package apiproxy
import "tailscale.com/k8s-operator/api-proxy"
Package apiproxy contains the Kubernetes API Proxy implementation used by k8s-operator and k8s-proxy.
Index ¶
Types ¶
type APIServerProxy ¶
type APIServerProxy struct {
// contains filtered or unexported fields
}
APIServerProxy is an net/http.Handler that authenticates requests using the Tailscale LocalAPI and then proxies them to the Kubernetes API.
func NewAPIServerProxy ¶
func NewAPIServerProxy(zlog *zap.SugaredLogger, restConfig *rest.Config, ts *tsnet.Server, mode kubetypes.APIServerProxyMode, https bool) (*APIServerProxy, error)
NewAPIServerProxy creates a new APIServerProxy that's ready to start once Run is called. No network traffic will flow until Run is called.
authMode controls how the proxy behaves:
- true: the proxy is started and requests are impersonated using the caller's Tailscale identity and the rules defined in the tailnet ACLs.
- false: the proxy is started and requests are passed through to the Kubernetes API without any auth modifications.
func (*APIServerProxy) Run ¶
func (ap *APIServerProxy) Run(ctx context.Context) error
Run starts the HTTP server that authenticates requests using the Tailscale LocalAPI and then proxies them to the Kubernetes API. It listens on :443 and uses the Tailscale HTTPS certificate.
It return when ctx is cancelled or ServeTLS fails.
Source Files ¶
doc.go proxy.go
- Version
- v1.86.4 (latest)
- Published
- Aug 7, 2025
- Platform
- linux/amd64
- Imports
- 23 packages
- Last checked
- 18 hours ago –
Tools for package owners.