mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

cmd/k8s-operator: require HTTPS to be enabled for AuthProxy

Browse Source 
Updates #5055

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali
2023-03-13 12:06:24 -07:00
committed by Maisem Ali
parent 489e27f085
commit 558735bc63
3 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/k8s-operator/operator.go
View File

@ -235,15 +235,11 @@ waitOnline:
startlog.Infof("Startup complete, operator running")
if shouldRunAuthProxy {
rc, err := rest.TransportFor(restConfig)
rt, err := rest.TransportFor(restConfig)
if err != nil {
startlog.Fatalf("could not get rest transport: %v", err)
}
authProxyListener, err := s.Listen("tcp", ":443")
if err != nil {
startlog.Fatalf("could not listen on :443: %v", err)
}
go runAuthProxy(lc, authProxyListener, rc, zlog.Named("auth-proxy").Infof)
go runAuthProxy(s, rt, zlog.Named("auth-proxy").Infof)
}
if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
startlog.Fatalf("could not start manager: %v", err)