mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-08 07:07:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
e17abbf461
tailscale/cmd/k8s-operator
History
Tom Proctor dd95a83a65
cmd/{containerboot,k8s-operator},kube/kubetypes: unadvertise ingress services on shutdown (#15451) 
Ensure no services are advertised as part of shutting down tailscaled.
Prefs are only edited if services are currently advertised, and they're
edited we wait for control's ~15s (+ buffer) delay to failover.

Note that editing prefs will trigger a synchronous write to the state
Secret, so it may fail to persist state if the ProxyGroup is getting
scaled down and therefore has its RBAC deleted at the same time, but that
failure doesn't stop prefs being updated within the local backend,
doesn't  affect connectivity to control, and the state Secret is
about to get deleted anyway, so the only negative side effect is a harmless
error log during shutdown. Control still learns that the node is no
longer advertising the service and triggers the failover.

Note that the first version of this used a PreStop lifecycle hook, but
that only supports GET methods and we need the shutdown to trigger side
effects (updating prefs) so it didn't seem appropriate to expose that
functionality on a GET endpoint that's accessible on the k8s network.

Updates tailscale/corp#24795

Change-Id: I0a9a4fe7a5395ca76135ceead05cbc3ee32b3d3c
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-04-09 10:11:15 +01:00
..
deploy cmd/k8s-operator,k8s-operator: enable HA Ingress again. (#15453) 2025-03-28 17:34:33 +00:00
e2e cmd,tsnet,internal/client: create internal shim to deprecated control plane API 2025-02-18 10:23:04 -06:00
generate cmd/k8s-operator,k8s-operator: add ProxyGroup CRD (#13591) 2024-09-27 01:05:56 +01:00
connector_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
connector.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
depaware.txt net/{netx,memnet},all: add netx.DialFunc, move memnet Network impl 2025-04-08 10:07:47 -07:00
dnsrecords_test.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
dnsrecords.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
egress-eps_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
egress-eps.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
egress-pod-readiness_test.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
egress-pod-readiness.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
egress-services_test.go cmd/{k8s-operator,containerboot},kube: ensure egress ProxyGroup proxies don't terminate while cluster traffic is still routed to them (#14436) 2025-01-29 07:35:50 +00:00
egress-services-readiness_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
egress-services-readiness.go cmd/k8s-operator: check that cluster traffic is routed to egress ProxyGroup Pod before marking it as ready (#14792) 2025-01-30 08:47:45 +00:00
egress-services.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
ingress_test.go cmd/k8s-operator,k8s-operator: allow optionally using LE staging endpoint for Ingress (#15360) 2025-03-21 08:53:41 +00:00
ingress-for-pg_test.go cmd/{k8s-operator,containerboot}: check TLS cert before advertising VIPService (#15427) 2025-03-26 01:32:13 +00:00
ingress-for-pg.go cmd/k8s-operator,k8s-operator: enable HA Ingress again. (#15453) 2025-03-28 17:34:33 +00:00
ingress.go cmd/k8s-operator: ensure HA Ingress can operate in multicluster mode. (#15157) 2025-03-06 23:13:10 +00:00
metrics_resources.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
nameserver_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
nameserver.go cmd/k8s-operator: don't error for transient failures (#14073) 2024-12-05 12:11:22 +00:00
operator_test.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
operator.go cmd/k8s-operator,k8s-operator: enable HA Ingress again. (#15453) 2025-03-28 17:34:33 +00:00
proxy_test.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
proxy.go all: use new LocalAPI client package location 2025-02-05 14:41:42 -08:00
proxyclass_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
proxyclass.go cmd/k8s-operator,k8s-operator: allow users to set custom labels for the optional ServiceMonitor (#14475) 2025-01-09 07:15:19 +00:00
proxygroup_specs.go cmd/{containerboot,k8s-operator},kube/kubetypes: unadvertise ingress services on shutdown (#15451) 2025-04-09 10:11:15 +01:00
proxygroup_test.go cmd/k8s-operator,k8s-operator: allow optionally using LE staging endpoint for Ingress (#15360) 2025-03-21 08:53:41 +00:00
proxygroup.go cmd/k8s-operator,k8s-operator: allow optionally using LE staging endpoint for Ingress (#15360) 2025-03-21 08:53:41 +00:00
sts_test.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
sts.go cmd/k8s-operator,k8s-operator: allow optionally using LE staging endpoint for Ingress (#15360) 2025-03-21 08:53:41 +00:00
svc.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
testutils_test.go cmd/k8s-operator: configure proxies for HA Ingress to run in cert share mode (#15308) 2025-03-19 12:49:31 +00:00
tsclient.go client/tailscale,cmd/k8s-operator,internal/client/tailscale: move VIP service client methods into internal control client 2025-02-18 16:25:17 -06:00
tsrecorder_specs_test.go cmd/k8s-operator,k8s-operator,kube: Add TSRecorder CRD + controller (#13299) 2024-09-11 12:19:29 +01:00
tsrecorder_specs.go cmd/k8s-operator,kube/kubeclient,docs/k8s: update rbac to emit events + small fixes (#14164) 2024-11-20 14:22:34 +00:00
tsrecorder_test.go go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601) 2025-01-17 05:37:53 +00:00
tsrecorder.go cmd/k8s-operator: wait for VIPService before updating HA Ingress status (#15343) 2025-03-19 08:53:15 +00:00