From 2bc0852680286ffcc81b4097f5f7de440b275798 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 15 Mar 2026 17:42:34 -0700 Subject: [PATCH] Switch to kustomize remote resource for upstream manifest Use HTTPS raw URL from forge mirror instead of a separate ArgoCD app. Pins operator image to v1.94.2 via kustomize images transformer, avoiding the upstream's floating "stable" tag. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../tailscale-operator-base-ringtail.yaml | 25 ------------------- argocd/apps/tailscale-operator-base.yaml | 25 ------------------- .../kustomization.yaml | 16 ++++++------ 3 files changed, 8 insertions(+), 58 deletions(-) delete mode 100644 argocd/apps/tailscale-operator-base-ringtail.yaml delete mode 100644 argocd/apps/tailscale-operator-base.yaml diff --git a/argocd/apps/tailscale-operator-base-ringtail.yaml b/argocd/apps/tailscale-operator-base-ringtail.yaml deleted file mode 100644 index 073ab3e..0000000 --- a/argocd/apps/tailscale-operator-base-ringtail.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Tailscale Kubernetes Operator — upstream static manifest (ringtail) -# Deploys CRDs, RBAC, ServiceAccounts, and the operator Deployment. -# Custom resources (ProxyClass, DNSConfig, etc.) are in tailscale-operator-ringtail. -# -# Mirror of https://github.com/tailscale/tailscale -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: tailscale-operator-base-ringtail - namespace: argocd -spec: - project: default - source: - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/mirrors/tailscale.git - targetRevision: v1.94.2 - path: cmd/k8s-operator/deploy/manifests - directory: - include: 'operator.yaml' - destination: - server: https://ringtail.tail8d86e.ts.net:6443 - namespace: tailscale - syncPolicy: - syncOptions: - - CreateNamespace=true - - ServerSideApply=true # CRDs exceed annotation size limit diff --git a/argocd/apps/tailscale-operator-base.yaml b/argocd/apps/tailscale-operator-base.yaml deleted file mode 100644 index 835313f..0000000 --- a/argocd/apps/tailscale-operator-base.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Tailscale Kubernetes Operator — upstream static manifest -# Deploys CRDs, RBAC, ServiceAccounts, and the operator Deployment. -# Custom resources (ProxyClass, DNSConfig, etc.) are in tailscale-operator. -# -# Mirror of https://github.com/tailscale/tailscale -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: tailscale-operator-base - namespace: argocd -spec: - project: default - source: - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/mirrors/tailscale.git - targetRevision: v1.94.2 - path: cmd/k8s-operator/deploy/manifests - directory: - include: 'operator.yaml' - destination: - server: https://kubernetes.default.svc - namespace: tailscale - syncPolicy: - syncOptions: - - CreateNamespace=true - - ServerSideApply=true # CRDs exceed annotation size limit diff --git a/argocd/manifests/tailscale-operator-base/kustomization.yaml b/argocd/manifests/tailscale-operator-base/kustomization.yaml index ea38ce5..e5fc40d 100644 --- a/argocd/manifests/tailscale-operator-base/kustomization.yaml +++ b/argocd/manifests/tailscale-operator-base/kustomization.yaml @@ -4,14 +4,14 @@ kind: Kustomization namespace: tailscale -# The upstream operator manifest (CRDs, RBAC, Deployment) is managed by the -# tailscale-operator-base ArgoCD app, sourced from mirrors/tailscale on forge. -# Version is pinned via targetRevision in argocd/apps/tailscale-operator-base.yaml. -# -# When upgrading Tailscale, update BOTH: -# 1. targetRevision in argocd/apps/tailscale-operator-base.yaml -# 2. image tags in proxyclass.yaml below - +# Upstream Tailscale operator manifest from forge mirror. +# To upgrade: update the ref in the URL AND the newTag below. resources: + - https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.94.2/cmd/k8s-operator/deploy/manifests/operator.yaml - proxyclass.yaml - dnsconfig.yaml + +images: + - name: tailscale/k8s-operator + newName: docker.io/tailscale/k8s-operator + newTag: v1.94.2