cmd/k8s-operator: add exit node example (#18087)

* cmd/k8s-operator/deploy/examples Adds exitnode.yaml to k8s-operator Fixes #18086 Signed-off-by: Christopher Mosetick <office@cpm.is> * cmd/k8s-operator/deploy/examples: update connector and add exitnode examples - Remove exitNode: true from connector.yaml to keep it focused as a subnet router example - Update connector.yaml header comment to remove exit node reference and add pointer hint to exitnode.yaml - Clarify exitnode.yaml comments to accurately describe separate Connector deployment pattern Fixes #18086 Signed-off-by: Christopher Mosetick <office@cpm.is> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> --------- Signed-off-by: Christopher Mosetick <office@cpm.is> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> Co-authored-by: David Bond <davidsbond@users.noreply.github.com>
2 months ago · fd2ebcd5bd
parent 329d2e2643
commit fd2ebcd5bd
2 changed files with 28 additions and 2 deletions
--- a/cmd/k8s-operator/deploy/examples/connector.yaml
+++ b/cmd/k8s-operator/deploy/examples/connector.yaml
@ -1,9 +1,10 @@
 # Before applying ensure that the operator owns tag:prod.
 # https://tailscale.com/kb/1236/kubernetes-operator/#setting-up-the-kubernetes-operator.
-# To set up autoapproval set tag:prod as approver for 10.40.0.0/14 route and exit node.
+# To set up autoapproval set tag:prod as approver for 10.40.0.0/14 route.
 # Otherwise approve it manually in Machines panel once the
 # ts-prod Tailscale node has been created.
 # See https://tailscale.com/kb/1018/acls/#auto-approvers-for-routes-and-exit-nodes
+# For an exit node example, see exitnode.yaml
 apiVersion: tailscale.com/v1alpha1
 kind: Connector
 metadata:
@ -17,4 +18,3 @@ spec:
    advertiseRoutes:
    - "10.40.0.0/14"
    - "192.168.0.0/14"
-  exitNode: true
--- a/cmd/k8s-operator/deploy/examples/exitnode.yaml
+++ b/cmd/k8s-operator/deploy/examples/exitnode.yaml
@ -0,0 +1,26 @@
+# Before applying ensure that the operator owns tag:k8s-operator
+# To use both subnet routing and exit node on the same cluster, deploy a separate
+# Connector resource for each.
+# See connector.yaml for a subnet router example.
+# See: https://tailscale.com/kb/1441/kubernetes-operator-connector
+---
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+  name: exit-node
+spec:
+  # Exit node configuration - allows Tailscale clients to route all internet traffic through this Connector
+  exitNode: true
+
+  # High availability: 2 replicas for redundancy
+  # Note: Must use hostnamePrefix (not hostname) when replicas > 1
+  replicas: 2
+
+  # Hostname prefix for the exit node devices
+  # Devices will be named: exit-node-0, exit-node-1
+  hostnamePrefix: exit-node
+
+  # Tailscale tags for ACL policy management
+  tags:
+    - tag:k8s-operator
+