search

tailscale / tailscale

The easiest, most secure way to use WireGuard and 2FA.
https://tailscale.com
BSD 3-Clause "New" or "Revised" License
16.84k stars 1.28k forks source link

Kubernetes Operator throws TLS error #11880

Closed fritterhoff closed 3 weeks ago

fritterhoff commented 3 weeks ago

What is the issue?

We're using the tailscale operator to access the api-plane of our k8s cluster. The function was working several weeks pretty fine until the let's encrypt cert expired. Now, renewing the cert fails obviously and some strange errors are thrown by the operator:


2024/04/26 04:50:48 http: TLS handshake error from 100.85.16.20:60035: 500 Internal Server Error: your Tailscale account does not support getting TLS certs
2024/04/26 04:50:49 http: TLS handshake error from 100.85.16.20:60030: 500 Internal Server Error: your Tailscale account does not support getting TLS certs

Steps to reproduce

No response

Are there any recent changes that introduced the issue?

No response

OS

Linux

OS version

Kubernetes

Tailscale version

tailscale/k8s-operator:v1.64.2

Other software

No response

Bug report

No response

Rumbles commented 3 weeks ago

Turn it on in the DNS tab:

https://tailscale.com/kb/1153/enabling-https

fritterhoff commented 3 weeks ago

It is enabled: image

Rumbles commented 3 weeks ago

read the docs I linked to

fritterhoff commented 3 weeks ago

Ah the relevant issue was the missing MagicDNS setting...