mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
299c5372bd
tailscale/ipn
History
Irbe Krumina cd391b37a6
ipn/ipnlocal, envknob: make it possible to configure the cert client to act in read-only mode (#15250) 
* ipn/ipnlocal,envknob: add some primitives for HA replica cert share.

Add an envknob for configuring
an instance's cert store as read-only, so that it
does not attempt to issue or renew TLS credentials,
only reads them from its cert store.
This will be used by the Kubernetes Operator's HA Ingress
to enable multiple replicas serving the same HTTPS endpoint
to be able to share the same cert.

Also some minor refactor to allow adding more tests
for cert retrieval logic.


Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2025-03-13 14:14:03 +00:00
..
auditlog control/controlclient, ipn: add client audit logging (#14950) 2025-03-12 10:37:03 -04:00
conffile ipn/conffile: don't depend on hujson on iOS/Android 2024-10-10 09:14:36 -07:00
desktop various: keep tailscale connected when Always On mode is enabled on Windows 2025-02-14 16:40:54 -06:00
ipnauth control/controlclient, ipn: add client audit logging (#14950) 2025-03-12 10:37:03 -04:00
ipnlocal ipn/ipnlocal, envknob: make it possible to configure the cert client to act in read-only mode (#15250) 2025-03-13 14:14:03 +00:00
ipnserver various: keep tailscale connected when Always On mode is enabled on Windows 2025-02-14 16:40:54 -06:00
ipnstate ipn: update AddPeer to include TaildropTarget (#15091) 2025-02-28 14:17:28 -08:00
localapi ipn/{ipnserver,localapi},tsnet: use ipnauth.Self as the actor in tsnet localapi handlers 2025-02-04 16:37:30 -06:00
policy ipn,tailconfig: clean up unreleased and removed app connector service 2023-11-09 22:36:52 -08:00
store ipn/store/kubestore: sanitize keys loaded to in-memory store (#15178) 2025-03-03 16:04:18 +00:00
backend.go ipn: declare NotifyWatchOpt consts without using iota 2025-01-04 18:43:27 -08:00
conf.go ipn/conf.go: add VIPServices to tailscaled configfile (#14345) 2025-01-10 06:33:58 +00:00
doc.go ipn: generate LoginProfileView and use it instead of *LoginProfile where appropriate 2025-01-30 18:12:54 -06:00
ipn_clone.go ipn: generate LoginProfileView and use it instead of *LoginProfile where appropriate 2025-01-30 18:12:54 -06:00
ipn_test.go all: do not depend on the testing package 2024-05-24 05:23:36 -07:00
ipn_view.go ipn: generate LoginProfileView and use it instead of *LoginProfile where appropriate 2025-01-30 18:12:54 -06:00
prefs_test.go types/persist: remove Persist.LegacyFrontendPrivateMachineKey 2025-01-27 22:01:50 +00:00
prefs.go cmd/tailscale,ipn,tailcfg: add tailscale advertise subcommand behind envknob (#13734) 2024-10-16 19:08:06 -04:00
serve_test.go ipn: [serve] warn that foreground funnel won't work if shields are up (#14685) 2025-01-19 19:00:21 +00:00
serve.go tailcfg: add ServiceName 2025-01-22 15:27:46 -05:00
store_test.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00
store.go ipn: add comment about thread-safety to StateStore 2024-03-06 12:42:18 -06:00