restructure: organize excalidraw under apps namespace folder

2026-05-17 22:29:37 +00:00 · 2026-05-17 22:29:37 +00:00 · 2026-05-17 22:29:37 +00:00 · 2026-05-17 22:29:37 +00:00 · 2026-05-17 22:29:36 +00:00 · 2026-05-17 22:29:36 +00:00
12 changed files with 70 additions and 116 deletions
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: apps
-  labels:
-    name: apps
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: apps
-  labels:
-    name: apps
@@ -1,18 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: tailscale-auth
-  namespace: tailscale
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: orion-vault
-    kind: ClusterSecretStore
-  target:
-    name: tailscale-auth
-    creationPolicy: Owner
-  data:
-    - secretKey: TS_AUTH_KEY
-      remoteRef:
-        key: Talos Cluster/tailscale
-        property: TS_AUTH_KEY
@@ -2,3 +2,5 @@ apiVersion: v1
 kind: Namespace
 metadata:
  name: tailscale
+  labels:
+    kubernetes.io/metadata.name: tailscale
@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: tailscale-operator
-rules:
-  - apiGroups: [""]
-    resources: ["secrets", "configmaps", "services", "pods", "endpoints"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: ["apps"]
-    resources: ["deployments", "statefulsets", "daemonsets"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: ["tailscale.com"]
-    resources: ["*"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
@@ -1,43 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: tailscale-operator
-  namespace: tailscale
-  labels:
-    app: tailscale-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: tailscale-operator
-  template:
-    metadata:
-      labels:
-        app: tailscale-operator
-    spec:
-      serviceAccountName: tailscale-operator
-      containers:
-      - name: operator
-        image: ghcr.io/tailscale/k8s-operator:v1.78.3
-        imagePullPolicy: IfNotPresent
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CLIENT_ID_FILE
-          value: /etc/tailscale/oauth/client-id
-        - name: CLIENT_SECRET_FILE
-          value: /etc/tailscale/oauth/client-secret
-        volumeMounts:
-        - name: oauth-secret
-          mountPath: /etc/tailscale/oauth
-          readOnly: true
-      volumes:
-      - name: oauth-secret
-        secret:
-          secretName: tailscale-operator-secret
@@ -1,22 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: tailscale-operator-secret
-  namespace: tailscale
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: orion-vault
-    kind: ClusterSecretStore
-  target:
-    name: tailscale-operator-secret
-    creationPolicy: Owner
-  data:
-    - secretKey: client-id
-      remoteRef:
-        key: tailscale/operator
-        property: CLIENT_ID_FILE
-    - secretKey: client-secret
-      remoteRef:
-        key: tailscale/operator
-        property: CLIENT_SECRET_FILE
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tailscale-operator
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "services", "secrets", "configmaps"]
+    verbs: ["*"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "daemonsets", "statefulsets"]
+    verbs: ["*"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["networkpolicies", "ingresses"]
+    verbs: ["*"]
@@ -9,4 +9,4 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: tailscale-operator
-    namespace: tailscale
+    namespace: tailscale
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+  labels:
+    app: tailscale-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tailscale-operator
+  template:
+    metadata:
+      labels:
+        app: tailscale-operator
+    spec:
+      serviceAccountName: tailscale-operator
+      containers:
+        - name: operator
+          image: ghcr.io/tailscale/operator:v1.70.0
+          env:
+            - name: DEPLOY_TYPE
+              value: k8s
+          volumeMounts:
+            - name: config
+              mountPath: /config
+      volumes:
+        - name: config
+          secret:
+            secretName: tailscale-operator-config
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault
+    kind: SecretStore
+  target:
+    name: tailscale-operator
+    template:
+      engineVersion: v2
+      data:
+        TS_AUTHKEY: "{{ .TS_AUTHKEY }}"
+  data:
+    - secretKey: TS_AUTHKEY
+      remoteRef:
+        key: secret/data/kubernetes/tailscale-operator
+        property: TS_AUTHKEY
@@ -2,6 +2,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: tailscale-operator
-  namespace: tailscale
-  labels:
-    app: tailscale-operator
+  namespace: tailscale
Author	SHA1	Message	Date
gitea-admin	5ba0675e84	restructure: organize excalidraw under apps namespace folder Validate Manifests / validate (pull_request) Has been cancelled Details	2026-05-17 22:29:37 +00:00
gitea-admin	1ce130cc1e	restructure: organize excalidraw under apps namespace folder	2026-05-17 22:29:37 +00:00
gitea-admin	0ee716114c	restructure: organize excalidraw under apps namespace folder	2026-05-17 22:29:37 +00:00
gitea-admin	5293a25e47	restructure: organize excalidraw under apps namespace folder	2026-05-17 22:29:37 +00:00
gitea-admin	e3fbcb0016	restructure: organize excalidraw under apps namespace folder	2026-05-17 22:29:36 +00:00
gitea-admin	5211a16701	restructure: organize excalidraw under apps namespace folder	2026-05-17 22:29:36 +00:00
gitea-admin	f40366bc3e	restructure: organize excalidraw under apps namespace folder	2026-05-17 22:29:36 +00:00
gitea-admin	bbf77a57e2	Merge pull request 'restructure: move tailscale into namespace folder' (#63 ) from orion/auto/restructure-move-tailscale-into-namespac-1779056949375 into main Reviewed-on: #63	2026-05-17 22:29:23 +00:00
gitea-admin	f9eac3c184	restructure: move tailscale into namespace folder Validate Manifests / validate (pull_request) Has been cancelled Details	2026-05-17 22:29:12 +00:00
gitea-admin	b3ab290cb6	restructure: move tailscale into namespace folder	2026-05-17 22:29:12 +00:00
gitea-admin	ce0a8ca933	restructure: move tailscale into namespace folder	2026-05-17 22:29:12 +00:00
gitea-admin	d8d4f9203e	restructure: move tailscale into namespace folder	2026-05-17 22:29:11 +00:00
gitea-admin	a1e399c4bd	restructure: move tailscale into namespace folder	2026-05-17 22:29:11 +00:00
gitea-admin	5f4be0a668	restructure: move tailscale into namespace folder	2026-05-17 22:29:11 +00:00
gitea-admin	90db5d0c6f	restructure: move tailscale into namespace folder	2026-05-17 22:29:11 +00:00
gitea-admin	e3c8bc843d	restructure: move tailscale into namespace folder	2026-05-17 22:29:10 +00:00
gitea-admin	cccd12fee5	restructure: move tailscale into namespace folder	2026-05-17 22:29:10 +00:00
gitea-admin	c8a6719054	restructure: move tailscale into namespace folder	2026-05-17 22:29:10 +00:00
gitea-admin	ebce53f998	restructure: move tailscale into namespace folder	2026-05-17 22:29:09 +00:00
gitea-admin	8f19607e96	restructure: move tailscale into namespace folder	2026-05-17 22:29:09 +00:00