-
Add edge routing and health check RPCs (Phase 2)
kyle released this
2026-04-02 20:13:10 +00:00 | 18 commits to master since this releaseNew agent RPCs for v2 multi-node orchestration:
- SetupEdgeRoute: provisions TLS cert from Metacrypt, resolves backend
hostname to Tailnet IP, validates it's in 100.64.0.0/10, registers
L7 route in mc-proxy. Rejects backend_tls=false. - RemoveEdgeRoute: removes mc-proxy route, cleans up TLS cert, removes
registry entry. - ListEdgeRoutes: returns all edge routes with cert serial/expiry.
- HealthCheck: returns agent health and container count.
New database table (migration 4): edge_routes stores hostname, backend
info, and cert paths for persistence across agent restarts.ProxyRouter gains CertPath/KeyPath helpers for consistent cert path
construction.Security:
- Backend hostname must resolve to a Tailnet IP (100.64.0.0/10)
- backend_tls=false is rejected (no cleartext to backends)
- Cert provisioning failure fails the setup (no route to missing cert)
Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com
Downloads
- SetupEdgeRoute: provisions TLS cert from Metacrypt, resolves backend