Update kustomization.yaml to include 'tsidp' resource and enable 'ts.net' configuration in CoreDNS for Cilium applications

Author: rajsinghtech

clusters/common/apps/tailscale-examples/sandbox/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   # - ./derper
   - ./hello
   - ./proxyt
+  - ./tsidp
   - ./tsflow
   # - ./tsdnsproxy
   - ./sidecar

clusters/common/apps/tailscale-examples/sandbox/tsidp/egress.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    tailscale.com/tailnet-fqdn: ottawa-idp.keiretsu.ts.net
+    tailscale.com/proxy-group: common-egress
+  name: ottawa-idp-egress
+spec:
+  externalName: placeholder   # any value - will be overwritten by operator
+  type: ExternalName 
+  ports:
+  - name: https # any value
+    port: 443
+    protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    tailscale.com/tailnet-fqdn: robbinsdale-idp.keiretsu.ts.net
+    tailscale.com/proxy-group: common-egress
+  name: robbinsdale-idp-egress
+spec:
+  externalName: placeholder   # any value - will be overwritten by operator
+  type: ExternalName 
+  ports:
+  - name: https # any value
+    port: 443
+    protocol: TCP

clusters/common/apps/tailscale-examples/sandbox/tsidp/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: tailscale
+resources:
+  - manifest.yaml
+  - egress.yaml

clusters/common/apps/tailscale-examples/sandbox/tsidp/manifest.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: tsidp
+  namespace: tailscale
+  labels:
+    app: tsidp
+spec:
+  replicas: 1
+  serviceName: tsidp
+  selector:
+    matchLabels:
+      app: tsidp
+  volumeClaimTemplates:
+  - metadata:
+      name: tsidp-data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 1Gi
+  template:
+    metadata:
+      labels:
+        app: tsidp
+    spec:
+      containers:
+      - name: tsidp
+        image: ghcr.io/tailscale/tsidp:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 443
+          name: https
+        env:
+        - name: TAILSCALE_USE_WIP_CODE
+          value: "1"
+        - name: TS_STATE_DIR
+          value: "/data"
+        - name: TS_HOSTNAME
+          value: "${LOCATION}-idp"
+        - name: TSIDP_ENABLE_STS
+          value: "1"
+        - name: TS_AUTHKEY
+          valueFrom:
+            secretKeyRef:
+              name: ts-authkey
+              key: TS_AUTHKEY
+        volumeMounts:
+        - name: tsidp-data
+          mountPath: /data

clusters/talos-ottawa/apps/cilium/config/coredns.yaml

@@ -36,8 +36,8 @@ data:
       cache 30
       forward . 10.69.69.51
     }
-# ts.net {
-#   errors
-#   cache 30
-#   forward . 10.69.69.50
-# }
+    ts.net {
+      errors
+      cache 30
+      forward . 10.69.69.50
+    }

clusters/talos-robbinsdale/apps/cilium/config/coredns.yaml

@@ -36,8 +36,8 @@ data:
       cache 30
       forward . 10.69.69.51
     }
-# ts.net {
-#   errors
-#   cache 30
-#   forward . 10.69.69.50
-# }
+    ts.net {
+      errors
+      cache 30
+      forward . 10.69.69.50
+    }