tailscale/wgengine
Irbe Krumina 3af0f526b8
cmd{containerboot,k8s-operator},util/linuxfw: support ExternalName Services (#11802)
* cmd/containerboot,util/linuxfw: support proxy backends specified by DNS name

Adds support for optionally configuring containerboot to proxy
traffic to backends configured by passing TS_EXPERIMENTAL_DEST_DNS_NAME env var
to containerboot.
Containerboot will periodically (every 10 minutes) attempt to resolve
the DNS name and ensure that all traffic sent to the node's
tailnet IP gets forwarded to the resolved backend IP addresses.

Currently:
- if the firewall mode is iptables, traffic will be load balanced
accross the backend IP addresses using round robin. There are
no health checks for whether the IPs are reachable.
- if the firewall mode is nftables traffic will only be forwarded
to the first IP address in the list. This is to be improved.

* cmd/k8s-operator: support ExternalName Services

 Adds support for exposing endpoints, accessible from within
a cluster to the tailnet via DNS names using ExternalName Services.
This can be done by annotating the ExternalName Service with
tailscale.com/expose: "true" annotation.
The operator will deploy a proxy configured to route tailnet
traffic to the backend IPs that service.spec.externalName
resolves to. The backend IPs must be reachable from the operator's
namespace.

Updates tailscale/tailscale#10606

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-04-23 17:30:00 +01:00
..
bench tailcfg, all: use []netip.AddrPort instead of []string for Endpoints 2023-10-01 18:23:02 -07:00
capture various: add golangci-lint, fix issues (#7905) 2023-04-17 18:38:24 -04:00
filter all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
magicsock wgengine/magicsock: disable portmapper in tunchan-faked tests 2024-04-17 21:47:38 -07:00
netlog all: use zstdframe where sensible (#11491) 2024-03-21 12:20:38 -07:00
netstack all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
router cmd{containerboot,k8s-operator},util/linuxfw: support ExternalName Services (#11802) 2024-04-23 17:30:00 +01:00
wgcfg all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
wgint wgengine{,/wgint}: add wgint.Peer wrapper type, add to wgengine.Engine 2024-02-28 09:50:18 -08:00
wglog all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
winnet all: update copyright and license headers 2023-01-27 15:36:29 -08:00
mem_ios.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
pendopen.go wgengine: make pendOpen time later, after dup check 2024-02-26 19:09:12 -08:00
userspace.go wgengine/router: provide explicit hook to signal Android when VPN needs to be reconfigured 2024-04-04 12:56:49 -05:00
userspace_ext_test.go wgengine/netstack: remove SubnetRouterWrapper 2024-04-07 15:44:41 -07:00
userspace_test.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
watchdog.go wgengine{,/wgint}: add wgint.Peer wrapper type, add to wgengine.Engine 2024-02-28 09:50:18 -08:00
watchdog_js.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
watchdog_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
wgengine.go wgengine{,/wgint}: add wgint.Peer wrapper type, add to wgengine.Engine 2024-02-28 09:50:18 -08:00