mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-05 16:05:36 +00:00
fa0b70739d
* Document that default ProxyClass does not currently apply to CRDs * Remove stateful filtering Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
93 lines
3.5 KiB
YAML
93 lines
3.5 KiB
YAML
# Copyright (c) Tailscale Inc & AUTHORS
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
# Operator oauth credentials. If set a Kubernetes Secret with the provided
|
|
# values will be created in the operator namespace. If unset a Secret named
|
|
# operator-oauth must be precreated.
|
|
oauth: {}
|
|
# clientId: ""
|
|
# clientSecret: ""
|
|
|
|
# installCRDs determines whether tailscale.com CRDs should be installed as part
|
|
# of chart installation. We do not use Helm's CRD installation mechanism as that
|
|
# does not allow for upgrading CRDs.
|
|
# https://helm.sh/docs/chart_best_practices/custom_resource_definitions/
|
|
installCRDs: true
|
|
|
|
operatorConfig:
|
|
# ACL tag that operator will be tagged with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags are defined as array items and passed to the operator as a comma-separated string
|
|
defaultTags:
|
|
- "tag:k8s-operator"
|
|
|
|
image:
|
|
# Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/k8s-operator.
|
|
repository: tailscale/k8s-operator
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: Always
|
|
logging: "info" # info, debug, dev
|
|
hostname: "tailscale-operator"
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
|
|
resources: {}
|
|
|
|
podAnnotations: {}
|
|
podLabels: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
podSecurityContext: {}
|
|
|
|
securityContext: {}
|
|
|
|
extraEnv: []
|
|
# - name: EXTRA_VAR1
|
|
# value: "value1"
|
|
# - name: EXTRA_VAR2
|
|
# value: "value2"
|
|
|
|
|
|
# proxyConfig contains configuraton that will be applied to any ingress/egress
|
|
# proxies created by the operator.
|
|
# https://tailscale.com/kb/1439/kubernetes-operator-cluster-ingress
|
|
# https://tailscale.com/kb/1438/kubernetes-operator-cluster-egress
|
|
# Note that this section contains only a few global configuration options and
|
|
# will not be updated with more configuration options in the future.
|
|
# If you need more configuration options, take a look at ProxyClass:
|
|
# https://tailscale.com/kb/1445/kubernetes-operator-customization#cluster-resource-customization-using-proxyclass-custom-resource
|
|
proxyConfig:
|
|
image:
|
|
# Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/tailscale.
|
|
repository: tailscale/tailscale
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
# ACL tag that operator will tag proxies with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags can be passed as a comma-separated string i.e 'tag:k8s-proxies,tag:prod'.
|
|
# Note that if you pass multiple tags to this field via `--set` flag to helm upgrade/install commands you must escape the comma (for example, "tag:k8s-proxies\,tag:prod"). See https://github.com/helm/helm/issues/1556
|
|
defaultTags: "tag:k8s"
|
|
firewallMode: auto
|
|
# If defined, this proxy class will be used as the default proxy class for
|
|
# service and ingress resources that do not have a proxy class defined. It
|
|
# does not apply to Connector and ProxyGroup resources.
|
|
defaultProxyClass: ""
|
|
|
|
# apiServerProxyConfig allows to configure whether the operator should expose
|
|
# Kubernetes API server.
|
|
# https://tailscale.com/kb/1437/kubernetes-operator-api-server-proxy
|
|
apiServerProxyConfig:
|
|
mode: "false" # "true", "false", "noauth"
|
|
|
|
imagePullSecrets: []
|