In some configurations, user explicitly do not want to store
tailscale state in k8s secrets, because doing that leads to
some annoying permission issues with sidecar containers.
With this change, TS_KUBE_SECRET="" and TS_STATE_DIR=/foo
will force storage to file when running in kubernetes.
Fixes#6704.
Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit af3127711a)
In preparation for making startup more complex with IPN bus watches.
Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit e79a1eb24a)
It's supposed to set `--statedir` rather than `--state` file.
Fixes#6634.
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
(cherry picked from commit 5ff946a9e6)
Only enable forwarding for an IP family if any forwarding is required
for that family.
Fixes#6221.
Signed-off-by: David Anderson <danderson@tailscale.com>
The //go:build syntax was introduced in Go 1.17:
https://go.dev/doc/go1.17#build-lines
gofmt has kept the +build and go:build lines in sync since
then, but enough time has passed. Time to remove them.
Done with:
perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build')
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This implements the same functionality as the former run.sh, but in Go
and with a little better awareness of tailscaled's lifecycle.
Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had
where it would unconditionally try to reauth every time if you gave it
an authkey, rather than try to use it only if auth is actually needed.
This makes it a bit nicer to deploy these containers in automation, since
you don't have to run the container once, then go and edit its definition
to remove authkeys.
Signed-off-by: David Anderson <danderson@tailscale.com>
David Anderson