and
Ingresses via a Label. This adds the ability to set it via an
Annotation, but prioritizes the Label if both a Label and Annotation are
set.

Updates #14323

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* Update cmd/k8s-operator/operator.go

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>

* Update cmd/k8s-operator/operator.go

Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>

* cmd/k8s-operator: ProxyClass annotation for Services and Ingresses

Previously, the ProxyClass could only be configured for Services and
Ingresses via a Label. This adds the ability to set it via an
Annotation, but prioritizes the Label if both a Label and Annotation are
set.

Updates #14323

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

---------

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
This commit is contained in:
Tom Meadows
2025-06-30 12:08:35 +01:00
committed by GitHub
parent f85e4bcb32
commit 2fc247573b
6 changed files with 398 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/k8s-operator/sts.go
View File

@@ -50,7 +50,7 @@ const (
// LabelProxyClass can be set by users on tailscale Ingresses and Services that define cluster ingress or
// cluster egress, to specify that configuration in this ProxyClass should be applied to resources created for
// the Ingress or Service.
LabelProxyClass = "tailscale.com/proxy-class"
LabelAnnotationProxyClass = "tailscale.com/proxy-class"
FinalizerName = "tailscale.com/finalizer"
@@ -1127,6 +1127,22 @@ func nameForService(svc *corev1.Service) string {
return svc.Namespace + "-" + svc.Name
}
// proxyClassForObject returns the proxy class for the given object. If the
// object does not have a proxy class label, it returns the default proxy class
func proxyClassForObject(o client.Object, proxyDefaultClass string) string {
proxyClass, exists := o.GetLabels()[LabelAnnotationProxyClass]
if exists {
return proxyClass
}
proxyClass, exists = o.GetAnnotations()[LabelAnnotationProxyClass]
if exists {
return proxyClass
}
return proxyDefaultClass
}
func isValidFirewallMode(m string) bool {
return m == "auto" || m == "nftables" || m == "iptables"
}