eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Expose Forgejo publicly at forge.eblu.me #278

Merged
eblume merged 14 commits from feature/forge-public into main 2026-03-03 08:40:42 -08:00
Conversation 0 Commits 14 Files changed 49 -27
3 changed files with 0 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit d4082985a6 - Show all commits

Remove deprecated forge egress proxy from tailscale-operator

Prev Next 
The egress proxy (tailscale-forge device) has been unused since Caddy
took over forge routing. No k8s resources reference it as a backend.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Erich Blume 2026-03-03 06:56:33 -08:00
commit d4082985a6

3
argocd/manifests/tailscale-operator/README.md
View file

@ -73,7 +73,6 @@ kubectl logs -n tailscale -l app.kubernetes.io/name=operator
| `operator.yaml` | Operator deployment, CRDs, RBAC (secret removed) | | `operator.yaml` | Operator deployment, CRDs, RBAC (secret removed) |
| `proxyclass.yaml` | ProxyClass with fully-qualified images | | `proxyclass.yaml` | ProxyClass with fully-qualified images |
| `dnsconfig.yaml` | DNSConfig for cluster-to-tailnet name resolution | | `dnsconfig.yaml` | DNSConfig for cluster-to-tailnet name resolution |
| `egress-forge.yaml` | Egress proxy for accessing forge on indri |
| `secret.yaml.tpl` | 1Password template for OAuth credentials (manual) | | `secret.yaml.tpl` | 1Password template for OAuth credentials (manual) |
| `README.md` | This file | | `README.md` | This file |
@ -86,5 +85,3 @@ kubectl logs -n tailscale -l app.kubernetes.io/name=operator
annotations: annotations:
tailscale.com/proxy-class: "default" tailscale.com/proxy-class: "default"
``` ```
- The egress proxy for forge is **deprecated**. Forge is now accessible via Caddy at
`forge.ops.eblu.me` (HTTPS) and `forge.ops.eblu.me:2222` (SSH), which pods can reach directly.

23
argocd/manifests/tailscale-operator/egress-forge.yaml
View file

@ -1,23 +0,0 @@
# DEPRECATED: This egress proxy is no longer needed.
# Forge is now accessible via Caddy at forge.ops.eblu.me (HTTPS) and
# forge.ops.eblu.me:2222 (SSH), which pods can reach directly.
#
# Keeping this file for reference during migration. Remove once verified.
#
# Original purpose: Egress proxy to expose Forgejo (forge) to the cluster
# See: https://tailscale.com/kb/1438/kubernetes-operator-cluster-egress
---
apiVersion: v1
kind: Service
metadata:
name: forge
namespace: tailscale
annotations:
tailscale.com/tailnet-fqdn: indri.tail8d86e.ts.net
tailscale.com/proxy-class: "default"
spec:
type: ExternalName
externalName: placeholder
ports:
- port: 3001
targetPort: 3001

1
argocd/manifests/tailscale-operator/kustomization.yaml
View file

@ -7,5 +7,4 @@ namespace: tailscale
resources: resources:
- ../tailscale-operator-base - ../tailscale-operator-base
- proxygroup-ingress.yaml - proxygroup-ingress.yaml
- egress-forge.yaml
- external-secret.yaml - external-secret.yaml