mirror of
https://github.com/tailscale/tailscale.git
synced 2025-10-24 09:39:39 +00:00
68 lines
2.3 KiB
YAML
68 lines
2.3 KiB
YAML
# Copyright (c) Tailscale Inc & AUTHORS
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
# Operator oauth credentials. If set a Kubernetes Secret with the provided
|
|
# values will be created in the operator namespace. If unset a Secret named
|
|
# operator-oauth must be precreated.
|
|
oauth: {}
|
|
# clientId: ""
|
|
# clientSecret: ""
|
|
|
|
# enableConnector determines whether the operator should reconcile
|
|
# connector.tailscale.com custom resources. If set to true you have to install
|
|
# connector CRD in a separate step.
|
|
# You can do so by running 'kubectl apply -f ./cmd/k8s-operator/deploy/crds'.
|
|
enableConnector: "false"
|
|
|
|
operatorConfig:
|
|
image:
|
|
repo: tailscale/k8s-operator
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: Always
|
|
logging: "info" # info, debug, dev
|
|
hostname: "tailscale-operator"
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
|
|
resources: {}
|
|
|
|
podAnnotations: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
podSecurityContext: {}
|
|
|
|
securityContext: {}
|
|
|
|
# proxyConfig contains configuraton that will be applied to any ingress/egress
|
|
# proxies created by the operator.
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-ingress
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-egress
|
|
proxyConfig:
|
|
image:
|
|
repo: tailscale/tailscale
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
# ACL tag that operator will tag proxies with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags can be passed as a comma-separated string i.e 'tag:k8s-proxies,tag:prod'.
|
|
# Note that if you pass multiple tags to this field via `--set` flag to helm upgrade/install commands you must escape the comma (for example, "tag:k8s-proxies\,tag:prod"). See https://github.com/helm/helm/issues/1556
|
|
defaultTags: "tag:k8s"
|
|
firewallMode: auto
|
|
|
|
# apiServerProxyConfig allows to configure whether the operator should expose
|
|
# Kubernetes API server.
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/#accessing-the-kubernetes-control-plane-using-an-api-server-proxy
|
|
apiServerProxyConfig:
|
|
mode: "false" # "true", "false", "noauth"
|
|
|
|
imagePullSecrets: []
|