Rebase on upstream#16
Closed
thirdeyenick wants to merge 25 commits into
Closed
Conversation
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
…tailscale#16110) fixes tailscale#16082 RouteAll should be true by default on iOS and Android. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com> (cherry picked from commit 842df37)
…le#16059) fixes tailscale/corp#25612 We now keep track of any dns configurations which we could not compile. This gives RecompileDNSConfig a configuration to attempt to recompile and apply when the OS pokes us to indicate that the interface dns servers have changed/updated. The manager config will remain unset until we have the required information to compile it correctly which should eliminate the problematic SERVFAIL responses (especially on macOS 15). This also removes the missingUpstreamRecovery func in the forwarder which is no longer required now that we have proper error handling and recovery manager and the client. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com> (cherry picked from commit 5e54819)
…tailscale#16129) (tailscale#16140) In 1.84 we made 'tailscale set'/'tailscale up' error out if duplicate command line flags are passed. This broke some container configurations as we have two env vars that can be used to set --accept-dns flag: - TS_ACCEPT_DNS- specifically for --accept-dns - TS_EXTRA_ARGS- accepts any arbitrary 'tailscale up'/'tailscale set' flag. We default TS_ACCEPT_DNS to false (to make the container behaviour more declarative), which with the new restrictive CLI behaviour resulted in failure for users who had set --accept-dns via TS_EXTRA_ARGS as the flag would be provided twice. This PR re-instates the previous behaviour by checking if TS_EXTRA_ARGS contains --accept-dns flag and if so using its value to override TS_ACCEPT_DNS. Updates tailscale#16108 (cherry picked from commit 5b670eb) Signed-off-by: Irbe Krumina <irbe@tailscale.com>
… for Ingress with ProxyGroup (tailscale#16199) (tailscale#16226) Updates tailscale/corp#24795 (cherry picked from commit 4456f77) Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: Nick O'Neill <nick@tailscale.com>
make the token and control urls configurable
This allows for a custom domain in the k8s-nameserver application. It can be set via an argument to the binary and will default to ts.net if not set.
This allows to deploy a dnsConfig resource via the helm chart.
This allows to customize the nameserver deployment via the DNSConfig CRD. It allows to set the command, environment variables and pod labels.
This allows to customize the FQDN validation of tailscale services.
When comparing the node names to the received network peer map in "containerboot", it might be that network peers have no final dot appended to their FQDN. In that case, the operator should also not add a final dot to the FQDN. With the help of the OPERATOR_NO_FQDN_DOT_APPEND env variable this can be achieved and there will be no dot added to the content of the TS_TAILNET_TARGET_FQDN env variable which is read by "containerboot".
This adds an argument for the k8s-nameserver to watch and read the dnsrecods configMap directly. As the default way of mount propagating the dnsrecords might take some time to sync when the configMap updates, reading and watching the configMap directly should reduce this time.
This fixes the referenced role in the nameserver service account role binding
Author
|
closing this in favor of #18 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This updates our fork to version v1.84.2 of tailscale.