fix: migrate tailscale-operator to OAuth auth mode

deployments/tailscale-operator/deployment.yaml

@@ -15,41 +15,39 @@ spec:
       labels:
         app: tailscale-operator
     spec:
+      serviceAccountName: tailscale-operator
       containers:
-        - name: operator
+      - name: operator
-          image: ghcr.io/tailscale/operator:latest
+        image: ghcr.io/tailscale/k8s-operator:v1.78.3
-          ports:
+        imagePullPolicy: IfNotPresent
-            - containerPort: 8080
+        env:
-              name: http-metrics
+        - name: POD_NAME
-              protocol: TCP
+          valueFrom:
-          env:
+            fieldRef:
-            - name: TS_KUBE_NAMESPACE
+              apiVersion: v1
-              valueFrom:
+              fieldPath: metadata.name
-                fieldRef:
+        - name: POD_NAMESPACE
-                  fieldPath: metadata.namespace
+          valueFrom:
-          envFrom:
+            fieldRef:
-            - secretRef:
+              apiVersion: v1
-                name: tailscale-operator-secret
+              fieldPath: metadata.namespace
-          volumeMounts:
+        - name: TS_CLIENT_ID_FILE
-            - name: oauth-config
+          value: /etc/tailscale/oauth/client.id
-              mountPath: /etc/tailscale/oauth
+        - name: TS_CLIENT_SECRET_FILE
-              readOnly: true
+          value: /etc/tailscale/oauth/client.secret
+        volumeMounts:
+        - name: oauth-secret
+          mountPath: /etc/tailscale/oauth
+          readOnly: true
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
       volumes:
-        - name: oauth-config
+      - name: oauth-secret
-          secret:
+        secret:
-            secretName: tailscale-operator-secret
+          secretName: tailscale-operator-secret
----
+          items:
-apiVersion: v1
+          - key: client.id
-kind: Service
+            path: client.id
-metadata:
+          - key: client.secret
-  name: tailscale-operator
+            path: client.secret
-  namespace: tailscale
-  labels:
-    app: tailscale-operator
-spec:
-  ports:
-    - port: 8080
-      name: http-metrics
-      targetPort: http-metrics
-  selector:
-    app: tailscale-operator