From 8defa0ef6ed503bf2c73491df09256b47cfb6ee3 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sat, 17 Jan 2026 20:16:06 -0800 Subject: [PATCH] Apply tag:registry to indri via Pulumi - Add tag:registry to indri DeviceTags in __main__.py - Update plan with implementation details noting the tag is managed via Pulumi, not manually in admin console Co-Authored-By: Claude Opus 4.5 --- plans/k8s-migration.md | 7 ++++++- pulumi/__main__.py | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/plans/k8s-migration.md b/plans/k8s-migration.md index 5a773cc..4650719 100644 --- a/plans/k8s-migration.md +++ b/plans/k8s-migration.md @@ -130,6 +130,9 @@ mise run tailnet-preview # Review changes - should show new tag mise run tailnet-up # Apply changes ``` +**Implementation Details:** +- Also need to add `"tag:registry"` to indri's tags in `pulumi/__main__.py` (the `DeviceTags` resource), not just define it in `policy.hujson`. The policy file defines the tag ownership rules, but the device tags are managed separately in the Python code. + --- ### Step 0.2: Create Tailscale Services in Admin Console (MANUAL) @@ -140,7 +143,9 @@ mise run tailnet-up # Apply changes 2. Create service `registry` with: - Port: 443 (HTTPS) - Host: indri -3. Apply tag `tag:registry` to indri if not already tagged + +**Implementation Details:** +- Tag is applied to indri via Pulumi in Step 0.1, not manually in admin console. **Verification:** ```bash diff --git a/pulumi/__main__.py b/pulumi/__main__.py index 33f3d0d..3b8b817 100644 --- a/pulumi/__main__.py +++ b/pulumi/__main__.py @@ -52,6 +52,7 @@ indri_tags = tailscale.DeviceTags( "tag:loki", "tag:pg", "tag:feed", + "tag:registry", # Zot container registry ], )