diff --git a/deployments/tailscale-operator/deployment.yaml b/deployments/tailscale-operator/deployment.yaml index 8ef1592..3849b2a 100644 --- a/deployments/tailscale-operator/deployment.yaml +++ b/deployments/tailscale-operator/deployment.yaml @@ -15,41 +15,36 @@ spec: labels: app: tailscale-operator spec: + serviceAccountName: tailscale-operator containers: - name: operator - image: ghcr.io/tailscale/operator:latest - ports: - - containerPort: 8080 - name: http-metrics - protocol: TCP + image: ghcr.io/tailscale/k8s-operator:v1.78.3 + imagePullPolicy: IfNotPresent env: - - name: TS_KUBE_NAMESPACE + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - envFrom: - - secretRef: - name: tailscale-operator-secret + - name: TS_CLIENT_ID_FILE + value: "/etc/tailscale/oauth/client-id" + - name: TS_CLIENT_SECRET_FILE + value: "/etc/tailscale/oauth/client-secret" volumeMounts: - - name: oauth-config + - name: oauth-secret mountPath: /etc/tailscale/oauth readOnly: true + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi volumes: - - name: oauth-config + - name: oauth-secret secret: secretName: tailscale-operator-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: tailscale-operator - namespace: tailscale - labels: - app: tailscale-operator -spec: - ports: - - port: 8080 - name: http-metrics - targetPort: http-metrics - selector: - app: tailscale-operator