ipn/store: add support for stores to hook into a custom dialer

For stores like k8s secrets we need to dial out to the k8s API as though Tailscale wasn't running. The issue currently only manifests when you try to use an exit node while running inside a k8s cluster and are trying to use Kubernetes secrets as the backing store. This doesn't address cmd/containerboot, which I'll do in a follow up. Updates #7695 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2023-03-29 13:51:53 -07:00
parent 2b00d6922f
commit e0d291ab8a
4 changed files with 23 additions and 0 deletions
--- a/kube/client.go
+++ b/kube/client.go
@@ -15,6 +15,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"net"
 	"net/http"
 	"net/url"
 	"os"
@@ -90,6 +91,12 @@ func (c *Client) SetURL(url string) {
 	c.url = url
 }

+// SetDialer sets the dialer to use when establishing a connection
+// to the Kubernetes API server.
+func (c *Client) SetDialer(dialer func(ctx context.Context, network, addr string) (net.Conn, error)) {
+	c.client.Transport.(*http.Transport).DialContext = dialer
+}
+
 func (c *Client) expireToken() {
 	c.mu.Lock()
 	defer c.mu.Unlock()