From 4381e1d86f5007f48f53d771caee90f1011bc66b Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Wed, 6 May 2026 06:46:37 -0700 Subject: [PATCH] C1: switch to strategic merge patch for proxyclass image rewrite Kustomize's images: directive only rewrites image fields on built-in k8s kinds (Pod, Deployment, etc.), not on custom resources like ProxyClass. The first attempt left the rendered ProxyClass pointing at upstream docker.io. Replaces it with a strategic merge patch over spec.statefulSet.pod.tailscale{Container,InitContainer}.image. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../kustomization.yaml | 16 +++++++++++----- .../proxyclass-image.yaml | 11 +++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 argocd/manifests/tailscale-operator-ringtail/proxyclass-image.yaml diff --git a/argocd/manifests/tailscale-operator-ringtail/kustomization.yaml b/argocd/manifests/tailscale-operator-ringtail/kustomization.yaml index 5e30291..2d9ceb2 100644 --- a/argocd/manifests/tailscale-operator-ringtail/kustomization.yaml +++ b/argocd/manifests/tailscale-operator-ringtail/kustomization.yaml @@ -11,8 +11,14 @@ resources: # Rewrite the proxyclass image to our local nix-built mirror. # Scoped to ringtail only; indri's tailscale-operator/kustomization.yaml still -# pulls from upstream docker.io. -images: - - name: docker.io/tailscale/tailscale - newName: registry.ops.eblu.me/blumeops/tailscale - newTag: v1.94.2-67af7a8-nix +# pulls from upstream docker.io. A strategic merge patch is used instead of +# kustomize's `images:` directive because that directive only rewrites images +# in standard k8s container fields, not custom-resource fields like +# ProxyClass.spec.statefulSet.pod.tailscaleContainer.image. +patches: + - path: proxyclass-image.yaml + target: + group: tailscale.com + version: v1alpha1 + kind: ProxyClass + name: default diff --git a/argocd/manifests/tailscale-operator-ringtail/proxyclass-image.yaml b/argocd/manifests/tailscale-operator-ringtail/proxyclass-image.yaml new file mode 100644 index 0000000..b585e22 --- /dev/null +++ b/argocd/manifests/tailscale-operator-ringtail/proxyclass-image.yaml @@ -0,0 +1,11 @@ +apiVersion: tailscale.com/v1alpha1 +kind: ProxyClass +metadata: + name: default +spec: + statefulSet: + pod: + tailscaleContainer: + image: registry.ops.eblu.me/blumeops/tailscale:v1.94.2-67af7a8-nix + tailscaleInitContainer: + image: registry.ops.eblu.me/blumeops/tailscale:v1.94.2-67af7a8-nix