mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 21:15:39 +00:00
e48cddfbb3
Implements the controller for the new ProxyGroup CRD, designed for running proxies in a high availability configuration. Each proxy gets its own config and state Secret, and its own tailscale node ID. We are currently mounting all of the config secrets into the container, but will stop mounting them and instead read them directly from the kube API once #13578 is implemented. Updates #13406 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
93 lines
3.5 KiB
YAML
93 lines
3.5 KiB
YAML
# Copyright (c) Tailscale Inc & AUTHORS
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
# Operator oauth credentials. If set a Kubernetes Secret with the provided
|
|
# values will be created in the operator namespace. If unset a Secret named
|
|
# operator-oauth must be precreated.
|
|
oauth: {}
|
|
# clientId: ""
|
|
# clientSecret: ""
|
|
|
|
# installCRDs determines whether tailscale.com CRDs should be installed as part
|
|
# of chart installation. We do not use Helm's CRD installation mechanism as that
|
|
# does not allow for upgrading CRDs.
|
|
# https://helm.sh/docs/chart_best_practices/custom_resource_definitions/
|
|
installCRDs: true
|
|
|
|
operatorConfig:
|
|
# ACL tag that operator will be tagged with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags are defined as array items and passed to the operator as a comma-separated string
|
|
defaultTags:
|
|
- "tag:k8s-operator"
|
|
|
|
image:
|
|
# Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/k8s-operator.
|
|
repository: tailscale/k8s-operator
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: Always
|
|
logging: "info" # info, debug, dev
|
|
hostname: "tailscale-operator"
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
|
|
resources: {}
|
|
|
|
podAnnotations: {}
|
|
podLabels: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
podSecurityContext: {}
|
|
|
|
securityContext: {}
|
|
|
|
extraEnv: []
|
|
# - name: EXTRA_VAR1
|
|
# value: "value1"
|
|
# - name: EXTRA_VAR2
|
|
# value: "value2"
|
|
|
|
|
|
# proxyConfig contains configuraton that will be applied to any ingress/egress
|
|
# proxies created by the operator.
|
|
# https://tailscale.com/kb/1439/kubernetes-operator-cluster-ingress
|
|
# https://tailscale.com/kb/1438/kubernetes-operator-cluster-egress
|
|
# Note that this section contains only a few global configuration options and
|
|
# will not be updated with more configuration options in the future.
|
|
# If you need more configuration options, take a look at ProxyClass:
|
|
# https://tailscale.com/kb/1445/kubernetes-operator-customization#cluster-resource-customization-using-proxyclass-custom-resource
|
|
proxyConfig:
|
|
image:
|
|
# Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/tailscale.
|
|
repository: tailscale/tailscale
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
# ACL tag that operator will tag proxies with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags can be passed as a comma-separated string i.e 'tag:k8s-proxies,tag:prod'.
|
|
# Note that if you pass multiple tags to this field via `--set` flag to helm upgrade/install commands you must escape the comma (for example, "tag:k8s-proxies\,tag:prod"). See https://github.com/helm/helm/issues/1556
|
|
defaultTags: "tag:k8s"
|
|
firewallMode: auto
|
|
# If defined, this proxy class will be used as the default proxy class for
|
|
# service and ingress resources that do not have a proxy class defined. It
|
|
# does not apply to Connector and ProxyGroup resources.
|
|
defaultProxyClass: ""
|
|
|
|
# apiServerProxyConfig allows to configure whether the operator should expose
|
|
# Kubernetes API server.
|
|
# https://tailscale.com/kb/1437/kubernetes-operator-api-server-proxy
|
|
apiServerProxyConfig:
|
|
mode: "false" # "true", "false", "noauth"
|
|
|
|
imagePullSecrets: []
|