| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We had two implemenetations of the kube client, merge them.
containerboot was also using a raw http.Transport, this also has
the side effect of making it use a http.Client
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Fixes #5676
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
This updates all source files to use a new standard header for copyright
and license declaration. Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.
This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.
Updates #6865
Signed-off-by: Will Norris <will@tailscale.com>
|
|
Updates #502
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
We still accept the previous TS_AUTH_KEY for backwards compatibility, but the documented option name is the spelling we use everywhere else.
Updates #6321
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
In some configurations, user explicitly do not want to store
tailscale state in k8s secrets, because doing that leads to
some annoying permission issues with sidecar containers.
With this change, TS_KUBE_SECRET="" and TS_STATE_DIR=/foo
will force storage to file when running in kubernetes.
Fixes #6704.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
We still have to shell out to `tailscale up` because the container image's
API includes "arbitrary flags to tailscale up", unfortunately. But this
should still speed up startup a little, and also enables k8s-bound containers
to update their device information as new netmap updates come in.
Fixes #6657
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #6629.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #6629.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
In preparation for making startup more complex with IPN bus watches.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
In preparation for reworking auth to use IPN bus watch.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
It's supposed to set `--statedir` rather than `--state` file.
Fixes #6634.
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Also fix a bugs found while adding the tests, oops.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Only enable forwarding for an IP family if any forwarding is required
for that family.
Fixes #6221.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #6218.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #6211
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
The //go:build syntax was introduced in Go 1.17:
https://go.dev/doc/go1.17#build-lines
gofmt has kept the +build and go:build lines in sync since
then, but enough time has passed. Time to remove them.
Done with:
perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build')
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This implements the same functionality as the former run.sh, but in Go
and with a little better awareness of tailscaled's lifecycle.
Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had
where it would unconditionally try to reauth every time if you gave it
an authkey, rather than try to use it only if auth is actually needed.
This makes it a bit nicer to deploy these containers in automation, since
you don't have to run the container once, then go and edit its definition
to remove authkeys.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
