71029cea2d
all: update copyright and license headers
...
This updates all source files to use a new standard header for copyright
and license declaration. Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.
This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.
Updates #6865
Signed-off-by: Will Norris <will@tailscale.com >
2023-01-27 15:36:29 -08:00
11f7f7d4a0
docs/k8s: Use TS_AUTHKEY instead of TS_AUTH_KEY ( #7092 )
...
Updates https://github.com/tailscale/tailscale-www/issues/2199 .
Signed-off-by: Walter Poupore <walterp@tailscale.com >
2023-01-27 15:05:03 -08:00
a6dff4fb74
docs/webhooks: use subtle.ConstantTimeCompare for comparing signatures
...
Fixes #6572
Signed-off-by: Andrew Dunham <andrew@du.nham.ca >
Change-Id: I58610c46e0ea1d3a878f91d154db3da4de9cae00
2022-11-30 11:58:25 -05:00
5e703bdb55
docs/k8s: add secrets patching permission to the tailscale role.
...
Fixes #6225 .
Signed-off-by: David Anderson <danderson@tailscale.com >
2022-11-07 16:18:01 -08:00
76904b82e7
cmd/containerboot: PID1 for running tailscaled in a container.
...
This implements the same functionality as the former run.sh, but in Go
and with a little better awareness of tailscaled's lifecycle.
Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had
where it would unconditionally try to reauth every time if you gave it
an authkey, rather than try to use it only if auth is actually needed.
This makes it a bit nicer to deploy these containers in automation, since
you don't have to run the container once, then go and edit its definition
to remove authkeys.
Signed-off-by: David Anderson <danderson@tailscale.com >
2022-11-03 15:30:32 -07:00
944f43f1c8
docs/webhooks: add sample endpoint code
...
Signed-off-by: Sonia Appasamy <sonia@tailscale.com >
2022-10-26 14:28:00 -05:00
5fc8843c4c
docs/k8s: [proxy] fix sysctl command
...
Fixes #5805
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-10-01 14:10:05 -07:00
021bedfb89
docker: add ability to use a custom control socket
...
Signed-off-by: Anton Schubert <anton.schubert@riedel.net >
2022-09-22 08:48:26 -07:00
d988c9f098
fix auth key name
...
Signed-off-by: hlts2 <hiroto.funakoshi.hiroto@gmail.com >
2022-09-22 03:55:05 -07:00
486eecc063
Switched Secret snippet to match run.sh
...
Signed-off-by: Tyler Lee <tyler.lee@radius.ai >
2022-09-16 11:20:33 -07:00
b830c9975f
Updated secret example in readme to match the sidecar key value
...
Signed-off-by: Tyler Lee <tyler.lee@radius.ai >
2022-09-16 11:20:33 -07:00
060ecb010f
docs/k8s: make run.sh handle SIGINT
...
It was previously using jobcontrol to achieve this, but that apparently
doesn't work when there is no tty. This makes it so that it directly
handles SIGINT and SIGTERM and passes it on to tailscaled. I tested this
works on a Digital Ocean K8s cluster.
Fixes #5512
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-09-04 15:50:02 -07:00
0ae0439668
docs/k8s: add IPv6 forwarding in proxy.yaml
...
Fixes https://github.com/tailscale/tailscale/issues/4999
Signed-off-by: Denton Gentry <dgentry@tailscale.com >
2022-08-30 06:03:15 -07:00
df9f3edea3
docs/k8s: add prefix to ( #5167 )
...
Signed-off-by: Walter Poupore <walterp@tailscale.com >
2022-07-25 15:10:07 -07:00
1d33157ab9
docs/k8s: use job control in run.sh
...
This has the benefit of propagating SIGINT to tailscaled, which in turn
can react to the event and logout in case of an ephemeral node.
Also fix missing run.sh in Dockerfile.
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-07-21 15:43:40 -07:00
bd4b27753e
docs/k8s: set statedir to /tmp when not specified
...
This makes `tailscale cert` and Taildrop work on k8s and in ephemeral
mode.
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-07-18 10:19:19 -07:00
9584d8aa7d
docs/k8s: Add env vars for tailscaled args
...
- TS_SOCKS5_SERVER, argument passed to tailscaled --socks5-server
- TS_OUTBOUND_HTTP_PROXY_LISTEN, argument passed to tailscaled -outbound-http-proxy-listen
- TS_TAILSCALED_EXTRA_ARGS extra arguments passed to tailscaled
Fixes #4985
Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org >
2022-07-01 14:45:51 -07:00
ea6e9099b9
fix: typo rename, ROUTES -> TS_ROUTES
...
Signed-off-by: Jake Edgington <jake.edgington@gmail.com >
2022-06-30 20:23:37 -07:00
72b7edbba9
fix: typo rename, KUBE_SECRET -> TS_KUBE_SECRET
...
Signed-off-by: Jake Edgington <jake.edgington@gmail.com >
2022-06-30 20:23:37 -07:00
3b55bf9306
build_docker.sh: add run.sh as an entrypoint to the docker image
...
Fixes #4071
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-06-07 00:45:49 +05:00
9fa6cdf7bf
fix minor typo
...
Signed-off-by: Brian Fallik <bfallik@gmail.com >
2021-11-16 11:03:43 -08:00
cb030a0bb4
docs/k8s: add example about setting up a subnet router
...
Signed-off-by: Robert <rspier@pobox.com >
Co-authored-by: Maisem Ali <3953239+maisem@users.noreply.github.com >
2021-10-18 14:54:00 -04:00
47ace13ac8
Fix k8s README
...
Use the correct KUBE_SECRET value
2021-10-14 19:12:48 -04:00
e538d47bd5
docs/k8s: update run.sh to use the correct socket path
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-10-14 18:09:12 -04:00
a6c3de72d6
docs/k8s: use ghcr.io for base image
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-10-13 17:55:14 -04:00
45d4adcb63
docs/k8s: use tailscale/tailscale as base image
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-10-13 15:34:44 -04:00
2c403cbb31
docs/k8s: add instructions on how to run as a sidecar or a proxy.
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-10-13 13:26:53 -04:00
0842e2f45b
ipn/store: add ability to store data as k8s secrets.
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-09-01 12:50:59 -07:00
fd4838dc57
wgengine/userspace: add support to automatically enable/disable the tailscale
...
protocol in BIRD, when the node is a primary subnet router as determined
by control.
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-08-30 10:18:05 -07:00
