diff options
| author | Tom Proctor <tomhjp@users.noreply.github.com> | 2025-06-27 18:10:04 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-27 18:10:04 +0100 |
| commit | 711698f5a985a5c93649b31c9f49ed6d22a91c42 (patch) | |
| tree | 331753073c315fb17111403ad8e9898680953229 /control/controlhttp/controlhttpserver/controlhttpserver.go | |
| parent | f81baa2d56795267df835f770d0779d414aed283 (diff) | |
| download | tailscale-711698f5a985a5c93649b31c9f49ed6d22a91c42.tar.xz tailscale-711698f5a985a5c93649b31c9f49ed6d22a91c42.zip | |
cmd/{containerboot,k8s-operator}: use state Secret for checking device auth (#16328)
Previously, the operator checked the ProxyGroup status fields for
information on how many of the proxies had successfully authed. Use
their state Secrets instead as a more reliable source of truth.
containerboot has written device_fqdn and device_ips keys to the
state Secret since inception, and pod_uid since 1.78.0, so there's
no need to use the API for that data. Read it from the state Secret
for consistency. However, to ensure we don't read data from a
previous run of containerboot, make sure we reset containerboot's
state keys on startup.
One other knock-on effect of that is ProxyGroups can briefly be
marked not Ready while a Pod is restarting. Introduce a new
ProxyGroupAvailable condition to more accurately reflect
when downstream controllers can implement flows that rely on a
ProxyGroup having at least 1 proxy Pod running.
Fixes #16327
Change-Id: I026c18e9d23e87109a471a87b8e4fb6271716a66
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')
0 files changed, 0 insertions, 0 deletions