mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
74d4652144
containerboot:
Adds 3 new environment variables for containerboot, `TS_LOCAL_ADDR_PORT` (default
`"${POD_IP}:9002"`), `TS_METRICS_ENABLED` (default `false`), and `TS_DEBUG_ADDR_PORT`
(default `""`), to configure metrics and debug endpoints. In a follow-up PR, the
health check endpoint will be updated to use the `TS_LOCAL_ADDR_PORT` if
`TS_HEALTHCHECK_ADDR_PORT` hasn't been set.
Users previously only had access to internal debug metrics (which are unstable
and not recommended) via passing the `--debug` flag to tailscaled, but can now
set `TS_METRICS_ENABLED=true` to expose the stable metrics documented at
https://tailscale.com/kb/1482/client-metrics at `/metrics` on the addr/port
specified by `TS_LOCAL_ADDR_PORT`.
Users can also now configure a debug endpoint more directly via the
`TS_DEBUG_ADDR_PORT` environment variable. This is not recommended for production
use, but exposes an internal set of debug metrics and pprof endpoints.
operator:
The `ProxyClass` CRD's `.spec.metrics.enable` field now enables serving the
stable user metrics documented at https://tailscale.com/kb/1482/client-metrics
at `/metrics` on the same "metrics" container port that debug metrics were
previously served on. To smooth the transition for anyone relying on the way the
operator previously consumed this field, we also _temporarily_ serve tailscaled's
internal debug metrics on the same `/debug/metrics` path as before, until 1.82.0
when debug metrics will be turned off by default even if `.spec.metrics.enable`
is set. At that point, anyone who wishes to continue using the internal debug
metrics (not recommended) will need to set the new `ProxyClass` field
`.spec.statefulSet.pod.tailscaleContainer.debug.enable`.
Users who wish to opt out of the transitional behaviour, where enabling
`.spec.metrics.enable` also enables debug metrics, can set
`.spec.statefulSet.pod.tailscaleContainer.debug.enable` to false (recommended).
Separately but related, the operator will no longer specify a host port for the
"metrics" container port definition. This caused scheduling conflicts when k8s
needs to schedule more than one proxy per node, and was not necessary for allowing
the pod's port to be exposed to prometheus scrapers.
Updates #11292
---------
Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com>
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
|
||
|---|---|---|
| .. | ||
| addlicense | ||
| build-webclient | ||
| cloner | ||
| connector-gen | ||
| containerboot | ||
| derper | ||
| derpprobe | ||
| dist | ||
| get-authkey | ||
| gitops-pusher | ||
| hello | ||
| k8s-nameserver | ||
| k8s-operator | ||
| mkmanifest | ||
| mkpkg | ||
| mkversion | ||
| nardump | ||
| natc | ||
| netlogfmt | ||
| nginx-auth | ||
| pgproxy | ||
| printdep | ||
| proxy-to-grafana | ||
| sniproxy | ||
| speedtest | ||
| ssh-auth-none-demo | ||
| stunc | ||
| stund | ||
| stunstamp | ||
| sync-containers | ||
| systray | ||
| tailscale | ||
| tailscaled | ||
| testcontrol | ||
| testwrapper | ||
| tl-longchain | ||
| tsconnect | ||
| tsidp | ||
| tsshd | ||
| tta | ||
| viewer | ||
| vnet | ||
| xdpderper | ||