Open irbekrm opened 2 weeks ago
Given the below proxy class
apiVersion: tailscale.com/v1alpha1
kind: ProxyClass
metadata:
name: prod
spec:
statefulSet:
annotations:
platform-component: infra
pod:
tailscaleContainer:
env:
- name: FOO
value: BAZ
labels:
team: eng
nodeSelector:
beta.kubernetes.io/os: "linux"
imagePullSecrets:
- name: "foo"
tailscaleContainer:
image: "ghcr.io/tailscale/tailscale:v1.64.0"
imagePullPolicy: IfNotPresent
tailscaleInitContainer:
image: "ghcr.io/tailscale/tailscale:v1.64.0"
imagePullPolicy: IfNotPresent
In my testing, this worked for an ingress defined as follows:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kuardfoobar
labels:
tailscale.com/proxy-class: "prod"
spec:
tls:
- hosts:
- "dnstest"
rules:
- http:
paths:
- backend:
service:
name: kuardfoobar
port:
number: 80
pathType: Prefix
path: /
ingressClassName: tailscale
But, it did not work for a service defined as follows:
apiVersion: v1
kind: Service
metadata:
name: kuardfoobar
labels:
tailscale.com/proxy-class: "prod"
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app: kuardfoobar
➜ oss git:(irbekrm/docim) ✗ kubectl get pod -n tailscale ts-kuardfoobar-k2pz9-0 -o yaml | grep image
image: ghcr.io/tailscale/tailscale:v1.64.0
imagePullPolicy: IfNotPresent
imagePullSecrets:
image: ghcr.io/tailscale/tailscale:v1.64.0
imageID: ghcr.io/tailscale/tailscale@sha256:0e7dd9e2772c32958e9d92c06ab9ec696c74075a8d558b93eca5bc25dcc9dd19
➜ oss git:(irbekrm/docim) ✗ kubectl get pod -n tailscale ts-theservice-7vmgw-0 -o yaml | grep image
image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
imagePullPolicy: Always
image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
imagePullPolicy: IfNotPresent
image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
imageID: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev@sha256:b9c479af8e0e1ec8edadcc75ea004afed12fd3354d9c7ca62e463c997bc94845
image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
imageID: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev@sha256:b9c479af8e0e1ec8edadcc75ea004afed12fd3354d9c7ca62e463c997bc94845
See tailscale/tailscale#11675 for context - this PR attempts to make it easier to configure what images are used for the operator proxies and make it possible to configure image pull policies.
Adds a couple new fields to
ProxyClass
CRD to make it possilble to configure images/image pull policies for tailscale container and tailscale init container:To try this out:
kubectl apply -f ./cmd/k8s-operator/deploy/crds
helm upgrade --install operator tailscale-dev/tailscale-operator -n tailscale --set operatorConfig.image.repo=<image> --set installCRDs=false --set operatorConfig.image.tag=<tag>...
ProxyClass
with images/image pull policies configured, i.ekubectl apply -f ./cmd/k8s-operator/examples/proxyclass.yaml
ProxyClass
to any operator's managed proxy https://tailscale.com/kb/1236/kubernetes-operator#cluster-resource-customization-using-proxyclass-custom-resourceImage
/ImagePullPolicy
fields of the proxyPod
have the expected values