feat: add CSIL schemas for Tailscale integration#22
Draft
Soypete wants to merge 3 commits intocatalystcommunity:mainfrom
Draft
feat: add CSIL schemas for Tailscale integration#22Soypete wants to merge 3 commits intocatalystcommunity:mainfrom
Soypete wants to merge 3 commits intocatalystcommunity:mainfrom
Conversation
Add optional `allow_cgnat_vip` configuration flag to enable VIP addresses in the CGNAT range (100.64.0.0/10, RFC 6598) used by Tailscale and similar overlay networks. Background: - Foundry previously only accepted RFC 1918 private IPs for VIP - Tailscale uses RFC 6598 Shared Address Space (100.64.0.0/10) - This prevented users from deploying clusters exclusively on Tailscale Changes: - Add `allow_cgnat_vip` field to ClusterConfig and K3s Config (CSIL schemas) - Update VIP validation to accept CGNAT range when flag is true - Wire flag through all validation paths (init, worker, vip) - Maintain backward compatibility (defaults to false) - Use *bool for optional field (CSIL generation constraint) Usage: ```yaml cluster: vip: 100.81.89.100 allow_cgnat_vip: true ``` Helpful error message suggests the flag when CGNAT IP is rejected. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive documentation for deploying Foundry clusters on Tailscale overlay networks using CGNAT IP addresses. Covers: - Required Tailscale ACL configuration - Single control plane setup (simple approach) - HA multi-control-plane setup with subnet routes - Network routing considerations for overlay networks - Troubleshooting VIP reachability issues - Validation checklist - Future roadmap for Tailscale operator integration
Add use_tailscale flag to ClusterConfig and create Tailscale component
configuration schema to enable automated Tailscale operator integration.
Changes:
- Add use_tailscale field to ClusterConfig (network-simple.csil)
- Create new tailscale.csil component schema with OAuth credentials,
operator image, advertise routes, and tags configuration
- Regenerate Go types for config and tailscale component
- Add comprehensive unit tests for Tailscale component types
Testing Strategy:
1. CSIL Validation: Both schemas validated with csilgen validate ✓
2. Type Generation: Go types correctly generated with proper pointer types
3. Compilation: Code builds successfully without errors
4. Unit Tests: 5 test cases covering:
- YAML marshaling/unmarshaling with various configurations
- Pointer type behavior (nil defaults for optional fields)
- Secret reference support (${secret:path:key} format)
- Round-trip YAML serialization
- Empty/minimal configuration handling
All tests passing (5/5).
Part of stacked PR series for Tailscale integration (PR #2a).
Builds on PR #1 (CGNAT VIP support).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
allow_cgnat_vipfield to k3s and network-simple configsallow_cgnat_vipfield