cmd/{k8s-operator,k8s-proxy}: support new ProxyGroup type kube-apiservertomhjp/k8s-proxy-3

Adds a new enum value to ProxyGroup's .spec.Type field, kube-apiserver. Deploys
the new k8s-proxy container image and configures it via a new config file
specific to k8s-proxy. The config file is modelled after conffile but makes
some minor changes to versioning to make sure we can maintain backwards
compatible config within a single file so that it's easy to implement reading
that config file directly from a Kubernetes Secret in future.

Required significant updates to the operator's permissions so that it is
allowed to assign the powerful impersonation cluster role that k8s-proxy
requires to operate in authenticating mode.

The proxies deployed for the new ProxyGroup type currently work using their
own DNS name, but do not advertise a shared Tailscale Service, so are not
yet HA. Tailscale Service creation is planned to be added in a separate
reconciler loop.

Updates #13358

Change-Id: If75514bc068e2288ad7ac12db15f13dbade5793b
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>

0 files changed, 0 insertions, 0 deletions