mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-11 10:44:41 +00:00
dee95d0894
This is for an upcoming blogpost on how to manage Tailscale ACLs using a GitOps flow. This tool is intended to be used in CI and will allow users to have a git repository be the ultimate source of truth for their ACL file. This enables ACL changes to be proposed, approved and discussed before they are applied. Signed-off-by: Xe <xe@tailscale.com>
49 lines
1.3 KiB
Markdown
49 lines
1.3 KiB
Markdown
# gitops-pusher
|
|
|
|
This is a small tool to help people achieve a
|
|
[GitOps](https://about.gitlab.com/topics/gitops/) workflow with Tailscale ACL
|
|
changes. This tool is intended to be used in a CI flow that looks like this:
|
|
|
|
```yaml
|
|
name: Tailscale ACL syncing
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
|
|
jobs:
|
|
acls:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Setup Go environment
|
|
uses: actions/setup-go@v3.2.0
|
|
|
|
- name: Install gitops-pusher
|
|
run: go install tailscale.com/cmd/gitops-pusher@latest
|
|
|
|
- name: Deploy ACL
|
|
if: github.event_name == 'push'
|
|
env:
|
|
TS_API_KEY: ${{ secrets.TS_API_KEY }}
|
|
TS_TAILNET: ${{ secrets.TS_TAILNET }}
|
|
run: |
|
|
~/go/bin/gitops-pusher --policy-file ./policy.hujson apply
|
|
|
|
- name: ACL tests
|
|
if: github.event_name == 'pull_request'
|
|
env:
|
|
TS_API_KEY: ${{ secrets.TS_API_KEY }}
|
|
TS_TAILNET: ${{ secrets.TS_TAILNET }}
|
|
run: |
|
|
~/go/bin/gitops-pusher --policy-file ./policy.hujson test
|
|
```
|
|
|
|
Change the value of the `--policy-file` flag to point to the policy file on
|
|
disk. Policy files should be in [HuJSON](https://github.com/tailscale/hujson)
|
|
format.
|