cmd/k8s-operator: add exit node example (#18087)
* cmd/k8s-operator/deploy/examples Adds exitnode.yaml to k8s-operator Fixes #18086 Signed-off-by: Christopher Mosetick <office@cpm.is> * cmd/k8s-operator/deploy/examples: update connector and add exitnode examples - Remove exitNode: true from connector.yaml to keep it focused as a subnet router example - Update connector.yaml header comment to remove exit node reference and add pointer hint to exitnode.yaml - Clarify exitnode.yaml comments to accurately describe separate Connector deployment pattern Fixes #18086 Signed-off-by: Christopher Mosetick <office@cpm.is> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond <davidsbond@users.noreply.github.com> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> --------- Signed-off-by: Christopher Mosetick <office@cpm.is> Signed-off-by: Chris Mosetick <cmosetick@gmail.com> Co-authored-by: David Bond <davidsbond@users.noreply.github.com>
This commit is contained in:
Chris Mosetick
GitHub
@@ -1,9 +1,10 @@
|
|||||||
# Before applying ensure that the operator owns tag:prod.
|
# Before applying ensure that the operator owns tag:prod.
|
||||||
# https://tailscale.com/kb/1236/kubernetes-operator/#setting-up-the-kubernetes-operator.
|
# https://tailscale.com/kb/1236/kubernetes-operator/#setting-up-the-kubernetes-operator.
|
||||||
# To set up autoapproval set tag:prod as approver for 10.40.0.0/14 route and exit node.
|
# To set up autoapproval set tag:prod as approver for 10.40.0.0/14 route.
|
||||||
# Otherwise approve it manually in Machines panel once the
|
# Otherwise approve it manually in Machines panel once the
|
||||||
# ts-prod Tailscale node has been created.
|
# ts-prod Tailscale node has been created.
|
||||||
# See https://tailscale.com/kb/1018/acls/#auto-approvers-for-routes-and-exit-nodes
|
# See https://tailscale.com/kb/1018/acls/#auto-approvers-for-routes-and-exit-nodes
|
||||||
|
# For an exit node example, see exitnode.yaml
|
||||||
apiVersion: tailscale.com/v1alpha1
|
apiVersion: tailscale.com/v1alpha1
|
||||||
kind: Connector
|
kind: Connector
|
||||||
metadata:
|
metadata:
|
||||||
@@ -17,4 +18,3 @@ spec:
|
|||||||
advertiseRoutes:
|
advertiseRoutes:
|
||||||
- "10.40.0.0/14"
|
- "10.40.0.0/14"
|
||||||
- "192.168.0.0/14"
|
- "192.168.0.0/14"
|
||||||
exitNode: true
|
|
||||||
|
|||||||
@@ -0,0 +1,26 @@
|
|||||||
|
# Before applying ensure that the operator owns tag:k8s-operator
|
||||||
|
# To use both subnet routing and exit node on the same cluster, deploy a separate
|
||||||
|
# Connector resource for each.
|
||||||
|
# See connector.yaml for a subnet router example.
|
||||||
|
# See: https://tailscale.com/kb/1441/kubernetes-operator-connector
|
||||||
|
---
|
||||||
|
apiVersion: tailscale.com/v1alpha1
|
||||||
|
kind: Connector
|
||||||
|
metadata:
|
||||||
|
name: exit-node
|
||||||
|
spec:
|
||||||
|
# Exit node configuration - allows Tailscale clients to route all internet traffic through this Connector
|
||||||
|
exitNode: true
|
||||||
|
|
||||||
|
# High availability: 2 replicas for redundancy
|
||||||
|
# Note: Must use hostnamePrefix (not hostname) when replicas > 1
|
||||||
|
replicas: 2
|
||||||
|
|
||||||
|
# Hostname prefix for the exit node devices
|
||||||
|
# Devices will be named: exit-node-0, exit-node-1
|
||||||
|
hostnamePrefix: exit-node
|
||||||
|
|
||||||
|
# Tailscale tags for ACL policy management
|
||||||
|
tags:
|
||||||
|
- tag:k8s-operator
|
||||||
|
|
||||||
Reference in New Issue
Block a user