Erich Blume
af0fce2a05
indri overlay: operator images: override (dagger/arm64 tag) + ProxyClass strategic-merge patch for the proxy image (kustomize images: cannot rewrite CR fields). ringtail overlay: operator images: override (-nix tag); its proxy image is already local and unchanged. Both overlays validated with kubectl kustomize. Images built from this branch (runs 583/584); same v1.94.2 as currently deployed — pure supply-chain swap. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
31 lines
1 KiB
YAML
31 lines
1 KiB
YAML
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: tailscale
|
|
|
|
resources:
|
|
- ../tailscale-operator-base
|
|
- proxygroup-ingress.yaml
|
|
- external-secret.yaml
|
|
|
|
# Rewrite the operator image to the locally nix-built (amd64) mirror.
|
|
# The name must match the post-base-render image (base already rewrites
|
|
# tailscale/k8s-operator -> docker.io/tailscale/k8s-operator).
|
|
images:
|
|
- name: docker.io/tailscale/k8s-operator
|
|
newName: registry.ops.eblu.me/blumeops/tailscale-operator
|
|
newTag: v1.94.2-ac40a18-nix
|
|
|
|
# Rewrite the proxyclass image to our local nix-built mirror (indri's overlay
|
|
# carries the equivalent dagger/arm64 patch). A strategic merge patch is used
|
|
# instead of kustomize's `images:` directive because that directive only
|
|
# rewrites images in standard k8s container fields, not custom-resource fields
|
|
# like ProxyClass.spec.statefulSet.pod.tailscaleContainer.image.
|
|
patches:
|
|
- path: proxyclass-image.yaml
|
|
target:
|
|
group: tailscale.com
|
|
version: v1alpha1
|
|
kind: ProxyClass
|
|
name: default
|