tailscale/deployment.yaml

@@ -4,28 +4,21 @@ metadata:
   name: tailscale-operator
   namespace: tailscale
   labels:
-    app.kubernetes.io/name: tailscale
-    app.kubernetes.io/component: operator
+    app: tailscale-operator
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: tailscale
-      app.kubernetes.io/component: operator
+      app: tailscale-operator
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: tailscale
-        app.kubernetes.io/component: operator
+        app: tailscale-operator
     spec:
       serviceAccountName: tailscale-operator
-      securityContext:
-        runAsNonRoot: true
       containers:
       - name: operator
-        image: ghcr.io/tailscale/operator:v1.76.0
-        args:
-        - --hostname=$(POD_NAME)
+        image: ghcr.io/tailscale/k8s-operator:v1.78.3
         env:
         - name: POD_NAME
           valueFrom:
@@ -35,32 +28,8 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        envFrom:
-        - secretRef:
-            name: tailscale-operator-secret
-        ports:
-        - containerPort: 8080
-          name: metrics
-          protocol: TCP
-        resources:
-          requests:
-            cpu: 10m
-            memory: 64Mi
-          limits:
-            cpu: 100m
-            memory: 128Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsUser: 1000
-          runAsGroup: 1000
-          capabilities:
-            drop:
-              - ALL
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: node-role.kubernetes.io/control-plane
-                operator: Exists
+        - name: TS_AUTH_KEY
+          valueFrom:
+            secretKeyRef:
+              key: TS_AUTH_KEY
+              name: tailscale-auth