From 088854fb9844dbe285acb736b538b1821a5ca46b Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sat, 16 May 2026 20:07:20 +0000 Subject: [PATCH] feat: migrate tailscale-operator to OAuth authentication --- .../tailscale-operator/deployment.yaml | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 deployments/tailscale-operator/deployment.yaml diff --git a/deployments/tailscale-operator/deployment.yaml b/deployments/tailscale-operator/deployment.yaml new file mode 100644 index 0000000..6f38dfa --- /dev/null +++ b/deployments/tailscale-operator/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tailscale-operator + namespace: tailscale + labels: + app: tailscale-operator +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-operator + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: tailscale-operator + spec: + serviceAccountName: tailscale-operator + containers: + - name: operator + image: ghcr.io/tailscale/k8s-operator:v1.78.3 + imagePullPolicy: IfNotPresent + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: TS_CLIENT_ID_FILE + value: /etc/tailscale/oauth/client-id + - name: TS_CLIENT_SECRET_FILE + value: /etc/tailscale/oauth/client-secret + volumeMounts: + - name: oauth-secret + mountPath: /etc/tailscale/oauth + readOnly: true + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + terminationGracePeriodSeconds: 30 + volumes: + - name: oauth-secret + secret: + secretName: tailscale-operator-secret