From ee3296962282b43604a1e79d464e6050f1b23312 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:46 +0000 Subject: [PATCH 1/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/namespace.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 deployments/tailscale/namespace.yaml diff --git a/deployments/tailscale/namespace.yaml b/deployments/tailscale/namespace.yaml new file mode 100644 index 0000000..d4cdd11 --- /dev/null +++ b/deployments/tailscale/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: apps + labels: + name: apps -- 2.52.0 From 4d8e97463296f787d5449f9456f0f72d8f70be40 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:47 +0000 Subject: [PATCH 2/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/serviceaccount.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/tailscale/serviceaccount.yaml diff --git a/deployments/tailscale/serviceaccount.yaml b/deployments/tailscale/serviceaccount.yaml new file mode 100644 index 0000000..78ddc41 --- /dev/null +++ b/deployments/tailscale/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale-operator + namespace: apps + labels: + app: tailscale-operator -- 2.52.0 From af493fb72628b94d87c560e57fa5a02185c76be3 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:47 +0000 Subject: [PATCH 3/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/clusterrole.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 deployments/tailscale/clusterrole.yaml diff --git a/deployments/tailscale/clusterrole.yaml b/deployments/tailscale/clusterrole.yaml new file mode 100644 index 0000000..ebad7cc --- /dev/null +++ b/deployments/tailscale/clusterrole.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tailscale-operator + labels: + app: tailscale-operator +rules: +- apiGroups: [""] + resources: ["pods", "services", "secrets", "configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["apps"] + resources: ["deployments", "statefulsets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- 2.52.0 From 440d7bae96975e062dd75fef5b6dba2910edebee Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:47 +0000 Subject: [PATCH 4/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/clusterrolebinding.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 deployments/tailscale/clusterrolebinding.yaml diff --git a/deployments/tailscale/clusterrolebinding.yaml b/deployments/tailscale/clusterrolebinding.yaml new file mode 100644 index 0000000..98c5651 --- /dev/null +++ b/deployments/tailscale/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tailscale-operator + labels: + app: tailscale-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tailscale-operator +subjects: +- kind: ServiceAccount + name: tailscale-operator + namespace: apps -- 2.52.0 From b3dbc88e0486a59fbb50ee9fe9b020818ec4bf70 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:47 +0000 Subject: [PATCH 5/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/configmap.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deployments/tailscale/configmap.yaml diff --git a/deployments/tailscale/configmap.yaml b/deployments/tailscale/configmap.yaml new file mode 100644 index 0000000..12cb8e4 --- /dev/null +++ b/deployments/tailscale/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tailscale-operator + namespace: apps + labels: + app: tailscale-operator +data: + TS_KUBE_OBJECT_STORE: "true" -- 2.52.0 From 82848e37d67f1dbba74bd74dfa514dff8a888c42 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:48 +0000 Subject: [PATCH 6/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/deployment.yaml | 42 +++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 deployments/tailscale/deployment.yaml diff --git a/deployments/tailscale/deployment.yaml b/deployments/tailscale/deployment.yaml new file mode 100644 index 0000000..a1f427d --- /dev/null +++ b/deployments/tailscale/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tailscale-operator + namespace: apps + labels: + app: tailscale-operator +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-operator + template: + metadata: + labels: + app: tailscale-operator + spec: + serviceAccountName: tailscale-operator + containers: + - name: operator + image: ghcr.io/tailscale/k8s-operator:1.72.0 + env: + - name: TS_AUTH_KEY + valueFrom: + secretKeyRef: + name: tailscale-auth + key: TS_AUTH_KEY + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi -- 2.52.0 From cc8e6a87034484596cd37fa29bf5a6ba639cc340 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 02:02:48 +0000 Subject: [PATCH 7/7] feat: deploy Tailscale Operator and auth secret --- deployments/tailscale/external-secret.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/deployments/tailscale/external-secret.yaml b/deployments/tailscale/external-secret.yaml index 7a13d02..941bcb4 100644 --- a/deployments/tailscale/external-secret.yaml +++ b/deployments/tailscale/external-secret.yaml @@ -2,20 +2,17 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: tailscale-auth - namespace: tailscale + namespace: apps labels: - app: tailscale - managed-by: orion + app: tailscale-operator spec: - refreshInterval: "1h" + refreshInterval: 1h secretStoreRef: name: orion-vault kind: ClusterSecretStore target: name: tailscale-auth creationPolicy: Owner - template: - type: Opaque data: - secretKey: TS_AUTH_KEY remoteRef: -- 2.52.0