From 142911c8d20f45e06cdfef914a6073cef4f0748e Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 20:11:34 +0000
Subject: [PATCH 1/2] feat: deploy Tailscale operator

---
 deployments/tailscale-operator/rbac.yaml | 33 ++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 deployments/tailscale-operator/rbac.yaml

diff --git a/deployments/tailscale-operator/rbac.yaml b/deployments/tailscale-operator/rbac.yaml
new file mode 100644
index 0000000..ac2a657
--- /dev/null
+++ b/deployments/tailscale-operator/rbac.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tailscale-operator
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "services", "endpoints", "namespaces", "nodes"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "statefulsets", "daemonsets"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["tailscale.com"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tailscale-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tailscale-operator
+subjects:
+  - kind: ServiceAccount
+    name: tailscale-operator
+    namespace: tailscale
-- 
2.52.0


From faa45e87da721a0077345803d080a1cf51504f48 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 20:11:34 +0000
Subject: [PATCH 2/2] feat: deploy Tailscale operator

---
 .../tailscale-operator/deployment.yaml        | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 deployments/tailscale-operator/deployment.yaml

diff --git a/deployments/tailscale-operator/deployment.yaml b/deployments/tailscale-operator/deployment.yaml
new file mode 100644
index 0000000..146aac1
--- /dev/null
+++ b/deployments/tailscale-operator/deployment.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+  labels:
+    app: tailscale-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tailscale-operator
+  template:
+    metadata:
+      labels:
+        app: tailscale-operator
+    spec:
+      serviceAccountName: tailscale-operator
+      containers:
+        - name: operator
+          image: ghcr.io/tailscale/k8s-operator:v1.78.0
+          env:
+            - name: TS_AUTHKEY
+              valueFrom:
+                secretKeyRef:
+                  name: tailscale-auth
+                  key: TS_AUTH_KEY
+            - name: DEPLOYMENT_TYPE
+              value: "k8s"
+          ports:
+            - containerPort: 8080
+              name: http-metrics
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: http-metrics
+            initialDelaySeconds: 10
+            periodSeconds: 15
+          resources:
+            requests:
+              cpu: 50m
+              memory: 64Mi
+            limits:
+              cpu: 200m
+              memory: 256Mi
-- 
2.52.0