summaryrefslogtreecommitdiffhomepage
path: root/docs
AgeCommit message (Collapse)AuthorFilesLines
2023-07-01docs/k8s: don't call kubectl directly from MakefileDavid Wolever2-16/+14
Instead of calling kubectl directly in k8s Makefile, write the yaml to stdout so it can be reviewed/edited/etc before manually applying with kubectl. Fixes: #8511 Signed-off-by: David Wolever <david@wolever.net>
2023-01-27all: update copyright and license headersWill Norris9-27/+18
This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>
2023-01-27docs/k8s: Use TS_AUTHKEY instead of TS_AUTH_KEY (#7092)Walter Poupore5-9/+9
Updates https://github.com/tailscale/tailscale-www/issues/2199. Signed-off-by: Walter Poupore <walterp@tailscale.com>
2022-11-30docs/webhooks: use subtle.ConstantTimeCompare for comparing signaturesAndrew Dunham1-1/+2
Fixes #6572 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I58610c46e0ea1d3a878f91d154db3da4de9cae00
2022-11-07docs/k8s: add secrets patching permission to the tailscale role.David Anderson1-1/+1
Fixes #6225. Signed-off-by: David Anderson <danderson@tailscale.com>
2022-11-03cmd/containerboot: PID1 for running tailscaled in a container.David Anderson2-93/+2
This implements the same functionality as the former run.sh, but in Go and with a little better awareness of tailscaled's lifecycle. Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had where it would unconditionally try to reauth every time if you gave it an authkey, rather than try to use it only if auth is actually needed. This makes it a bit nicer to deploy these containers in automation, since you don't have to run the container once, then go and edit its definition to remove authkeys. Signed-off-by: David Anderson <danderson@tailscale.com>
2022-10-26docs/webhooks: add sample endpoint codeSonia Appasamy1-0/+149
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2022-10-01docs/k8s: [proxy] fix sysctl commandMaisem Ali1-2/+2
Fixes #5805 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-09-22docker: add ability to use a custom control socketAnton Schubert1-3/+4
Signed-off-by: Anton Schubert <anton.schubert@riedel.net>
2022-09-22fix auth key namehlts23-3/+3
Signed-off-by: hlts2 <hiroto.funakoshi.hiroto@gmail.com>
2022-09-16Switched Secret snippet to match run.shTyler Lee2-2/+2
Signed-off-by: Tyler Lee <tyler.lee@radius.ai>
2022-09-16Updated secret example in readme to match the sidecar key valueTyler Lee1-1/+1
Signed-off-by: Tyler Lee <tyler.lee@radius.ai>
2022-09-04docs/k8s: make run.sh handle SIGINTMaisem Ali1-3/+10
It was previously using jobcontrol to achieve this, but that apparently doesn't work when there is no tty. This makes it so that it directly handles SIGINT and SIGTERM and passes it on to tailscaled. I tested this works on a Digital Ocean K8s cluster. Fixes #5512 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-08-30docs/k8s: add IPv6 forwarding in proxy.yamlDenton Gentry1-1/+1
Fixes https://github.com/tailscale/tailscale/issues/4999 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2022-07-25docs/k8s: add prefix to (#5167)Walter Poupore1-6/+21
Signed-off-by: Walter Poupore <walterp@tailscale.com>
2022-07-21docs/k8s: use job control in run.shMaisem Ali1-2/+3
This has the benefit of propagating SIGINT to tailscaled, which in turn can react to the event and logout in case of an ephemeral node. Also fix missing run.sh in Dockerfile. Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-07-18docs/k8s: set statedir to /tmp when not specifiedMaisem Ali1-2/+2
This makes `tailscale cert` and Taildrop work on k8s and in ephemeral mode. Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-07-01docs/k8s: Add env vars for tailscaled argsCraig Rodrigues1-0/+15
- TS_SOCKS5_SERVER, argument passed to tailscaled --socks5-server - TS_OUTBOUND_HTTP_PROXY_LISTEN, argument passed to tailscaled -outbound-http-proxy-listen - TS_TAILSCALED_EXTRA_ARGS extra arguments passed to tailscaled Fixes #4985 Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>
2022-06-30fix: typo rename, ROUTES -> TS_ROUTESJake Edgington1-1/+1
Signed-off-by: Jake Edgington <jake.edgington@gmail.com>
2022-06-30fix: typo rename, KUBE_SECRET -> TS_KUBE_SECRETJake Edgington1-1/+1
Signed-off-by: Jake Edgington <jake.edgington@gmail.com>
2022-06-07build_docker.sh: add run.sh as an entrypoint to the docker imageMaisem Ali10-86/+72
Fixes #4071 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-11-16fix minor typoBrian Fallik1-2/+2
Signed-off-by: Brian Fallik <bfallik@gmail.com>
2021-10-18docs/k8s: add example about setting up a subnet routerRobert3-0/+73
Signed-off-by: Robert <rspier@pobox.com> Co-authored-by: Maisem Ali <3953239+maisem@users.noreply.github.com>
2021-10-14Fix k8s READMEFelipe Cruz Martinez1-2/+2
Use the correct KUBE_SECRET value
2021-10-14docs/k8s: update run.sh to use the correct socket pathMaisem Ali1-2/+2
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-10-13docs/k8s: use ghcr.io for base imageMaisem Ali1-1/+1
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-10-13docs/k8s: use tailscale/tailscale as base imageMaisem Ali1-2/+2
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-10-13docs/k8s: add instructions on how to run as a sidecar or a proxy.Maisem Ali10-17/+325
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-09-01ipn/store: add ability to store data as k8s secrets.Maisem Ali4-0/+47
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-08-30wgengine/userspace: add support to automatically enable/disable the tailscaleMaisem Ali2-0/+20
protocol in BIRD, when the node is a primary subnet router as determined by control. Signed-off-by: Maisem Ali <maisem@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.