summaryrefslogtreecommitdiffhomepage
path: root/cmd/k8s-operator/proxygroup_specs.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/k8s-operator/proxygroup_specs.go')
-rw-r--r--cmd/k8s-operator/proxygroup_specs.go15
1 files changed, 13 insertions, 2 deletions
diff --git a/cmd/k8s-operator/proxygroup_specs.go b/cmd/k8s-operator/proxygroup_specs.go
index 40bbaec17..0fe247e35 100644
--- a/cmd/k8s-operator/proxygroup_specs.go
+++ b/cmd/k8s-operator/proxygroup_specs.go
@@ -178,6 +178,10 @@ func pgStatefulSet(pg *tsapi.ProxyGroup, namespace, image, tsFirewallMode string
corev1.EnvVar{
Name: "TS_SERVE_CONFIG",
Value: fmt.Sprintf("/etc/proxies/%s", serveConfigKey),
+ },
+ corev1.EnvVar{
+ Name: "TS_EXPERIMENTAL_CERT_SHARE",
+ Value: "true",
})
}
return append(c.Env, envs...)
@@ -229,6 +233,13 @@ func pgRole(pg *tsapi.ProxyGroup, namespace string) *rbacv1.Role {
APIGroups: []string{""},
Resources: []string{"secrets"},
Verbs: []string{
+ "list",
+ },
+ },
+ {
+ APIGroups: []string{""},
+ Resources: []string{"secrets"},
+ Verbs: []string{
"get",
"patch",
"update",
@@ -320,7 +331,7 @@ func pgIngressCM(pg *tsapi.ProxyGroup, namespace string) *corev1.ConfigMap {
func pgSecretLabels(pgName, typ string) map[string]string {
return pgLabels(pgName, map[string]string{
- labelSecretType: typ, // "config" or "state".
+ kubetypes.LabelSecretType: typ, // "config", "state" or "certs"
})
}
@@ -330,7 +341,7 @@ func pgLabels(pgName string, customLabels map[string]string) map[string]string {
l[k] = v
}
- l[LabelManaged] = "true"
+ l[kubetypes.LabelManaged] = "true"
l[LabelParentType] = "proxygroup"
l[LabelParentName] = pgName
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.