From 81fc72b3eb11ca85bd208c0a0d4b290ad4f20be6 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 17:30:12 +0000
Subject: [PATCH] feat: add Tailscale operator and DaemonSet

---
 tailscale/daemonset.yaml | 56 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 tailscale/daemonset.yaml

diff --git a/tailscale/daemonset.yaml b/tailscale/daemonset.yaml
new file mode 100644
index 0000000..9f154e3
--- /dev/null
+++ b/tailscale/daemonset.yaml
@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: tailscaled
+  namespace: tailscale
+  labels:
+    app: tailscale
+spec:
+  selector:
+    matchLabels:
+      app: tailscale
+  template:
+    metadata:
+      labels:
+        app: tailscale
+    spec:
+      hostNetwork: true
+      serviceAccountName: tailscale
+      containers:
+        - name: tailscale
+          image: tailscale/tailscale:latest
+          env:
+            - name: TS_KUBE_SECRET
+              value: "tailscale-auth"
+            - name: TS_STATE_DIR
+              value: "/var/lib/tailscale"
+          envFrom:
+            - secretRef:
+                name: tailscale-auth
+          volumeMounts:
+            - name: var-lib-tailscale
+              mountPath: /var/lib/tailscale
+            - name: tailscale-tmp
+              mountPath: /tmp
+            - name: dev-tun
+              mountPath: /dev/net/tun
+              readOnly: true
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["NET_ADMIN", "NET_RAW"]
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              memory: 200Mi
+      volumes:
+        - name: var-lib-tailscale
+          persistentVolumeClaim:
+            claimName: tailscale
+        - name: tailscale-tmp
+          emptyDir: {}
+        - name: dev-tun
+          hostPath:
+            path: /dev/net/tun