mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
ba517ab388
tailscale/cmd/k8s-operator
History
Irbe Krumina ba517ab388
cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 
cmd/k8s-operator,ssh/tailssh,tsnet: optionally record kubectl exec sessions

The Kubernetes operator's API server proxy, when it receives a request
for 'kubectl exec' session now reads 'RecorderAddrs', 'EnforceRecorder'
fields from tailcfg.KubernetesCapRule.
If 'RecorderAddrs' is set to one or more addresses (of a tsrecorder instance(s)),
it attempts to connect to those and sends the session contents
to the recorder before forwarding the request to the kube API
server. If connection cannot be established or fails midway,
it is only allowed if 'EnforceRecorder' is not true (fail open).

Updates tailscale/corp#19821

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
2024-07-08 21:18:55 +01:00
..
deploy cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
generate cmd/k8s-operator: cleanup runReconciler signature (#11993) 2024-05-03 19:05:37 +01:00
connector_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
connector.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
depaware.txt cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
dnsrecords_test.go cmd/{k8s-operator,k8s-nameserver},k8s-operator: update nameserver config with records for ingress/egress proxies (#11019) 2024-05-02 17:29:46 +01:00
dnsrecords.go cmd/{k8s-operator,k8s-nameserver},k8s-operator: update nameserver config with records for ingress/egress proxies (#11019) 2024-05-02 17:29:46 +01:00
ingress_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
ingress.go cmd/k8s-operator,k8s-operator: allow proxies accept advertized routes. (#12388) 2024-06-07 19:56:42 +01:00
nameserver_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
nameserver.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
operator_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
operator.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
proxy_test.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
proxy.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
proxyclass_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
proxyclass.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928) 2024-06-07 16:18:44 +01:00
recorder.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
spdy-frame_test.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
spdy-frame.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
spdy-hijacker_test.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
spdy-hijacker.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
spdy-remote-conn-recorder_test.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
spdy-remote-conn-recorder.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00
sts_test.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928) 2024-06-07 16:18:44 +01:00
sts.go cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (#12577) 2024-07-05 12:21:48 +01:00
svc.go cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463) 2024-06-18 19:01:40 +01:00
testutils_test.go cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (#12577) 2024-07-05 12:21:48 +01:00
zlib-reader.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 2024-07-08 21:18:55 +01:00