From 7581ddb9e68b790e94bb31feeabc8c9e5bb99f31 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 16 May 2026 18:13:32 +0000
Subject: [PATCH] fix: migrate tailscale-operator to OAuth auth mode

---
 tailscale/deployments/operator.yaml | 42 +++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 tailscale/deployments/operator.yaml

diff --git a/tailscale/deployments/operator.yaml b/tailscale/deployments/operator.yaml
new file mode 100644
index 0000000..baa89f2
--- /dev/null
+++ b/tailscale/deployments/operator.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+  labels:
+    app: tailscale-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tailscale-operator
+  template:
+    metadata:
+      labels:
+        app: tailscale-operator
+    spec:
+      serviceAccountName: tailscale-operator
+      containers:
+      - name: operator
+        image: ghcr.io/tailscale/k8s-operator:v1.78.3
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CLIENT_ID_FILE
+          value: /var/run/secrets/tailscale/client-id
+        - name: CLIENT_SECRET_FILE
+          value: /var/run/secrets/tailscale/client-secret
+        volumeMounts:
+        - name: tailscale-oauth
+          mountPath: /var/run/secrets/tailscale
+          readOnly: true
+      volumes:
+      - name: tailscale-oauth
+        secret:
+          secretName: tailscale-operator-secret