From 442eea47e13e0483abc19368bce6ab0f3b4dbbcf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Feb 2026 16:46:41 +0000 Subject: [PATCH 1/2] refactor(common): move tailscale settings to settings object - Move tailscale addon settings from addons.tailscale. to addons.tailscale.settings. - Update template to read from settings and map to environment variables - Update schema to reflect new structure with settings object - Update tests to use new settings structure - Update complete-values-structure.yaml Co-authored-by: PrivatePuffin <7613738+PrivatePuffin@users.noreply.github.com> --- .../tests/addons/tailscale_test.yaml | 17 ++-- .../common/complete-values-structure.yaml | 33 +++---- .../common/schemas/addons/tailscale.json | 93 ++++++++++--------- .../common/templates/addons/_tailscale.tpl | 41 +++++++- charts/library/common/values.yaml | 40 ++++---- 5 files changed, 125 insertions(+), 99 deletions(-) diff --git a/charts/library/common-test/tests/addons/tailscale_test.yaml b/charts/library/common-test/tests/addons/tailscale_test.yaml index 93d1c9db66413..2adc4f2a32497 100644 --- a/charts/library/common-test/tests/addons/tailscale_test.yaml +++ b/charts/library/common-test/tests/addons/tailscale_test.yaml @@ -32,9 +32,8 @@ tests: addons: tailscale: enabled: true - container: - env: - TS_AUTH_KEY: something + settings: + authkey: something asserts: - hasDocuments: count: 2 @@ -143,10 +142,9 @@ tests: addons: tailscale: enabled: true - container: - env: - TS_AUTH_KEY: something - TS_USERSPACE: false + settings: + authkey: something + userspace: false asserts: - hasDocuments: count: 2 @@ -238,9 +236,8 @@ tests: addons: tailscale: enabled: true - container: - env: - TS_AUTH_KEY: something + settings: + authkey: something asserts: - hasDocuments: count: 2 diff --git a/charts/library/common/complete-values-structure.yaml b/charts/library/common/complete-values-structure.yaml index 27b36fe1b12f8..22ec8b8278292 100644 --- a/charts/library/common/complete-values-structure.yaml +++ b/charts/library/common/complete-values-structure.yaml @@ -1647,17 +1647,18 @@ addons: enabled: false targetSelector: - "main" - config: "" - authkey: "" - userspace: true - auth_once: true - accept_dns: false - routes: "" - dest_ip: "" - sock5_server: "" - extra_args: "" - daemon_extra_args: "" - outbound_http_proxy_listen: "" + settings: + config: "" + authkey: "" + userspace: true + auth_once: true + accept_dns: false + routes: "" + dest_ip: "" + sock5_server: "" + extra_args: "" + daemon_extra_args: "" + outbound_http_proxy_listen: "" annotations: {} container: enabled: true @@ -1677,16 +1678,6 @@ addons: TS_KUBE_SECRET: "" TS_SOCKET: "/var/run/tailscale/tailscaled.sock" TS_STATE_DIR: "/var/lib/tailscale/state" - TS_USERSPACE: true - TS_AUTH_ONCE: true - TS_ACCEPT_DNS: false - TS_AUTH_KEY: "" - TS_TAILSCALED_EXTRA_ARGS: "" - TS_EXTRA_ARGS: "" - TS_SOCKS5_SERVER: "" - TS_DEST_IP: "" - TS_ROUTES: "" - TS_OUTBOUND_HTTP_PROXY_LISTEN: "" securityContext: capabilities: add: diff --git a/charts/library/common/schemas/addons/tailscale.json b/charts/library/common/schemas/addons/tailscale.json index c3ac8b6c09509..ae9aeb4fb2118 100644 --- a/charts/library/common/schemas/addons/tailscale.json +++ b/charts/library/common/schemas/addons/tailscale.json @@ -17,10 +17,6 @@ }, "description": "Addons to the workloads" }, - "config": { - "type": "string", - "description": "Configuration for `addons.tailscale.config`." - }, "container": { "type": "object", "properties": { @@ -133,45 +129,56 @@ "additionalProperties": true, "description": "Addons to the workloads" }, - "authkey": { - "type": "string", - "description": "Configuration for `addons.tailscale.authkey`." - }, - "userspace": { - "type": "boolean", - "description": "Configuration for `addons.tailscale.userspace`." - }, - "auth_once": { - "type": "boolean", - "description": "Configuration for `addons.tailscale.auth_once`." - }, - "accept_dns": { - "type": "boolean", - "description": "Configuration for `addons.tailscale.accept_dns`." - }, - "routes": { - "type": "string", - "description": "Configuration for `addons.tailscale.routes`." - }, - "dest_ip": { - "type": "string", - "description": "Configuration for `addons.tailscale.dest_ip`." - }, - "sock5_server": { - "type": "string", - "description": "Configuration for `addons.tailscale.sock5_server`." - }, - "extra_args": { - "type": "string", - "description": "Configuration for `addons.tailscale.extra_args`." - }, - "daemon_extra_args": { - "type": "string", - "description": "Configuration for `addons.tailscale.daemon_extra_args`." - }, - "outbound_http_proxy_listen": { - "type": "string", - "description": "Configuration for `addons.tailscale.outbound_http_proxy_listen`." + "settings": { + "type": "object", + "properties": { + "config": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.config`." + }, + "authkey": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.authkey`." + }, + "userspace": { + "type": "boolean", + "description": "Configuration for `addons.tailscale.settings.userspace`." + }, + "auth_once": { + "type": "boolean", + "description": "Configuration for `addons.tailscale.settings.auth_once`." + }, + "accept_dns": { + "type": "boolean", + "description": "Configuration for `addons.tailscale.settings.accept_dns`." + }, + "routes": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.routes`." + }, + "dest_ip": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.dest_ip`." + }, + "sock5_server": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.sock5_server`." + }, + "extra_args": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.extra_args`." + }, + "daemon_extra_args": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.daemon_extra_args`." + }, + "outbound_http_proxy_listen": { + "type": "string", + "description": "Configuration for `addons.tailscale.settings.outbound_http_proxy_listen`." + } + }, + "additionalProperties": true, + "description": "Tailscale settings" }, "annotations": { "type": "object", diff --git a/charts/library/common/templates/addons/_tailscale.tpl b/charts/library/common/templates/addons/_tailscale.tpl index e3d5e5e500416..342efe1455ad9 100644 --- a/charts/library/common/templates/addons/_tailscale.tpl +++ b/charts/library/common/templates/addons/_tailscale.tpl @@ -5,13 +5,52 @@ It will include / inject the required templates based on the given values. {{- define "tc.v1.common.addon.tailscale" -}} {{- $ts := $.Values.addons.tailscale -}} {{- if $ts.enabled -}} + {{- $settings := $ts.settings | default dict -}} + + {{/* Merge settings into environment variables */}} + {{- $env := $ts.container.env | default dict -}} + {{- if $settings.config -}} + {{- $_ := set $env "TS_CONFIG" $settings.config -}} + {{- end -}} + {{- if $settings.authkey -}} + {{- $_ := set $env "TS_AUTH_KEY" $settings.authkey -}} + {{- end -}} + {{- if hasKey $settings "userspace" -}} + {{- $_ := set $env "TS_USERSPACE" $settings.userspace -}} + {{- end -}} + {{- if hasKey $settings "auth_once" -}} + {{- $_ := set $env "TS_AUTH_ONCE" $settings.auth_once -}} + {{- end -}} + {{- if hasKey $settings "accept_dns" -}} + {{- $_ := set $env "TS_ACCEPT_DNS" $settings.accept_dns -}} + {{- end -}} + {{- if $settings.routes -}} + {{- $_ := set $env "TS_ROUTES" $settings.routes -}} + {{- end -}} + {{- if $settings.dest_ip -}} + {{- $_ := set $env "TS_DEST_IP" $settings.dest_ip -}} + {{- end -}} + {{- if $settings.sock5_server -}} + {{- $_ := set $env "TS_SOCKS5_SERVER" $settings.sock5_server -}} + {{- end -}} + {{- if $settings.extra_args -}} + {{- $_ := set $env "TS_EXTRA_ARGS" $settings.extra_args -}} + {{- end -}} + {{- if $settings.daemon_extra_args -}} + {{- $_ := set $env "TS_TAILSCALED_EXTRA_ARGS" $settings.daemon_extra_args -}} + {{- end -}} + {{- if $settings.outbound_http_proxy_listen -}} + {{- $_ := set $env "TS_OUTBOUND_HTTP_PROXY_LISTEN" $settings.outbound_http_proxy_listen -}} + {{- end -}} + {{- $_ := set $ts.container "env" $env -}} + {{- $secContext := dict -}} {{- $_ := set $secContext "runAsUser" 0 -}} {{- $_ := set $secContext "runAsGroup" 0 -}} {{- $_ := set $secContext "runAsNonRoot" true -}} {{- $_ := set $secContext "readOnlyRootFilesystem" false -}} - {{- if and $ts.container.env ($ts.container.env.TS_USERSPACE) -}} + {{- if and $env ($env.TS_USERSPACE) -}} {{- $_ := set $secContext "runAsUser" 1000 -}} {{- $_ := set $secContext "runAsGroup" 1000 -}} {{- $_ := set $secContext "runAsNonRoot" false -}} diff --git a/charts/library/common/values.yaml b/charts/library/common/values.yaml index 3b5eb540ef906..ff5527e526963 100644 --- a/charts/library/common/values.yaml +++ b/charts/library/common/values.yaml @@ -1026,8 +1026,6 @@ addons: enabled: false targetSelector: - main - # -- you can directly specify the config file here - config: "" container: enabled: true imageSelector: "tailscaleImage" @@ -1051,34 +1049,28 @@ addons: TS_KUBE_SECRET: "" TS_SOCKET: /var/run/tailscale/tailscaled.sock TS_STATE_DIR: /var/lib/tailscale/state - TS_USERSPACE: true - TS_AUTH_ONCE: true - TS_ACCEPT_DNS: false - TS_AUTH_KEY: "" - TS_TAILSCALED_EXTRA_ARGS: "" - TS_EXTRA_ARGS: "" - TS_SOCKS5_SERVER: "" - TS_DEST_IP: "" - TS_ROUTES: "" - TS_OUTBOUND_HTTP_PROXY_LISTEN: "" securityContext: capabilities: add: - NET_ADMIN - NET_RAW - # -- Auth key to connect to the VPN Service - authkey: "" - # As a sidecar, it should only need to run in userspace - userspace: true - auth_once: true - accept_dns: false - routes: "" - dest_ip: "" - sock5_server: "" - extra_args: "" - daemon_extra_args: "" - outbound_http_proxy_listen: "" + # -- Tailscale settings + settings: + # -- you can directly specify the config file here + config: "" + # -- Auth key to connect to the VPN Service + authkey: "" + # As a sidecar, it should only need to run in userspace + userspace: true + auth_once: true + accept_dns: false + routes: "" + dest_ip: "" + sock5_server: "" + extra_args: "" + daemon_extra_args: "" + outbound_http_proxy_listen: "" # -- Annotations for tailscale sidecar annotations: {} From 8ade385b97209176d565f8754bf3283316ac01bc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Feb 2026 16:53:41 +0000 Subject: [PATCH 2/2] feat(common): add settings property to addons schema - Add settings as a recognized property in the main addons.json schema - Settings property allows any addon to define addon-specific configuration - Tailscale addon already has complete settings schema with all keys defined - Settings supports additionalProperties for flexibility across different addon types Co-authored-by: PrivatePuffin <7613738+PrivatePuffin@users.noreply.github.com> --- charts/library/common/schemas/addons.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/library/common/schemas/addons.json b/charts/library/common/schemas/addons.json index e09e3fbeee111..bf09cc93f7459 100644 --- a/charts/library/common/schemas/addons.json +++ b/charts/library/common/schemas/addons.json @@ -48,6 +48,12 @@ "properties": {}, "additionalProperties": true, "description": "Define additional options for the ingress See ingress options in the [ingress](/truecharts-common/ingress) section." + }, + "settings": { + "type": "object", + "properties": {}, + "additionalProperties": true, + "description": "Addon-specific settings that vary by addon type" } }, "additionalProperties": true,