Documentation
¶
Overview ¶
Package apiproxy contains the Kubernetes API Proxy implementation used by k8s-operator and k8s-proxy.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIServerProxy ¶ added in v1.86.0
type APIServerProxy struct {
// contains filtered or unexported fields
}
APIServerProxy is an net/http.Handler that authenticates requests using the Tailscale LocalAPI and then proxies them to the Kubernetes API.
func NewAPIServerProxy ¶ added in v1.86.0
func NewAPIServerProxy(zlog *zap.SugaredLogger, restConfig *rest.Config, ts *tsnet.Server, mode kubetypes.APIServerProxyMode, https bool) (*APIServerProxy, error)
NewAPIServerProxy creates a new APIServerProxy that's ready to start once Run is called. No network traffic will flow until Run is called.
authMode controls how the proxy behaves:
- true: the proxy is started and requests are impersonated using the caller's Tailscale identity and the rules defined in the tailnet ACLs.
- false: the proxy is started and requests are passed through to the Kubernetes API without any auth modifications.
func (*APIServerProxy) Run ¶ added in v1.86.0
func (ap *APIServerProxy) Run(ctx context.Context) error
Run starts the HTTP server that authenticates requests using the Tailscale LocalAPI and then proxies them to the Kubernetes API. It listens on :443 and uses the Tailscale HTTPS certificate.
It return when ctx is cancelled or ServeTLS fails.
Source Files
Click to show internal directories.
Click to hide internal directories.