-
Notifications
You must be signed in to change notification settings - Fork 9
User Guide
Define a TwingateConnector object.
Example:
apiVersion: twingate.com/v1beta
kind: TwingateConnector
metadata:
name: my-connector-auto-updating-image
spec:
imagePolicy:
schedule: "0 0 * * *"
Use the TwingateConnector.spec.sidecarContainers property.
Example:
apiVersion: twingate.com/v1beta
kind: TwingateConnector
metadata:
name: my-connector-auto-updating-image
spec:
imagePolicy:
schedule: "0 0 * * *"
sidecarContainers
- name: filebeat-sidecar
image: docker.elastic.co/beats/filebeat:7.5.0
...
Edit the Service and under metadata.annotations add the annotation twingate.com/resource with a "true" value.
Note that "true" is quoted because annotation values are strings, and an unquoted true will be incorrectly interpreted as a boolean.
When you do this, the operator will create a TwingateResource object based on your Service properties.
You can further customize the generated TwingateResource object by adding more annotations on the Service, each matches the respective TwingateResource spec property:
-
resource.twingate.com/name- the resource's name in the Twingate Admin Console. -
resource.twingate.com/alias- the resource's alias. -
resource.twingate.com/isBrowserShortcutEnabled- wether the “Open in Browser” should show for this resource. -
resource.twingate.com/securityPolicyId- assign a Security Policy to this resource. -
resource.twingate.com/isVisible- is the resource visible in the client dropdown menu. -
resource.twingate.com/syncLabels- allows turning off the default behaviors of syncing labels as tags to Twingate.
Example:
apiVersion: v1
kind: Service
metadata:
name: my-service-local
annotations:
resource.twingate.com: "true"
resource.twingate.com/alias: "myapp.internal"
spec:
selector:
app.kubernetes.io/name: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
name: first
- protocol: UDP
port: 22
targetPort: 9376
name: secondLabels set on the TwingateResource object will automatically propagate to Twingate as resource tags.
You can disable this behavior by setting syncLabels: false property (see API docs) on the resource:
Example:
apiVersion: twingate.com/v1beta
kind: TwingateResource
metadata:
name: my-twingate-resource
labels:
env: dev
spec:
name: My K8S Resource
address: my.default.cluster.local
syncLabels: false # will prevent syncing labels to twingate
Operator also supports applying a certain set of labels system-wide - to all TwingateResource objects managed by the operator.
When deploying the operator you can define defaultResourceTags in values.yaml.
Copyright © 2023 Twingate.