TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-09 08:01:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928)

Browse Source 
cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable

Allow to configure images and image pull policies for individual proxies
via ProxyClass.Spec.StatefulSet.Pod.{TailscaleContainer,TailscaleInitContainer}.Image,
and ProxyClass.Spec.StatefulSet.Pod.{TailscaleContainer,TailscaleInitContainer}.ImagePullPolicy
fields.
Document that we have images in ghcr.io on the relevant Helm chart fields.

Updates tailscale/tailscale#11675

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
This commit is contained in:
Irbe Krumina
2024-06-07 16:18:44 +01:00
committed by GitHub
parent 916c4db75b
commit 3a6d3f1a5b
13 changed files with 200 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
k8s-operator/api.md
View File

@@ -2446,6 +2446,22 @@ Configuration for the proxy container running tailscale.
List of environment variables to set in the container. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables Note that environment variables provided here will take precedence over Tailscale-specific environment variables set by the operator, however running proxies with custom values for Tailscale environment variables (i.e TS_USERSPACE) is not recommended and might break in the future.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>image</b></td>
<td>string</td>
<td>
Container image name. By default images are pulled from docker.io/tailscale/tailscale, but the official images are also available at ghcr.io/tailscale/tailscale. Specifying image name here will override any proxy image values specified via the Kubernetes operator's Helm chart values or PROXY_IMAGE env var in the operator Deployment. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>imagePullPolicy</b></td>
<td>enum</td>
<td>
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image<br/>
<br/>
<i>Enum</i>: Always, Never, IfNotPresent<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#proxyclassspecstatefulsetpodtailscalecontainerresources">resources</a></b></td>
<td>object</td>
@@ -2857,6 +2873,22 @@ Configuration for the proxy init container that enables forwarding.
List of environment variables to set in the container. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables Note that environment variables provided here will take precedence over Tailscale-specific environment variables set by the operator, however running proxies with custom values for Tailscale environment variables (i.e TS_USERSPACE) is not recommended and might break in the future.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>image</b></td>
<td>string</td>
<td>
Container image name. By default images are pulled from docker.io/tailscale/tailscale, but the official images are also available at ghcr.io/tailscale/tailscale. Specifying image name here will override any proxy image values specified via the Kubernetes operator's Helm chart values or PROXY_IMAGE env var in the operator Deployment. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>imagePullPolicy</b></td>
<td>enum</td>
<td>
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image<br/>
<br/>
<i>Enum</i>: Always, Never, IfNotPresent<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#proxyclassspecstatefulsetpodtailscaleinitcontainerresources">resources</a></b></td>
<td>object</td>

48
k8s-operator/apis/v1alpha1/types_proxyclass.go
View File

@@ -151,23 +151,6 @@ type Metrics struct {
}
type Container struct {
// Container security context.
// Security context specified here will override the security context by the operator.
// By default the operator:
// - sets 'privileged: true' for the init container
// - set NET_ADMIN capability for tailscale container for proxies that
// are created for Services or Connector.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
// +optional
SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
// Container resource requirements.
// By default Tailscale Kubernetes operator does not apply any resource
// requirements. The amount of resources required wil depend on the
// amount of resources the operator needs to parse, usage patterns and
// cluster size.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources
// +optional
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// List of environment variables to set in the container.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
// Note that environment variables provided here will take precedence
@@ -177,6 +160,37 @@ type Container struct {
// the future.
// +optional
Env []Env `json:"env,omitempty"`
// Container image name. By default images are pulled from
// docker.io/tailscale/tailscale, but the official images are also
// available at ghcr.io/tailscale/tailscale. Specifying image name here
// will override any proxy image values specified via the Kubernetes
// operator's Helm chart values or PROXY_IMAGE env var in the operator
// Deployment.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image
// +optional
Image string `json:"image,omitempty"`
// Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image
// +kubebuilder:validation:Enum=Always;Never;IfNotPresent
// +optional
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
// Container resource requirements.
// By default Tailscale Kubernetes operator does not apply any resource
// requirements. The amount of resources required wil depend on the
// amount of resources the operator needs to parse, usage patterns and
// cluster size.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources
// +optional
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// Container security context.
// Security context specified here will override the security context by the operator.
// By default the operator:
// - sets 'privileged: true' for the init container
// - set NET_ADMIN capability for tailscale container for proxies that
// are created for Services or Connector.
// https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
// +optional
SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
}
type Env struct {

12
k8s-operator/apis/v1alpha1/zz_generated.deepcopy.go
View File

@@ -140,17 +140,17 @@ func (in *ConnectorStatus) DeepCopy() *ConnectorStatus {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Container) DeepCopyInto(out *Container) {
*out = *in
if in.SecurityContext != nil {
in, out := &in.SecurityContext, &out.SecurityContext
*out = new(v1.SecurityContext)
(*in).DeepCopyInto(*out)
}
in.Resources.DeepCopyInto(&out.Resources)
if in.Env != nil {
in, out := &in.Env, &out.Env
*out = make([]Env, len(*in))
copy(*out, *in)
}
in.Resources.DeepCopyInto(&out.Resources)
if in.SecurityContext != nil {
in, out := &in.SecurityContext, &out.SecurityContext
*out = new(v1.SecurityContext)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Container.