Erich Blume
2bea048dbf
## Summary - Mirrors `tailscale/tailscale` on forge (`mirrors/tailscale`) - Replaces vendored `operator.yaml` (495 KB / 5,386 lines) with ArgoCD apps sourcing the upstream static manifest, pinned via `targetRevision: v1.94.2` - Adds `tailscale-operator-base` app for indri and `tailscale-operator-base-ringtail` for ringtail - Local kustomization retains only ProxyClass and DNSConfig custom resources - Updates `[[tailscale-operator]]` doc to reflect new sourcing ## Deployment and Testing - [ ] Register `mirrors/tailscale` repo in ArgoCD (it needs to know about the new repo) - [ ] Sync `apps` app to pick up the new `tailscale-operator-base` app definitions - [ ] Sync `tailscale-operator-base` — verify CRDs, RBAC, operator Deployment come up - [ ] Sync `tailscale-operator` — verify ProxyClass, DNSConfig still apply cleanly - [ ] Verify existing Tailscale Ingresses still work (ProxyGroup pods healthy) - [ ] Repeat for ringtail cluster - [ ] After merge: apps already point at tags, no revision reset needed Reviewed-on: #295
30 lines
814 B
YAML
30 lines
814 B
YAML
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: tailscale
|
|
|
|
# Upstream Tailscale operator manifest from forge mirror.
|
|
# To upgrade: update the ref in the URL AND the newTag below.
|
|
resources:
|
|
- https://forge.eblu.me/mirrors/tailscale/raw/tag/v1.94.2/cmd/k8s-operator/deploy/manifests/operator.yaml
|
|
- proxyclass.yaml
|
|
- dnsconfig.yaml
|
|
|
|
images:
|
|
- name: tailscale/k8s-operator
|
|
newName: docker.io/tailscale/k8s-operator
|
|
newTag: v1.94.2
|
|
|
|
# The upstream manifest includes a placeholder OAuth Secret with empty values.
|
|
# We manage this secret via ExternalSecret, so drop the upstream copy.
|
|
patches:
|
|
- target:
|
|
kind: Secret
|
|
name: operator-oauth
|
|
patch: |
|
|
$patch: delete
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: operator-oauth
|