Upgrade Tailscale operator v1.94.2 → v1.96.3

Bumps operator, proxy container, and init container images across both clusters (indri + ringtail share the base kustomization). Replaces the hand-rolled polling loop in the Fly proxy start script with `tailscale wait --timeout 60s` for proper daemon/interface readiness. Also stamps kube-state-metrics review date (already current at v2.18.0). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 19:28:47 -07:00 · 2026-03-22 19:28:47 -07:00 · bcd732e23f
commit bcd732e23f
parent 262299c82a
5 changed files with 9 additions and 9 deletions
--- a/argocd/manifests/tailscale-operator-base/kustomization.yaml
+++ b/argocd/manifests/tailscale-operator-base/kustomization.yaml
@ -7,14 +7,14 @@ namespace: tailscale
 # Upstream Tailscale operator manifest from forge mirror.
 # To upgrade: update the ref in the URL AND the newTag below.
 resources:
-  - https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.94.2/cmd/k8s-operator/deploy/manifests/operator.yaml
+  - https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.96.3/cmd/k8s-operator/deploy/manifests/operator.yaml
  - proxyclass.yaml
  - dnsconfig.yaml

 images:
  - name: tailscale/k8s-operator
    newName: docker.io/tailscale/k8s-operator
-    newTag: v1.94.2
+    newTag: v1.96.3

 # The upstream manifest includes a placeholder OAuth Secret with empty values.
 # We manage this secret via ExternalSecret, so drop the upstream copy.
--- a/argocd/manifests/tailscale-operator-base/proxyclass.yaml
+++ b/argocd/manifests/tailscale-operator-base/proxyclass.yaml
@ -20,6 +20,6 @@ spec:
  statefulSet:
    pod:
      tailscaleContainer:
-        image: docker.io/tailscale/tailscale:v1.94.2
+        image: docker.io/tailscale/tailscale:v1.96.3
      tailscaleInitContainer:
-        image: docker.io/tailscale/tailscale:v1.94.2
+        image: docker.io/tailscale/tailscale:v1.96.3
--- a/docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md
+++ b/docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md
@ -0,0 +1 @@
+Upgrade Tailscale operator v1.94.2 → v1.96.3; replace Fly proxy polling loop with `tailscale wait`
--- a/fly/start.sh
+++ b/fly/start.sh
@ -7,9 +7,8 @@ set -e
 # natively — no need for --tun=userspace-networking.
 tailscaled --statedir=/var/lib/tailscale &
 sleep 2
-
 tailscale up --authkey="${TS_AUTHKEY}" --hostname=flyio-proxy
-until tailscale status > /dev/null 2>&1; do sleep 1; done
+tailscale wait --timeout 60s
 echo "Tailscale connected"

 # Ensure fail2ban deny file exists before nginx starts
--- a/service-versions.yaml
+++ b/service-versions.yaml
@ -26,7 +26,7 @@ services:

  - name: kube-state-metrics
    type: argocd
-    last-reviewed: 2026-02-16
+    last-reviewed: 2026-03-22
    current-version: "v2.18.0"
    upstream-source: https://github.com/kubernetes/kube-state-metrics/releases

@ -91,8 +91,8 @@ services:

  - name: tailscale-operator
    type: argocd
-    last-reviewed: 2026-02-16
-    current-version: "v1.94.2"
+    last-reviewed: 2026-03-22
+    current-version: "v1.96.3"
    upstream-source: https://github.com/tailscale/tailscale/releases

  - name: grafana
				`@ -0,0 +1 @@`
				Upgrade Tailscale operator v1.94.2 → v1.96.3; replace Fly proxy polling loop with `tailscale wait`