feat: deploy Tailscale Operator

2026-05-09 19:07:38 +00:00 · 2026-05-09 19:07:37 +00:00 · 2026-05-09 19:07:37 +00:00
4 changed files with 76 additions and 13 deletions
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tailscale
+  labels:
+    name: tailscale
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+  labels:
+    app: tailscale-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tailscale-operator
+  template:
+    metadata:
+      labels:
+        app: tailscale-operator
+    spec:
+      serviceAccountName: tailscale-operator
+      containers:
+        - name: operator
+          image: ghcr.io/tailscale/k8s-operator:v1.78.3
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: TAILSCALE_API_CLIENT_ID
+              value: ""
+            - name: TAILSCALE_API_CLIENT_SECRET
+              value: ""
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tailscale-operator
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "services", "endpoints", "namespaces", "events", "configmaps"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "daemonsets"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["tailscale.com"]
+    resources: ["*"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["ingressclasses"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tailscale-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tailscale-operator
+subjects:
+  - kind: ServiceAccount
+    name: tailscale-operator
+    namespace: tailscale
@@ -1,13 +0,0 @@
-apiVersion: tailscale.com/v1alpha1
-kind: Tailnet
-metadata:
-  name: talos-cluster
-  namespace: tailscale
-spec:
-  tagAdmin: true
-  dnsMode: SplitDNS
-  dnsDomains:
-  - tailscale.io
-  - k8s.khalisio.local
-  aclPolicyRef:
-    name: tailscale-acl-policy
Author	SHA1	Message	Date
gitea-admin	c003da7f68	feat: deploy Tailscale Operator Validate Manifests / validate (pull_request) Has been cancelled Details	2026-05-09 19:07:38 +00:00
gitea-admin	ad86156489	feat: deploy Tailscale Operator	2026-05-09 19:07:37 +00:00
gitea-admin	ae0c58f2ad	feat: deploy Tailscale Operator	2026-05-09 19:07:37 +00:00