Rename ProxyClass from crio-compat to default

The crio-compat name was misleading since we're now using docker driver. Renamed to 'default' and updated all references. Fully-qualified image names still used for consistency across runtimes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-21 16:03:38 -08:00 · 2026-01-21 14:25:02 -08:00 · 2026-01-21 14:25:02 -08:00
commit f0a3cbf5ff
8 changed files with 15 additions and 21 deletions
--- a/argocd/manifests/argocd/service-tailscale.yaml
+++ b/argocd/manifests/argocd/service-tailscale.yaml
@ -10,7 +10,7 @@ metadata:
  name: argocd-server-tailscale
  namespace: argocd
  annotations:
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
 spec:
  ingressClassName: tailscale
  defaultBackend:
--- a/argocd/manifests/databases/service-tailscale.yaml
+++ b/argocd/manifests/databases/service-tailscale.yaml
@ -7,7 +7,7 @@ metadata:
  namespace: databases
  annotations:
    tailscale.com/hostname: "pg"
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
 spec:
  type: LoadBalancer
  loadBalancerClass: tailscale
--- a/argocd/manifests/devpi/ingress-tailscale.yaml
+++ b/argocd/manifests/devpi/ingress-tailscale.yaml
@ -4,7 +4,7 @@ metadata:
  name: devpi-tailscale
  namespace: devpi
  annotations:
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
 spec:
  ingressClassName: tailscale
  defaultBackend:
--- a/argocd/manifests/grafana-config/ingress-tailscale.yaml
+++ b/argocd/manifests/grafana-config/ingress-tailscale.yaml
@ -8,7 +8,7 @@ metadata:
  name: grafana-tailscale
  namespace: monitoring
  annotations:
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
 spec:
  ingressClassName: tailscale
  defaultBackend:
--- a/argocd/manifests/miniflux/ingress-tailscale.yaml
+++ b/argocd/manifests/miniflux/ingress-tailscale.yaml
@ -4,7 +4,7 @@ metadata:
  name: miniflux-tailscale
  namespace: miniflux
  annotations:
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
 spec:
  ingressClassName: tailscale
  defaultBackend:
--- a/argocd/manifests/tailscale-operator/README.md
+++ b/argocd/manifests/tailscale-operator/README.md
@ -6,7 +6,7 @@ Manifests for the Tailscale Kubernetes Operator, managed via ArgoCD.
 - `operator.yaml` - Static manifest from https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy/manifests
 - Secret block removed from `operator.yaml` - managed separately via `secret.yaml.tpl`
- Image reference changed to fully-qualified `docker.io/tailscale/k8s-operator:stable` for CRI-O compatibility
+- Image reference changed to fully-qualified `docker.io/tailscale/k8s-operator:stable`
 ## Prerequisites
@ -71,7 +71,7 @@ kubectl logs -n tailscale -l app.kubernetes.io/name=operator
 |------|-------------|
 | `kustomization.yaml` | Kustomize configuration for all manifests |
 | `operator.yaml` | Operator deployment, CRDs, RBAC (secret removed) |
-| `proxyclass.yaml` | ProxyClass with fully-qualified images for CRI-O |
+| `proxyclass.yaml` | ProxyClass with fully-qualified images |
 | `dnsconfig.yaml` | DNSConfig for cluster-to-tailnet name resolution |
 | `egress-forge.yaml` | Egress proxy for accessing forge on indri |
 | `secret.yaml.tpl` | 1Password template for OAuth credentials (manual) |
@ -81,10 +81,10 @@ kubectl logs -n tailscale -l app.kubernetes.io/name=operator
 - **TODO:** The OAuth secret (`operator-oauth`) is not managed by ArgoCD and must be applied
  manually. Future improvement: integrate with a secrets operator (e.g., External Secrets).
- Services using the Tailscale LoadBalancer must reference the ProxyClass:
+- Services using the Tailscale LoadBalancer should reference the ProxyClass:
  ```yaml
  annotations:
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
  ```
 - The egress proxy for forge targets `indri.tail8d86e.ts.net` directly (not `forge.tail8d86e.ts.net`)
  because Tailscale Serve hostnames are virtual and only work via the Tailscale client.
--- a/argocd/manifests/tailscale-operator/egress-forge.yaml
+++ b/argocd/manifests/tailscale-operator/egress-forge.yaml
@ -11,7 +11,7 @@ metadata:
  namespace: tailscale
  annotations:
    tailscale.com/tailnet-fqdn: indri.tail8d86e.ts.net
-    tailscale.com/proxy-class: "crio-compat"
+    tailscale.com/proxy-class: "default"
 spec:
  type: ExternalName
  externalName: placeholder
--- a/argocd/manifests/tailscale-operator/proxyclass.yaml
+++ b/argocd/manifests/tailscale-operator/proxyclass.yaml
@ -1,17 +1,11 @@
-# ProxyClass: crio-compat
+# ProxyClass: default
 #
-# Why this exists:
+# Specifies fully-qualified image names for Tailscale proxy pods.
-# CRI-O (the container runtime used by minikube) cannot resolve short image
+# This ensures consistent behavior across different container runtimes.
 # names like "tailscale/tailscale:stable". It requires fully-qualified names
 # with an explicit registry prefix (e.g., "docker.io/tailscale/tailscale:stable").
 #
 # The Tailscale operator creates proxy pods (StatefulSets) for each LoadBalancer
 # Service or Ingress. By default, these pods use short image names which fail
 # on CRI-O with "ImageInspectError".
 #
 # Usage:
 # Add this annotation to any Tailscale Service or Ingress:
-#   tailscale.com/proxy-class: "crio-compat"
+#   tailscale.com/proxy-class: "default"
 #
 # This tells the operator to use the fully-qualified image names defined below
 # when creating the proxy pod for that resource.
@ -19,7 +13,7 @@
 apiVersion: tailscale.com/v1alpha1
 kind: ProxyClass
 metadata:
-  name: crio-compat
+  name: default
 spec:
  statefulSet:
    pod: