Apply tag:registry to indri via Pulumi

- Add tag:registry to indri DeviceTags in __main__.py - Update plan with implementation details noting the tag is managed via Pulumi, not manually in admin console Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-17 20:16:06 -08:00 · 2026-01-17 20:16:06 -08:00 · 8defa0ef6e
commit 8defa0ef6e
parent 83956afe92
2 changed files with 7 additions and 1 deletions
--- a/plans/k8s-migration.md
+++ b/plans/k8s-migration.md
@ -130,6 +130,9 @@ mise run tailnet-preview   # Review changes - should show new tag
 mise run tailnet-up        # Apply changes
 ```

+**Implementation Details:**
+- Also need to add `"tag:registry"` to indri's tags in `pulumi/__main__.py` (the `DeviceTags` resource), not just define it in `policy.hujson`. The policy file defines the tag ownership rules, but the device tags are managed separately in the Python code.
+
 ---

 ### Step 0.2: Create Tailscale Services in Admin Console (MANUAL)
@ -140,7 +143,9 @@ mise run tailnet-up        # Apply changes
 2. Create service `registry` with:
   - Port: 443 (HTTPS)
   - Host: indri
-3. Apply tag `tag:registry` to indri if not already tagged
+
+**Implementation Details:**
+- Tag is applied to indri via Pulumi in Step 0.1, not manually in admin console.

 **Verification:**
 ```bash
--- a/pulumi/main.py
+++ b/pulumi/main.py
@ -52,6 +52,7 @@ indri_tags = tailscale.DeviceTags(
        "tag:loki",
        "tag:pg",
        "tag:feed",
+        "tag:registry",  # Zot container registry
    ],
 )