tailscale/cmd
Irbe Krumina 34734ba635
ipn/store/kubestore,kube,envknob,cmd/tailscaled/depaware.txt: allow kubestore read/write custom TLS secrets (#15307)
This PR adds some custom logic for reading and writing
kube store values that are TLS certs and keys:
1) when store is initialized, lookup additional
TLS Secrets for this node and if found, load TLS certs
from there
2) if the node runs in certs 'read only' mode and
TLS cert and key are not found in the in-memory store,
look those up in a Secret
3) if the node runs in certs 'read only' mode, run
a daily TLS certs reload to memory to get any
renewed certs

Updates tailscale/corp#24795

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2025-03-18 15:09:22 +00:00
..
addlicense all: fix golangci-lint errors 2025-01-07 13:05:37 -08:00
build-webclient client/web: precompress assets 2023-12-07 20:57:31 -05:00
checkmetrics cmd/checkmetrics: add command for checking metrics against kb 2024-12-02 10:30:46 +01:00
cloner cmd/cloner, cmd/viewer, util/codegen: add support for aliases of cloneable types 2024-08-23 15:43:40 -05:00
connector-gen cmd/connector-gen: add helper tool for wide app connector configurations 2023-12-15 09:29:42 -08:00
containerboot cmd/containerboot: manage HA Ingress TLS certs from containerboot (#15303) 2025-03-14 17:33:08 +00:00
derper cmd/derper, derp/derphttp: support, generate self-signed IP address certs 2025-03-07 05:36:55 -08:00
derpprobe prober: support filtering regions by region ID in addition to code 2025-01-10 12:33:19 -06:00
dist release/dist/qnap: add qnap target builder 2024-04-22 17:43:28 -04:00
get-authkey cmd,tsnet,internal/client: create internal shim to deprecated control plane API 2025-02-18 10:23:04 -06:00
gitops-pusher cmd/gitops-pusher: log error details when unable to fetch ACL ETag 2025-02-18 14:29:14 -06:00
hello cmd/hello: display native ipv4 (#15191) 2025-03-04 08:47:35 -07:00
k8s-nameserver cmd/k8s-nameserver: fix AAAA record query response (#12412) 2024-06-10 17:57:22 +01:00
k8s-operator cmd/k8s-operator: ensure old VIPServices are cleaned up (#15344) 2025-03-18 12:48:59 +00:00
mkmanifest cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS 2023-03-01 15:45:12 -07:00
mkpkg go.mod: upgrade nfpm to v2 (#8786) 2023-08-03 13:00:45 -07:00
mkversion version/mkversion: open-source version generation logic 2023-02-18 05:21:05 +00:00
nardump all: update copyright and license headers 2023-01-27 15:36:29 -08:00
natc cmd/natc: error and log when IP range is exhausted 2025-03-10 10:20:22 -07:00
netlogfmt all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
nginx-auth tailcfg,all: add and use Node.IsTagged() 2023-03-13 08:44:25 -07:00
pgproxy all: use new LocalAPI client package location 2025-02-05 14:41:42 -08:00
printdep cmd/printdep: print correct toolchain URL 2023-02-11 17:57:36 +00:00
proxy-to-grafana cmd/proxy-to-grafana: support setting Grafana role via grants 2025-03-18 07:26:04 +00:00
sniproxy all: use new LocalAPI client package location 2025-02-05 14:41:42 -08:00
speedtest all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ssh-auth-none-demo ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh 2025-01-31 16:36:39 -06:00
stunc cmd/stunc: enforce read timeout deadline (#14309) 2024-12-06 14:27:52 -05:00
stund go.toolchain.branch: update to Go 1.24 (#15016) 2025-02-19 10:55:49 -08:00
stunstamp cmd/stunstamp: add protocol context to timeout logs (#13422) 2024-09-09 18:42:13 -07:00
sync-containers all: adjust some build tags for plan9 2023-08-24 15:42:35 -07:00
systray cmd/systray: add cmd/systray back as a small client/systray wrapper 2025-01-06 16:49:34 -08:00
tailscale go.toolchain.branch: update to Go 1.24 (#15016) 2025-02-19 10:55:49 -08:00
tailscaled ipn/store/kubestore,kube,envknob,cmd/tailscaled/depaware.txt: allow kubestore read/write custom TLS secrets (#15307) 2025-03-18 15:09:22 +00:00
testcontrol all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
testwrapper cmd/testwrapper: print failed tests preventing retry (#15270) 2025-03-13 14:21:29 +00:00
tl-longchain all: use new LocalAPI client package location 2025-02-05 14:41:42 -08:00
tsconnect go.toolchain.branch: update to Go 1.24 (#15016) 2025-02-19 10:55:49 -08:00
tsidp cmd/tsidp: allow CORS requests to openid-configuration (#15229) 2025-03-11 13:10:22 -07:00
tsshd all: update copyright and license headers 2023-01-27 15:36:29 -08:00
tta all: use new LocalAPI client package location 2025-02-05 14:41:42 -08:00
viewer cmd/viewer,all: consistently use "read-only" instead of "readonly" 2025-01-14 08:26:56 -08:00
vnet tstest/natlab/vnet: add start of IPv6 support 2024-08-24 18:02:38 -07:00
xdpderper all: add test for package comments, fix, add comments as needed 2024-07-10 09:57:00 -07:00