From ecb9edb3c802cfdd69f202144e336b9cf223e1e0 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:31 +0000 Subject: [PATCH 1/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/namespace.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 deployments/tailscale/namespace.yaml diff --git a/deployments/tailscale/namespace.yaml b/deployments/tailscale/namespace.yaml new file mode 100644 index 0000000..d4cdd11 --- /dev/null +++ b/deployments/tailscale/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: apps + labels: + name: apps -- 2.52.0 From 06405cc08fa88cc56d71533c9d4c5b9453c4ac49 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:31 +0000 Subject: [PATCH 2/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/serviceaccount.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/tailscale/serviceaccount.yaml diff --git a/deployments/tailscale/serviceaccount.yaml b/deployments/tailscale/serviceaccount.yaml new file mode 100644 index 0000000..78ddc41 --- /dev/null +++ b/deployments/tailscale/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale-operator + namespace: apps + labels: + app: tailscale-operator -- 2.52.0 From d518b7866f0a53769385ef66b6e9b51b14d6821b Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:32 +0000 Subject: [PATCH 3/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/clusterrole.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 deployments/tailscale/clusterrole.yaml diff --git a/deployments/tailscale/clusterrole.yaml b/deployments/tailscale/clusterrole.yaml new file mode 100644 index 0000000..ebad7cc --- /dev/null +++ b/deployments/tailscale/clusterrole.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tailscale-operator + labels: + app: tailscale-operator +rules: +- apiGroups: [""] + resources: ["pods", "services", "secrets", "configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["apps"] + resources: ["deployments", "statefulsets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- 2.52.0 From 295168bbdeba43046013f2732659d58d27e91bde Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:32 +0000 Subject: [PATCH 4/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/clusterrolebinding.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 deployments/tailscale/clusterrolebinding.yaml diff --git a/deployments/tailscale/clusterrolebinding.yaml b/deployments/tailscale/clusterrolebinding.yaml new file mode 100644 index 0000000..98c5651 --- /dev/null +++ b/deployments/tailscale/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tailscale-operator + labels: + app: tailscale-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tailscale-operator +subjects: +- kind: ServiceAccount + name: tailscale-operator + namespace: apps -- 2.52.0 From e032650eab91a281fb698bc58d2fde0126b48253 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:32 +0000 Subject: [PATCH 5/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/configmap.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deployments/tailscale/configmap.yaml diff --git a/deployments/tailscale/configmap.yaml b/deployments/tailscale/configmap.yaml new file mode 100644 index 0000000..12cb8e4 --- /dev/null +++ b/deployments/tailscale/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tailscale-operator + namespace: apps + labels: + app: tailscale-operator +data: + TS_KUBE_OBJECT_STORE: "true" -- 2.52.0 From 48885e73b592a42aa823282785c9a476945813a3 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:33 +0000 Subject: [PATCH 6/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/deployment.yaml | 42 +++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 deployments/tailscale/deployment.yaml diff --git a/deployments/tailscale/deployment.yaml b/deployments/tailscale/deployment.yaml new file mode 100644 index 0000000..a1f427d --- /dev/null +++ b/deployments/tailscale/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tailscale-operator + namespace: apps + labels: + app: tailscale-operator +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-operator + template: + metadata: + labels: + app: tailscale-operator + spec: + serviceAccountName: tailscale-operator + containers: + - name: operator + image: ghcr.io/tailscale/k8s-operator:1.72.0 + env: + - name: TS_AUTH_KEY + valueFrom: + secretKeyRef: + name: tailscale-auth + key: TS_AUTH_KEY + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi -- 2.52.0 From 0f18dec44957ed8818e075b86c5c2b91669f8542 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:33 +0000 Subject: [PATCH 7/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/external-secret.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/deployments/tailscale/external-secret.yaml b/deployments/tailscale/external-secret.yaml index 7a13d02..941bcb4 100644 --- a/deployments/tailscale/external-secret.yaml +++ b/deployments/tailscale/external-secret.yaml @@ -2,20 +2,17 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: tailscale-auth - namespace: tailscale + namespace: apps labels: - app: tailscale - managed-by: orion + app: tailscale-operator spec: - refreshInterval: "1h" + refreshInterval: 1h secretStoreRef: name: orion-vault kind: ClusterSecretStore target: name: tailscale-auth creationPolicy: Owner - template: - type: Opaque data: - secretKey: TS_AUTH_KEY remoteRef: -- 2.52.0