blumeops

eblume/blumeops

Fork 0

Commit graph

Author	SHA1	Message	Date
Erich Blume	4381e1d86f	C1: switch to strategic merge patch for proxyclass image rewrite Kustomize's images: directive only rewrites image fields on built-in k8s kinds (Pod, Deployment, etc.), not on custom resources like ProxyClass. The first attempt left the rendered ProxyClass pointing at upstream docker.io. Replaces it with a strategic merge patch over spec.statefulSet.pod.tailscale{Container,InitContainer}.image. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 06:46:37 -07:00
Erich Blume	3bc9990355	C1: rewrite ringtail proxyclass image to local tailscale container Adds a kustomize images: rewrite scoped to tailscale-operator-ringtail, pointing docker.io/tailscale/tailscale at registry.ops.eblu.me's v1.94.2-67af7a8-nix build. Indri's tailscale-operator overlay is unchanged — it continues pulling upstream until the k3s migration retires the indri minikube cluster. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 06:42:58 -07:00
Erich Blume	61ca1ca305	Deploy Tailscale operator on ringtail k3s cluster (#215 ) ## Summary - Extract shared Tailscale operator resources (CRDs, RBAC, Deployment, ProxyClass, DNSConfig) into `tailscale-operator-base/` so both clusters reference the same manifests - Add `tailscale-operator-ringtail/` overlay with 1-replica ProxyGroup and ExternalSecret for the shared OAuth client - Add ArgoCD Application targeting `ringtail.tail8d86e.ts.net:6443` - Update `.yamllint.yaml` ignore path for the moved `operator.yaml` ## Deployment and Testing - [ ] Sync `apps` app to pick up the new Application definition - [ ] `argocd app sync tailscale-operator-ringtail` - [ ] Verify ExternalSecret syncs: `kubectl --context=k3s-ringtail -n tailscale get externalsecret` - [ ] Verify operator pod runs: `kubectl --context=k3s-ringtail -n tailscale get pods` - [ ] Verify ProxyGroup ready: `kubectl --context=k3s-ringtail -n tailscale get proxygroups` - [ ] Verify indri operator still works: `argocd app diff tailscale-operator` - [ ] Check Tailscale admin for new operator device with `tag:k8s-operator` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/215	2026-02-19 09:33:05 -08:00

Author

SHA1

Message

Date

Erich Blume

4381e1d86f

C1: switch to strategic merge patch for proxyclass image rewrite

Kustomize's images: directive only rewrites image fields on built-in k8s
kinds (Pod, Deployment, etc.), not on custom resources like ProxyClass.
The first attempt left the rendered ProxyClass pointing at upstream
docker.io. Replaces it with a strategic merge patch over
spec.statefulSet.pod.tailscale{Container,InitContainer}.image.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-06 06:46:37 -07:00

Erich Blume

3bc9990355

C1: rewrite ringtail proxyclass image to local tailscale container

Adds a kustomize images: rewrite scoped to tailscale-operator-ringtail,
pointing docker.io/tailscale/tailscale at registry.ops.eblu.me's
v1.94.2-67af7a8-nix build. Indri's tailscale-operator overlay is
unchanged — it continues pulling upstream until the k3s migration
retires the indri minikube cluster.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-06 06:42:58 -07:00

Erich Blume

61ca1ca305

Deploy Tailscale operator on ringtail k3s cluster (#215 )

## Summary
- Extract shared Tailscale operator resources (CRDs, RBAC, Deployment, ProxyClass, DNSConfig) into `tailscale-operator-base/` so both clusters reference the same manifests
- Add `tailscale-operator-ringtail/` overlay with 1-replica ProxyGroup and ExternalSecret for the shared OAuth client
- Add ArgoCD Application targeting `ringtail.tail8d86e.ts.net:6443`
- Update `.yamllint.yaml` ignore path for the moved `operator.yaml`

## Deployment and Testing
- [ ] Sync `apps` app to pick up the new Application definition
- [ ] `argocd app sync tailscale-operator-ringtail`
- [ ] Verify ExternalSecret syncs: `kubectl --context=k3s-ringtail -n tailscale get externalsecret`
- [ ] Verify operator pod runs: `kubectl --context=k3s-ringtail -n tailscale get pods`
- [ ] Verify ProxyGroup ready: `kubectl --context=k3s-ringtail -n tailscale get proxygroups`
- [ ] Verify indri operator still works: `argocd app diff tailscale-operator`
- [ ] Check Tailscale admin for new operator device with `tag:k8s-operator`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/215

2026-02-19 09:33:05 -08:00

3 commits