From fd2ebcd5bdf5a166513e7b86114dcbcb5d8c67e3 Mon Sep 17 00:00:00 2001 From: Chris Mosetick Date: Wed, 25 Feb 2026 20:30:21 +0100 Subject: [PATCH] cmd/k8s-operator: add exit node example (#18087) * cmd/k8s-operator/deploy/examples Adds exitnode.yaml to k8s-operator Fixes #18086 Signed-off-by: Christopher Mosetick * cmd/k8s-operator/deploy/examples: update connector and add exitnode examples - Remove exitNode: true from connector.yaml to keep it focused as a subnet router example - Update connector.yaml header comment to remove exit node reference and add pointer hint to exitnode.yaml - Clarify exitnode.yaml comments to accurately describe separate Connector deployment pattern Fixes #18086 Signed-off-by: Christopher Mosetick * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond Signed-off-by: Chris Mosetick * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond Signed-off-by: Chris Mosetick * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond Signed-off-by: Chris Mosetick * Update cmd/k8s-operator/deploy/examples/exitnode.yaml Co-authored-by: David Bond Signed-off-by: Chris Mosetick --------- Signed-off-by: Christopher Mosetick Signed-off-by: Chris Mosetick Co-authored-by: David Bond --- .../deploy/examples/connector.yaml | 4 +-- .../deploy/examples/exitnode.yaml | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 cmd/k8s-operator/deploy/examples/exitnode.yaml diff --git a/cmd/k8s-operator/deploy/examples/connector.yaml b/cmd/k8s-operator/deploy/examples/connector.yaml index f5447400e..a025eef98 100644 --- a/cmd/k8s-operator/deploy/examples/connector.yaml +++ b/cmd/k8s-operator/deploy/examples/connector.yaml @@ -1,9 +1,10 @@ # Before applying ensure that the operator owns tag:prod. # https://tailscale.com/kb/1236/kubernetes-operator/#setting-up-the-kubernetes-operator. -# To set up autoapproval set tag:prod as approver for 10.40.0.0/14 route and exit node. +# To set up autoapproval set tag:prod as approver for 10.40.0.0/14 route. # Otherwise approve it manually in Machines panel once the # ts-prod Tailscale node has been created. # See https://tailscale.com/kb/1018/acls/#auto-approvers-for-routes-and-exit-nodes +# For an exit node example, see exitnode.yaml apiVersion: tailscale.com/v1alpha1 kind: Connector metadata: @@ -17,4 +18,3 @@ spec: advertiseRoutes: - "10.40.0.0/14" - "192.168.0.0/14" - exitNode: true diff --git a/cmd/k8s-operator/deploy/examples/exitnode.yaml b/cmd/k8s-operator/deploy/examples/exitnode.yaml new file mode 100644 index 000000000..b2ce516cd --- /dev/null +++ b/cmd/k8s-operator/deploy/examples/exitnode.yaml @@ -0,0 +1,26 @@ +# Before applying ensure that the operator owns tag:k8s-operator +# To use both subnet routing and exit node on the same cluster, deploy a separate +# Connector resource for each. +# See connector.yaml for a subnet router example. +# See: https://tailscale.com/kb/1441/kubernetes-operator-connector +--- +apiVersion: tailscale.com/v1alpha1 +kind: Connector +metadata: + name: exit-node +spec: + # Exit node configuration - allows Tailscale clients to route all internet traffic through this Connector + exitNode: true + + # High availability: 2 replicas for redundancy + # Note: Must use hostnamePrefix (not hostname) when replicas > 1 + replicas: 2 + + # Hostname prefix for the exit node devices + # Devices will be named: exit-node-0, exit-node-1 + hostnamePrefix: exit-node + + # Tailscale tags for ACL policy management + tags: + - tag:k8s-operator +