cmd/k8s-operator: Allow custom ingress class names (#16472)

This commit modifies the k8s operator to allow for customisation of the ingress class name via a new `OPERATOR_INGRESS_CLASS_NAME` environment variable. For backwards compatibility, this defaults to `tailscale`. When using helm, a new `ingress.name` value is provided that will set this environment variable and modify the name of the deployed `IngressClass` resource. Fixes https://github.com/tailscale/tailscale/issues/16248 Signed-off-by: David Bond <davidsbond93@gmail.com>
2025-08-22 02:50:42 +00:00 · 2025-07-07 12:12:59 +01:00
parent 4f3355e499
commit 84eac7b8de
10 changed files with 83 additions and 52 deletions
--- a/cmd/k8s-operator/ingress-for-pg.go
+++ b/cmd/k8s-operator/ingress-for-pg.go
@@ -68,14 +68,15 @@ var gaugePGIngressResources = clientmetric.NewGauge(kubetypes.MetricIngressPGRes
 type HAIngressReconciler struct {
 	client.Client

-	recorder    record.EventRecorder
-	logger      *zap.SugaredLogger
-	tsClient    tsClient
-	tsnetServer tsnetServer
-	tsNamespace string
-	lc          localClient
-	defaultTags []string
-	operatorID  string // stableID of the operator's Tailscale device
+	recorder         record.EventRecorder
+	logger           *zap.SugaredLogger
+	tsClient         tsClient
+	tsnetServer      tsnetServer
+	tsNamespace      string
+	lc               localClient
+	defaultTags      []string
+	operatorID       string // stableID of the operator's Tailscale device
+	ingressClassName string

 	mu sync.Mutex // protects following
 	// managedIngresses is a set of all ingress resources that we're currently
@@ -162,7 +163,7 @@ func (r *HAIngressReconciler) maybeProvision(ctx context.Context, hostname strin
 		return false, fmt.Errorf("error getting Tailscale Service %q: %w", hostname, err)
 	}

-	if err := validateIngressClass(ctx, r.Client); err != nil {
+	if err := validateIngressClass(ctx, r.Client, r.ingressClassName); err != nil {
 		logger.Infof("error validating tailscale IngressClass: %v.", err)
 		return false, nil
 	}
@@ -645,7 +646,7 @@ func (r *HAIngressReconciler) tailnetCertDomain(ctx context.Context) (string, er
 func (r *HAIngressReconciler) shouldExpose(ing *networkingv1.Ingress) bool {
 	isTSIngress := ing != nil &&
 		ing.Spec.IngressClassName != nil &&
-		*ing.Spec.IngressClassName == tailscaleIngressClassName
+		*ing.Spec.IngressClassName == r.ingressClassName
 	pgAnnot := ing.Annotations[AnnotationProxyGroup]
 	return isTSIngress && pgAnnot != ""
 }