Erich Blume
fe0e913963
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m37s
## Summary - Replace per-request DNS resolution (variable-based `proxy_pass`) with static `upstream` blocks and `keepalive` connection pools - Reuses TLS connections through the Tailscale tunnel instead of handshaking per request - Add `mise run fly-reload` for nginx config reload without full redeploy (re-resolves upstream DNS) ## Trade-off DNS is resolved at config load, not per-request. If Tailscale Ingress pods get new IPs (restart, reschedule), `mise run fly-reload` is needed. A Grafana alert will be added to detect this. ## Still TODO on this branch - [ ] Grafana alert for upstream unreachable (triggers fly-reload reminder) - [ ] Docs pass - [ ] Deploy from branch and verify latency improvement - [ ] Changelog fragment 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #337
29 lines
847 B
YAML
29 lines
847 B
YAML
# ProxyClass: default
|
|
#
|
|
# Specifies fully-qualified image names for Tailscale proxy pods.
|
|
# This ensures consistent behavior across different container runtimes.
|
|
#
|
|
# Version must match targetRevision in argocd/apps/tailscale-operator-base.yaml.
|
|
#
|
|
# Usage:
|
|
# Add this annotation to any Tailscale Service or Ingress:
|
|
# tailscale.com/proxy-class: "default"
|
|
#
|
|
# This tells the operator to use the fully-qualified image names defined below
|
|
# when creating the proxy pod for that resource.
|
|
---
|
|
apiVersion: tailscale.com/v1alpha1
|
|
kind: ProxyClass
|
|
metadata:
|
|
name: default
|
|
spec:
|
|
statefulSet:
|
|
pod:
|
|
tailscaleContainer:
|
|
image: docker.io/tailscale/tailscale:v1.94.2
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
tailscaleInitContainer:
|
|
image: docker.io/tailscale/tailscale:v1.94.2
|