Deploy Tailscale operator on ringtail k3s cluster #215

Merged

eblume merged 2 commits from tailscale-operator-ringtail into main 2026-02-19 09:33:06 -08:00

Conversation 0 Commits 2 Files changed 12 +95 -5

eblume commented 2026-02-19 09:19:13 -08:00

Owner

Copy link

Summary

• Extract shared Tailscale operator resources (CRDs, RBAC, Deployment, ProxyClass, DNSConfig) into tailscale-operator-base/ so both clusters reference the same manifests
• Add tailscale-operator-ringtail/ overlay with 1-replica ProxyGroup and ExternalSecret for the shared OAuth client
• Add ArgoCD Application targeting ringtail.tail8d86e.ts.net:6443
• Update .yamllint.yaml ignore path for the moved operator.yaml

Deployment and Testing

• Sync apps app to pick up the new Application definition
• argocd app sync tailscale-operator-ringtail
• Verify ExternalSecret syncs: kubectl --context=k3s-ringtail -n tailscale get externalsecret
• Verify operator pod runs: kubectl --context=k3s-ringtail -n tailscale get pods
• Verify ProxyGroup ready: kubectl --context=k3s-ringtail -n tailscale get proxygroups
• Verify indri operator still works: argocd app diff tailscale-operator
• Check Tailscale admin for new operator device with tag:k8s-operator

🤖 Generated with Claude Code

## Summary - Extract shared Tailscale operator resources (CRDs, RBAC, Deployment, ProxyClass, DNSConfig) into `tailscale-operator-base/` so both clusters reference the same manifests - Add `tailscale-operator-ringtail/` overlay with 1-replica ProxyGroup and ExternalSecret for the shared OAuth client - Add ArgoCD Application targeting `ringtail.tail8d86e.ts.net:6443` - Update `.yamllint.yaml` ignore path for the moved `operator.yaml` ## Deployment and Testing - [ ] Sync `apps` app to pick up the new Application definition - [ ] `argocd app sync tailscale-operator-ringtail` - [ ] Verify ExternalSecret syncs: `kubectl --context=k3s-ringtail -n tailscale get externalsecret` - [ ] Verify operator pod runs: `kubectl --context=k3s-ringtail -n tailscale get pods` - [ ] Verify ProxyGroup ready: `kubectl --context=k3s-ringtail -n tailscale get proxygroups` - [ ] Verify indri operator still works: `argocd app diff tailscale-operator` - [ ] Check Tailscale admin for new operator device with `tag:k8s-operator` 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 1 commit 2026-02-19 09:19:14 -08:00

Deploy Tailscale operator on ringtail k3s cluster ... d6c1806e39

Extract shared operator resources (CRDs, RBAC, Deployment, ProxyClass,
DNSConfig) into tailscale-operator-base/ so both indri and ringtail
reference the same base without duplication. Ringtail overlay adds a
1-replica ProxyGroup and ExternalSecret for the shared OAuth client.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit 2026-02-19 09:32:29 -08:00

Allow k8s-operator OAuth client to self-assign tag:k8s-operator ... f028efbdf9

The tagOwners for tag:k8s-operator didn't include tag:k8s-operator
itself, so the OAuth client (tagged tag:k8s-operator) couldn't create
auth keys for its own tag. Indri worked only due to cached login state.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume merged commit 61ca1ca305 into main 2026-02-19 09:33:06 -08:00

eblume referenced this pull request from a commit 2026-02-19 09:33:08 -08:00

Deploy Tailscale operator on ringtail k3s cluster (#215)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!215

No description provided.