TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-05-04 22:52:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/k8s-operator: use our own container image instead of busybox

Browse Source 
We already have sysctl in the `tailscale/tailscale` image, just use that.

Updates #cleanup

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali 2023-10-16 17:25:00 -07:00 committed by Maisem Ali
parent 1fc3573446
commit f53c3be07c
4 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/k8s-operator/manifests/proxy.yaml
View File

@ -12,7 +12,6 @@ spec:
serviceAccountName: proxies serviceAccountName: proxies
initContainers: initContainers:
- name: sysctler - name: sysctler
image: busybox
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/sh"] command: ["/bin/sh"]

4
cmd/k8s-operator/operator_test.go
View File

@ -899,7 +899,7 @@ func expectedSTS(stsName, secretName, hostname, priorityClassName string) *appsv
InitContainers: []corev1.Container{ InitContainers: []corev1.Container{
{ {
Name: "sysctler", Name: "sysctler",
Image: "busybox", Image: "tailscale/tailscale",
Command: []string{"/bin/sh"}, Command: []string{"/bin/sh"},
Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"},
SecurityContext: &corev1.SecurityContext{ SecurityContext: &corev1.SecurityContext{
@ -968,7 +968,7 @@ func expectedEgressSTS(stsName, secretName, tailnetTargetIP, hostname, priorityC
InitContainers: []corev1.Container{ InitContainers: []corev1.Container{
{ {
Name: "sysctler", Name: "sysctler",
Image: "busybox", Image: "tailscale/tailscale",
Command: []string{"/bin/sh"}, Command: []string{"/bin/sh"},
Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"},
SecurityContext: &corev1.SecurityContext{ SecurityContext: &corev1.SecurityContext{

7
cmd/k8s-operator/sts.go
View File

@ -307,6 +307,13 @@ func (a *tailscaleSTSReconciler) reconcileSTS(ctx context.Context, logger *zap.S
if err := yaml.Unmarshal(proxyYaml, &ss); err != nil { if err := yaml.Unmarshal(proxyYaml, &ss); err != nil {
return nil, fmt.Errorf("failed to unmarshal proxy spec: %w", err) return nil, fmt.Errorf("failed to unmarshal proxy spec: %w", err)
} }
for i := range ss.Spec.Template.Spec.InitContainers {
c := &ss.Spec.Template.Spec.InitContainers[i]
if c.Name == "sysctler" {
c.Image = a.proxyImage
break
}
}
} }
container := &ss.Spec.Template.Spec.Containers[0] container := &ss.Spec.Template.Spec.Containers[0]
container.Image = a.proxyImage container.Image = a.proxyImage

2
docs/k8s/proxy.yaml
View File

@ -11,7 +11,7 @@ spec:
# the container. The `net.ipv4.ip_forward` sysctl is not allowlisted # the container. The `net.ipv4.ip_forward` sysctl is not allowlisted
# in Kubelet by default. # in Kubelet by default.
- name: sysctler - name: sysctler
image: busybox image: "ghcr.io/tailscale/tailscale:latest"
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/sh"] command: ["/bin/sh"]