From bcd732e23fd8e823a22f734452bf3c39d0f5006e Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 22 Mar 2026 19:28:47 -0700 Subject: [PATCH] =?UTF-8?q?Upgrade=20Tailscale=20operator=20v1.94.2=20?= =?UTF-8?q?=E2=86=92=20v1.96.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps operator, proxy container, and init container images across both clusters (indri + ringtail share the base kustomization). Replaces the hand-rolled polling loop in the Fly proxy start script with `tailscale wait --timeout 60s` for proper daemon/interface readiness. Also stamps kube-state-metrics review date (already current at v2.18.0). Co-Authored-By: Claude Opus 4.6 (1M context) --- argocd/manifests/tailscale-operator-base/kustomization.yaml | 4 ++-- argocd/manifests/tailscale-operator-base/proxyclass.yaml | 4 ++-- docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md | 1 + fly/start.sh | 3 +-- service-versions.yaml | 6 +++--- 5 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md diff --git a/argocd/manifests/tailscale-operator-base/kustomization.yaml b/argocd/manifests/tailscale-operator-base/kustomization.yaml index 4519af6..bd52505 100644 --- a/argocd/manifests/tailscale-operator-base/kustomization.yaml +++ b/argocd/manifests/tailscale-operator-base/kustomization.yaml @@ -7,14 +7,14 @@ namespace: tailscale # Upstream Tailscale operator manifest from forge mirror. # To upgrade: update the ref in the URL AND the newTag below. resources: - - https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.94.2/cmd/k8s-operator/deploy/manifests/operator.yaml + - https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.96.3/cmd/k8s-operator/deploy/manifests/operator.yaml - proxyclass.yaml - dnsconfig.yaml images: - name: tailscale/k8s-operator newName: docker.io/tailscale/k8s-operator - newTag: v1.94.2 + newTag: v1.96.3 # The upstream manifest includes a placeholder OAuth Secret with empty values. # We manage this secret via ExternalSecret, so drop the upstream copy. diff --git a/argocd/manifests/tailscale-operator-base/proxyclass.yaml b/argocd/manifests/tailscale-operator-base/proxyclass.yaml index a5c4675..e0935d4 100644 --- a/argocd/manifests/tailscale-operator-base/proxyclass.yaml +++ b/argocd/manifests/tailscale-operator-base/proxyclass.yaml @@ -20,6 +20,6 @@ spec: statefulSet: pod: tailscaleContainer: - image: docker.io/tailscale/tailscale:v1.94.2 + image: docker.io/tailscale/tailscale:v1.96.3 tailscaleInitContainer: - image: docker.io/tailscale/tailscale:v1.94.2 + image: docker.io/tailscale/tailscale:v1.96.3 diff --git a/docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md b/docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md new file mode 100644 index 0000000..21fbf2e --- /dev/null +++ b/docs/changelog.d/upgrade-tailscale-operator-1.96.3.infra.md @@ -0,0 +1 @@ +Upgrade Tailscale operator v1.94.2 → v1.96.3; replace Fly proxy polling loop with `tailscale wait` diff --git a/fly/start.sh b/fly/start.sh index 5ec45db..96f6038 100644 --- a/fly/start.sh +++ b/fly/start.sh @@ -7,9 +7,8 @@ set -e # natively — no need for --tun=userspace-networking. tailscaled --statedir=/var/lib/tailscale & sleep 2 - tailscale up --authkey="${TS_AUTHKEY}" --hostname=flyio-proxy -until tailscale status > /dev/null 2>&1; do sleep 1; done +tailscale wait --timeout 60s echo "Tailscale connected" # Ensure fail2ban deny file exists before nginx starts diff --git a/service-versions.yaml b/service-versions.yaml index 8e5d0f3..e0c932c 100644 --- a/service-versions.yaml +++ b/service-versions.yaml @@ -26,7 +26,7 @@ services: - name: kube-state-metrics type: argocd - last-reviewed: 2026-02-16 + last-reviewed: 2026-03-22 current-version: "v2.18.0" upstream-source: https://github.com/kubernetes/kube-state-metrics/releases @@ -91,8 +91,8 @@ services: - name: tailscale-operator type: argocd - last-reviewed: 2026-02-16 - current-version: "v1.94.2" + last-reviewed: 2026-03-22 + current-version: "v1.96.3" upstream-source: https://github.com/tailscale/tailscale/releases - name: grafana