mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-11 16:47:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
3f39211f98
tailscale/cmd/k8s-operator
History
Irbe Krumina 3f39211f98
cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 
This change builds on top of #14436 to ensure minimum downtime during egress ProxyGroup update rollouts:

- adds a readiness gate for ProxyGroup replicas that prevents kubelet from marking
the replica Pod as ready before a corresponding readiness condition has been added
to the Pod

- adds a reconciler that reconciles egress ProxyGroup Pods and, for each that is not ready,
if cluster traffic for relevant egress endpoints is routed via this Pod- if so add the
readiness condition to allow kubelet to mark the Pod as ready.

During the sequenced StatefulSet update rollouts kubelet does not restart
a Pod before the previous replica has been updated and marked as ready, so
ensuring that a replica is not marked as ready allows to avoid a temporary
post-update situation where all replicas have been restarted, but none of the
new ones are yet set up as an endpoint for the egress service, so cluster traffic is dropped.

Updates tailscale/tailscale#14326

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2025-01-30 08:47:45 +00:00
..
deploy cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
e2e cmd/k8s-operator,k8s-operator: operator integration tests (#12792) 2024-12-11 14:48:57 +00:00
generate cmd/k8s-operator,k8s-operator: add ProxyGroup CRD (#13591) 2024-09-27 01:05:56 +01:00
connector_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
connector.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
depaware.txt Revert "ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh" 2025-01-29 10:47:45 -06:00
dnsrecords_test.go cmd/k8s-operator: fix DNS reconciler for dual-stack clusters (#13057) 2024-08-13 18:42:01 +01:00
dnsrecords.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
egress-eps_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
egress-eps.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
egress-pod-readiness_test.go cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
egress-pod-readiness.go cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
egress-services_test.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
egress-services-readiness_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
egress-services-readiness.go cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
egress-services.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
ingress_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
ingress-for-pg_test.go tailcfg: add ServiceName 2025-01-22 15:27:46 -05:00
ingress-for-pg.go tailcfg: add ServiceName 2025-01-22 15:27:46 -05:00
ingress.go cmd/{k8s-operator,containerboot},kube/kubetypes: parse Ingresses for ingress ProxyGroup (#14583) 2025-01-21 05:21:03 +00:00
metrics_resources.go cmd/k8s-operator,k8s-operator: allow users to set custom labels for the optional ServiceMonitor (#14475) 2025-01-09 07:15:19 +00:00
nameserver_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
nameserver.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
operator_test.go cmd/k8s-operator: don't set deprecated configfile hash on new proxies (#14817) 2025-01-29 15:48:05 +00:00
operator.go cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
proxy_test.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
proxy.go all: fix golangci-lint errors 2025-01-07 13:05:37 -08:00
proxyclass_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
proxyclass.go cmd/k8s-operator,k8s-operator: allow users to set custom labels for the optional ServiceMonitor (#14475) 2025-01-09 07:15:19 +00:00
proxygroup_specs.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
proxygroup_test.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
proxygroup.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
sts_test.go cmd/k8s-operator,k8s-operator: allow users to set custom labels for the optional ServiceMonitor (#14475) 2025-01-09 07:15:19 +00:00
sts.go cmd/k8s-operator: don't set deprecated configfile hash on new proxies (#14817) 2025-01-29 15:48:05 +00:00
svc.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
testutils_test.go cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
tsclient.go cmd/{k8s-operator,containerboot},kube/kubetypes: parse Ingresses for ingress ProxyGroup (#14583) 2025-01-21 05:21:03 +00:00
tsrecorder_specs_test.go cmd/k8s-operator,k8s-operator,kube: Add TSRecorder CRD + controller (#13299) 2024-09-11 12:19:29 +01:00
tsrecorder_specs.go cmd/k8s-operator,kube/kubeclient,docs/k8s: update rbac to emit events + small fixes (#14164) 2024-11-20 14:22:34 +00:00
tsrecorder_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
tsrecorder.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00