some hack files for debugging
This commit is contained in:
parent
b9f4137a63
commit
e53526d139
74
hack/debug-tsnet.yaml
Normal file
74
hack/debug-tsnet.yaml
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: debug-tsnet
|
||||||
|
spec:
|
||||||
|
shareProcessNamespace: true
|
||||||
|
containers:
|
||||||
|
- name: tailscale
|
||||||
|
image: ghcr.io/tailscale/tailscale:v1.50.1
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
|
- /bin/sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
export PATH=$PATH:/tailscale/bin
|
||||||
|
export PINGIP="100.64.0.20"
|
||||||
|
export PROCESS_TO_WAIT_FOR="bash"
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [[ ! -d /dev/net ]]; then
|
||||||
|
mkdir -p /dev/net
|
||||||
|
fi
|
||||||
|
if [[ ! -c /dev/net/tun ]]; then
|
||||||
|
mknod /dev/net/tun c 10 200
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "==> Starting tailscaled in background"
|
||||||
|
tailscaled --socket=/tmp/tailscaled.sock --state=mem: --statedir=/tmp &
|
||||||
|
TS_PID=$!
|
||||||
|
|
||||||
|
echo "==> Running tailscale up"
|
||||||
|
tailscale --socket=/tmp/tailscaled.sock up --authkey=${TS_AUTH_KEY} --accept-dns=false --login-server https://headscale.tbrnt.ch
|
||||||
|
|
||||||
|
echo "==> Waiting for Tailscale to connect properly"
|
||||||
|
until tailscale --socket=/tmp/tailscaled.sock status; do
|
||||||
|
echo "... Tailscale not ready yet"
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "==> Checking Tailscale connection to target"
|
||||||
|
until tailscale --socket=/tmp/tailscaled.sock ping $PINGIP; do
|
||||||
|
echo "==> ... No Tailscale connection yet"
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "==> Checking network connection to brunnernas"
|
||||||
|
until ping -c1 $PINGIP; do
|
||||||
|
echo "==> ... No network connection yet"
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "==> Connected! Waiting for main container to exit"
|
||||||
|
while pidof $PROCESS_TO_WAIT_FOR > /dev/null; do sleep 1; done
|
||||||
|
|
||||||
|
echo "==> Main container ended - stopping Tailscale"
|
||||||
|
kill -s SIGINT $TS_PID
|
||||||
|
wait ${TS_PID}
|
||||||
|
env:
|
||||||
|
- name: TS_AUTH_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: TS_AUTH_KEY
|
||||||
|
name: tailscale-auth-backup
|
||||||
|
resources: {}
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- name: debugger
|
||||||
|
image: docker.io/nicolaka/netshoot:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["/bin/bash"]
|
||||||
|
args: ["-c", "while true; do ping -i 10 localhost; sleep 60;done"]
|
||||||
|
resources: {}
|
31
hack/jspolicies/jspolicy-tailscale-proxy-injector.yaml
Normal file
31
hack/jspolicies/jspolicy-tailscale-proxy-injector.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
apiVersion: policy.jspolicy.com/v1beta1
|
||||||
|
kind: JsPolicy
|
||||||
|
metadata:
|
||||||
|
name: inject-tailscale-proxy.tbrnt.ch
|
||||||
|
spec:
|
||||||
|
type: Mutating
|
||||||
|
operations: ["CREATE"]
|
||||||
|
resources: ["pods"]
|
||||||
|
scope: Namespaced
|
||||||
|
objectSelector:
|
||||||
|
matchLabels:
|
||||||
|
k8upjob: "true"
|
||||||
|
javascript: |
|
||||||
|
const httpProxy = {
|
||||||
|
name: "http_proxy",
|
||||||
|
value: "127.0.0.1:1055"
|
||||||
|
}
|
||||||
|
const httpsProxy = {
|
||||||
|
name: "https_proxy",
|
||||||
|
value: "127.0.0.1:1055"
|
||||||
|
}
|
||||||
|
|
||||||
|
request.object.spec.containers?.forEach(container => {
|
||||||
|
if (container.name.match(/^backup$/)) {
|
||||||
|
print("Found backup container, injecting env vars")
|
||||||
|
//container.env.push(httpProxy)
|
||||||
|
//container.env.push(httpsProxy)
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
mutate(request.object);
|
Loading…
Reference in a new issue