4 Commits

Author SHA1 Message Date
Tom Proctor
bee8cb1041 cmd/{k8s-operator,k8s-proxy}: support new ProxyGroup type kube-apiserver
Adds a new enum value to ProxyGroup's .spec.Type field, kube-apiserver. Deploys
the new k8s-proxy container image and configures it via a new config file
specific to k8s-proxy. The config file is modelled after conffile but makes
some minor changes to versioning to make sure we can maintain backwards
compatible config within a single file so that it's easy to implement reading
that config file directly from a Kubernetes Secret in future.

Required significant updates to the operator's permissions so that it is
allowed to assign the powerful impersonation cluster role that k8s-proxy
requires to operate in authenticating mode.

The proxies deployed for the new ProxyGroup type currently work using their
own DNS name, but do not advertise a shared Tailscale Service, so are not
yet HA. Tailscale Service creation is planned to be added in a separate
reconciler loop.

Updates #13358

Change-Id: If75514bc068e2288ad7ac12db15f13dbade5793b
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-06-04 15:28:43 +01:00
Tom Meadows
b5770c81c9
cmd/k8s-operator: rename VIPService -> Tailscale Service in L3 HA Service Reconciler (#16014)
Also changes wording tests for L7 HA Reconciler

Updates #15895

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
2025-05-19 16:33:34 +01:00
Tom Meadows
7fe27496c8
cmd/k8s-operator: warn if HA Service is applied, but VIPService feature flag is not enabled (#16013)
Updates #15895

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
2025-05-19 14:34:44 +01:00
Tom Meadows
df8d51023e
cmd/k8s-operator,kube/kubetypes,k8s-operator/apis: reconcile L3 HA Services (#15961)
This reconciler allows users to make applications highly available at L3 by
leveraging Tailscale Virtual Services. Many Kubernetes Service's
(irrespective of the cluster they reside in) can be mapped to a
Tailscale Virtual Service, allowing access to these Services at L3.

Updates #15895

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
2025-05-19 12:58:32 +01:00