Switch to kustomize remote resource for upstream manifest

Use HTTPS raw URL from forge mirror instead of a separate ArgoCD app. Pins operator image to v1.94.2 via kustomize images transformer, avoiding the upstream's floating "stable" tag. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 17:42:34 -07:00 · 2026-03-15 17:42:34 -07:00 · 2bc0852680
commit 2bc0852680
parent 56224867fa
3 changed files with 8 additions and 58 deletions
--- a/argocd/apps/tailscale-operator-base-ringtail.yaml
+++ b/argocd/apps/tailscale-operator-base-ringtail.yaml
@ -1,25 +0,0 @@
-# Tailscale Kubernetes Operator — upstream static manifest (ringtail)
-# Deploys CRDs, RBAC, ServiceAccounts, and the operator Deployment.
-# Custom resources (ProxyClass, DNSConfig, etc.) are in tailscale-operator-ringtail.
-#
-# Mirror of https://github.com/tailscale/tailscale
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: tailscale-operator-base-ringtail
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: ssh://forgejo@forge.ops.eblu.me:2222/mirrors/tailscale.git
-    targetRevision: v1.94.2
-    path: cmd/k8s-operator/deploy/manifests
-    directory:
-      include: 'operator.yaml'
-  destination:
-    server: https://ringtail.tail8d86e.ts.net:6443
-    namespace: tailscale
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ServerSideApply=true  # CRDs exceed annotation size limit
--- a/argocd/apps/tailscale-operator-base.yaml
+++ b/argocd/apps/tailscale-operator-base.yaml
@ -1,25 +0,0 @@
-# Tailscale Kubernetes Operator — upstream static manifest
-# Deploys CRDs, RBAC, ServiceAccounts, and the operator Deployment.
-# Custom resources (ProxyClass, DNSConfig, etc.) are in tailscale-operator.
-#
-# Mirror of https://github.com/tailscale/tailscale
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: tailscale-operator-base
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: ssh://forgejo@forge.ops.eblu.me:2222/mirrors/tailscale.git
-    targetRevision: v1.94.2
-    path: cmd/k8s-operator/deploy/manifests
-    directory:
-      include: 'operator.yaml'
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: tailscale
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ServerSideApply=true  # CRDs exceed annotation size limit
--- a/argocd/manifests/tailscale-operator-base/kustomization.yaml
+++ b/argocd/manifests/tailscale-operator-base/kustomization.yaml
@ -4,14 +4,14 @@ kind: Kustomization

 namespace: tailscale

-# The upstream operator manifest (CRDs, RBAC, Deployment) is managed by the
-# tailscale-operator-base ArgoCD app, sourced from mirrors/tailscale on forge.
-# Version is pinned via targetRevision in argocd/apps/tailscale-operator-base.yaml.
-#
-# When upgrading Tailscale, update BOTH:
-#   1. targetRevision in argocd/apps/tailscale-operator-base.yaml
-#   2. image tags in proxyclass.yaml below
-
+# Upstream Tailscale operator manifest from forge mirror.
+# To upgrade: update the ref in the URL AND the newTag below.
 resources:
+  - https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.94.2/cmd/k8s-operator/deploy/manifests/operator.yaml
  - proxyclass.yaml
  - dnsconfig.yaml
+
+images:
+  - name: tailscale/k8s-operator
+    newName: docker.io/tailscale/k8s-operator
+    newTag: v1.94.2