diff --git a/deployments/tailscale/tailscale-operator/deployment.yaml b/deployments/tailscale/tailscale-operator/deployment.yaml
new file mode 100644
index 0000000..20d7b5c
--- /dev/null
+++ b/deployments/tailscale/tailscale-operator/deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tailscale-operator
+  template:
+    metadata:
+      labels:
+        app: tailscale-operator
+    spec:
+      containers:
+      - name: operator
+        image: ghcr.io/tailscale/k8s-operator:latest
+        env:
+        - name: TS_K8S_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: TS_K8S_SECRET
+          value: tailscale-operator-secret
+        - name: TS_CLIENT_ID_FILE
+          value: /etc/tailscale/oauth/client-id
+        - name: TS_CLIENT_SECRET_FILE
+          value: /etc/tailscale/oauth/client-secret
+        volumeMounts:
+        - name: oauth-secret
+          mountPath: /etc/tailscale/oauth
+          readOnly: true
+      volumes:
+      - name: oauth-secret
+        secret:
+          secretName: tailscale-operator-secret