TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-04 20:09:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,826 Commits 1,102 Branches 204 Tags
d2eaf272f067755fb3312fabe355b326f8ce8140
Commit Graph

3 Commits

Author SHA1 Message Date
Irbe Krumina
34734ba635 ipn/store/kubestore,kube,envknob,cmd/tailscaled/depaware.txt: allow kubestore read/write custom TLS secrets (#15307) 
This PR adds some custom logic for reading and writing
kube store values that are TLS certs and keys:
1) when store is initialized, lookup additional
TLS Secrets for this node and if found, load TLS certs
from there
2) if the node runs in certs 'read only' mode and
TLS cert and key are not found in the in-memory store,
look those up in a Secret
3) if the node runs in certs 'read only' mode, run
a daily TLS certs reload to memory to get any
renewed certs

Updates tailscale/corp#24795

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
 2025-03-18 15:09:22 +00:00
Irbe Krumina
a567f56445 ipn/store/kubestore: sanitize keys loaded to in-memory store (#15178) 
Reads use the sanitized form, so unsanitized keys being stored
in memory resulted lookup failures, for example for serve config.

Updates tailscale/tailscale#15134

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
 2025-03-03 16:04:18 +00:00
Irbe Krumina
b85d18d14e ipn/{ipnlocal,store},kube/kubeclient: store TLS cert and key pair to a Secret in a single operation. (#15147) 
To avoid duplicate issuances/slowness while the state Secret
contains a mismatched cert and key.

Updates tailscale/tailscale#15134
Updates tailscale/corp#24795

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
 2025-02-27 22:41:05 +00:00