Erich Blume
a8f4d00294
## Summary - Split k8s migration plan into phases folder for easier navigation - Added `tag:k8s` to Pulumi ACLs for Kubernetes workloads - Phase 1 work in progress ## Phase 1 Goals - Tailscale Kubernetes Operator - CloudNativePG Operator - PostgreSQL cluster for future app migrations ## Deployment and Testing - [ ] Review Phase 1 plan - [ ] `mise run tailnet-preview` to verify ACL changes - [ ] `mise run tailnet-up` to apply ACL changes - [ ] Create Tailscale OAuth client (manual) - [ ] Deploy operators and PostgreSQL cluster 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/29
29 lines
1,002 B
YAML
29 lines
1,002 B
YAML
# ProxyClass: crio-compat
|
|
#
|
|
# Why this exists:
|
|
# CRI-O (the container runtime used by minikube) cannot resolve short image
|
|
# names like "tailscale/tailscale:stable". It requires fully-qualified names
|
|
# with an explicit registry prefix (e.g., "docker.io/tailscale/tailscale:stable").
|
|
#
|
|
# The Tailscale operator creates proxy pods (StatefulSets) for each LoadBalancer
|
|
# Service or Ingress. By default, these pods use short image names which fail
|
|
# on CRI-O with "ImageInspectError".
|
|
#
|
|
# Usage:
|
|
# Add this annotation to any Tailscale Service or Ingress:
|
|
# tailscale.com/proxy-class: "crio-compat"
|
|
#
|
|
# This tells the operator to use the fully-qualified image names defined below
|
|
# when creating the proxy pod for that resource.
|
|
---
|
|
apiVersion: tailscale.com/v1alpha1
|
|
kind: ProxyClass
|
|
metadata:
|
|
name: crio-compat
|
|
spec:
|
|
statefulSet:
|
|
pod:
|
|
tailscaleContainer:
|
|
image: docker.io/tailscale/tailscale:stable
|
|
tailscaleInitContainer:
|
|
image: docker.io/tailscale/tailscale:stable
|