helm/tailscale/tailscale-operator 1.66.3

v1.66.3

on Artifact Hub

All platforms

• Fixed: Login URLs did not always appear in the console when running tailscale up.

Android

• Changed: Reintroduced the Quick Settings title that v1.66.0 temporarily removed.
• Changed: Improved the VPN service connection logic, especially when rebooting the device with Always-On VPN enabled.
• Changed: The persistent VPN status notification now informs the user with a muted icon when the VPN is disconnected. VPN status notifications can be disabled in the system notification settings.
• Fixed: The "Enable" button in the exit node selector banner now renders with the correct background color.

Kubernetes operator

• Breaking change: Starting with v1.66, the Kubernetes operator must always run the same or later version as the proxies it manages.
• New: Expose cloud services on cluster network to the tailnet, using Kubernetes ExternalName Services. This allows exposing cloud services, such as RDS instances, to tailnet by their DNS names.
• New: Expose tailnet services that use Tailscale HTTPS to cluster workloads. Refer to #11019.
• New: Cluster workloads can now refer to Tailscale Ingress resources by their MagicDNS names. Refer to #11019.
• New: Configure environment variables for Tailscale Kubernetes operator proxies using ProxyClass CRD.
  Refer to ProxyClass API.
• New: Expose tailscaled metrics endpoint for Tailscale Kubernetes operator proxies through ProxyClass CRD. Note that the tailscaled metrics are unstable and will likely change in the future. Refer to ProxyClass API.
• New: Configure labels for the Kubernetes operator Pods with Helm chart values. Refer to Helm chart values.
• New: Configure affinity rules for Kubernetes operator proxy Pods with ProxyClass. Refer to ProxyClass API.
• Fixed: Kubernetes operator proxy init container no longer attempts to enable IPv6 forwarding on systems that don't have IPv6 module loaded. Refer to #11867.

Containers

• Fixed: Tailscale containers running on Kubernetes no longer error if an empty Kubernetes Secret is pre-created for the tailscaled state. Refer to #11326.
• Fixed: Improved the ambiguous error messages when Tailscale running on Kubernetes does not have the right permissions to perform actions against the tailscaled state Secret. Refer to #11326.