Erich Blume
02ea1cc72a
The public forge.eblu.me now black-holes /mirrors/ at the Fly edge (AI-scraper mitigation), so the in-cluster ArgoCD repo-server got a 403 fetching the upstream operator manifest — leaving tailscale-operator and tailscale-operator-ringtail in Unknown sync. Use forge.ops.eblu.me. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
33 lines
1 KiB
YAML
33 lines
1 KiB
YAML
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: tailscale
|
|
|
|
# Upstream Tailscale operator manifest from forge mirror.
|
|
# To upgrade: update the ref in the URL AND the newTag below.
|
|
# Must use the tailnet host forge.ops.eblu.me — the public forge.eblu.me
|
|
# black-holes /mirrors/ at the Fly edge (AI-scraper mitigation), which the
|
|
# in-cluster ArgoCD repo-server would otherwise hit and fail with a 403.
|
|
resources:
|
|
- https://forge.ops.eblu.me/mirrors/tailscale/raw/tag/v1.94.2/cmd/k8s-operator/deploy/manifests/operator.yaml
|
|
- proxyclass.yaml
|
|
- dnsconfig.yaml
|
|
|
|
images:
|
|
- name: tailscale/k8s-operator
|
|
newName: docker.io/tailscale/k8s-operator
|
|
newTag: v1.94.2
|
|
|
|
# The upstream manifest includes a placeholder OAuth Secret with empty values.
|
|
# We manage this secret via ExternalSecret, so drop the upstream copy.
|
|
patches:
|
|
- target:
|
|
kind: Secret
|
|
name: operator-oauth
|
|
patch: |
|
|
$patch: delete
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: operator-oauth
|