From ea5a45232737e23f891b7c7138da7311ecd6da23 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sat, 30 May 2026 12:57:46 +0000 Subject: [PATCH 1/4] feat: deploy Tailscale operator --- deployments/tailscale/namespace.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 deployments/tailscale/namespace.yaml diff --git a/deployments/tailscale/namespace.yaml b/deployments/tailscale/namespace.yaml new file mode 100644 index 0000000..ee22e17 --- /dev/null +++ b/deployments/tailscale/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tailscale + labels: + app: tailscale \ No newline at end of file From 73e90cecbbb24e88af48e8dee6ff7c18684fcd95 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sat, 30 May 2026 12:57:47 +0000 Subject: [PATCH 2/4] feat: deploy Tailscale operator --- deployments/tailscale/rbac.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 deployments/tailscale/rbac.yaml diff --git a/deployments/tailscale/rbac.yaml b/deployments/tailscale/rbac.yaml new file mode 100644 index 0000000..c2eb21f --- /dev/null +++ b/deployments/tailscale/rbac.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale-operator + namespace: tailscale +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tailscale-operator +rules: +- apiGroups: [""] + resources: ["pods", "services", "secrets", "configmaps", "nodes"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: ["tailscale.com"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tailscale-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tailscale-operator +subjects: +- kind: ServiceAccount + name: tailscale-operator + namespace: tailscale \ No newline at end of file From ccd5b4474e52cd6f243ad79388f99e63dbf36e5e Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sat, 30 May 2026 12:57:47 +0000 Subject: [PATCH 3/4] feat: deploy Tailscale operator --- deployments/tailscale/deployment.yaml | 36 +++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 deployments/tailscale/deployment.yaml diff --git a/deployments/tailscale/deployment.yaml b/deployments/tailscale/deployment.yaml new file mode 100644 index 0000000..838aae6 --- /dev/null +++ b/deployments/tailscale/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tailscale-operator + namespace: tailscale + labels: + app: tailscale-operator +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-operator + template: + metadata: + labels: + app: tailscale-operator + spec: + serviceAccountName: tailscale-operator + containers: + - name: tailscale-operator + image: ghcr.io/tailscale/tailscale-operator:v1.78.0 + ports: + - containerPort: 8080 + env: + - name: TS_AUTH_KEY + valueFrom: + secretKeyRef: + name: tailscale-auth + key: TS_AUTH_KEY + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi \ No newline at end of file From 7b6a43318b514290f10ac2dccf7424cb3b0d164f Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sat, 30 May 2026 12:57:47 +0000 Subject: [PATCH 4/4] feat: deploy Tailscale operator --- deployments/tailscale/externalsecret.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 deployments/tailscale/externalsecret.yaml diff --git a/deployments/tailscale/externalsecret.yaml b/deployments/tailscale/externalsecret.yaml new file mode 100644 index 0000000..af492bf --- /dev/null +++ b/deployments/tailscale/externalsecret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tailscale-auth + namespace: tailscale +spec: + refreshInterval: 1h + secretStoreRef: + name: orion-vault + kind: ClusterSecretStore + target: + name: tailscale-auth + creationPolicy: Owner + data: + - secretKey: TS_AUTH_KEY + remoteRef: + key: secret/tailscale + property: TS_AUTH_KEY \ No newline at end of file