mirror of
https://github.com/tailscale/tailscale.git
synced 2025-07-29 15:23:45 +00:00
bee8cb1041
Adds a new enum value to ProxyGroup's .spec.Type field, kube-apiserver. Deploys the new k8s-proxy container image and configures it via a new config file specific to k8s-proxy. The config file is modelled after conffile but makes some minor changes to versioning to make sure we can maintain backwards compatible config within a single file so that it's easy to implement reading that config file directly from a Kubernetes Secret in future. Required significant updates to the operator's permissions so that it is allowed to assign the powerful impersonation cluster role that k8s-proxy requires to operate in authenticating mode. The proxies deployed for the new ProxyGroup type currently work using their own DNS name, but do not advertise a shared Tailscale Service, so are not yet HA. Tailscale Service creation is planned to be added in a separate reconciler loop. Updates #13358 Change-Id: If75514bc068e2288ad7ac12db15f13dbade5793b Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>