From 8f19607e96a5d4c108ba45bdbf5273dcad3126da Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:09 +0000 Subject: [PATCH 01/12] restructure: move tailscale into namespace folder --- deployments/tailscale/namespace.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/tailscale/namespace.yaml b/deployments/tailscale/namespace.yaml index 9dc761e..7a8ddac 100644 --- a/deployments/tailscale/namespace.yaml +++ b/deployments/tailscale/namespace.yaml @@ -2,3 +2,5 @@ apiVersion: v1 kind: Namespace metadata: name: tailscale + labels: + kubernetes.io/metadata.name: tailscale \ No newline at end of file -- 2.52.0 From ebce53f9982defb8967ced4ee0ea99074b2aeda6 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:09 +0000 Subject: [PATCH 02/12] restructure: move tailscale into namespace folder --- .../tailscale/tailscale/deployment.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 deployments/tailscale/tailscale/deployment.yaml diff --git a/deployments/tailscale/tailscale/deployment.yaml b/deployments/tailscale/tailscale/deployment.yaml new file mode 100644 index 0000000..a9bad8f --- /dev/null +++ b/deployments/tailscale/tailscale/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tailscale-operator + namespace: tailscale + labels: + app: tailscale-operator +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-operator + template: + metadata: + labels: + app: tailscale-operator + spec: + serviceAccountName: tailscale-operator + containers: + - name: operator + image: ghcr.io/tailscale/operator:v1.70.0 + env: + - name: DEPLOY_TYPE + value: k8s + volumeMounts: + - name: config + mountPath: /config + volumes: + - name: config + secret: + secretName: tailscale-operator-config \ No newline at end of file -- 2.52.0 From c8a67190548ea835c0b4f02450035e1504c1bab0 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:10 +0000 Subject: [PATCH 03/12] restructure: move tailscale into namespace folder --- .../tailscale/tailscale/external-secret.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 deployments/tailscale/tailscale/external-secret.yaml diff --git a/deployments/tailscale/tailscale/external-secret.yaml b/deployments/tailscale/tailscale/external-secret.yaml new file mode 100644 index 0000000..a594918 --- /dev/null +++ b/deployments/tailscale/tailscale/external-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tailscale-operator + namespace: tailscale +spec: + refreshInterval: 1h + secretStoreRef: + name: vault + kind: SecretStore + target: + name: tailscale-operator + template: + engineVersion: v2 + data: + TS_AUTHKEY: "{{ .TS_AUTHKEY }}" + data: + - secretKey: TS_AUTHKEY + remoteRef: + key: secret/data/kubernetes/tailscale-operator + property: TS_AUTHKEY \ No newline at end of file -- 2.52.0 From cccd12fee5d717d2fb326f6592fb27634cf0f7cf Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:10 +0000 Subject: [PATCH 04/12] restructure: move tailscale into namespace folder --- deployments/tailscale/tailscale/clusterrole.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 deployments/tailscale/tailscale/clusterrole.yaml diff --git a/deployments/tailscale/tailscale/clusterrole.yaml b/deployments/tailscale/tailscale/clusterrole.yaml new file mode 100644 index 0000000..09094fc --- /dev/null +++ b/deployments/tailscale/tailscale/clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tailscale-operator +rules: + - apiGroups: [""] + resources: ["pods", "services", "secrets", "configmaps"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "daemonsets", "statefulsets"] + verbs: ["*"] + - apiGroups: ["networking.k8s.io"] + resources: ["networkpolicies", "ingresses"] + verbs: ["*"] \ No newline at end of file -- 2.52.0 From e3c8bc843dc68a78501f8391db9f2dc500ba8f4c Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:10 +0000 Subject: [PATCH 05/12] restructure: move tailscale into namespace folder --- .../tailscale/tailscale/clusterrolebinding.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 deployments/tailscale/tailscale/clusterrolebinding.yaml diff --git a/deployments/tailscale/tailscale/clusterrolebinding.yaml b/deployments/tailscale/tailscale/clusterrolebinding.yaml new file mode 100644 index 0000000..a0919a4 --- /dev/null +++ b/deployments/tailscale/tailscale/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tailscale-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tailscale-operator +subjects: + - kind: ServiceAccount + name: tailscale-operator + namespace: tailscale \ No newline at end of file -- 2.52.0 From 90db5d0c6f53f0500aae4da7df7f376b052e66ab Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:11 +0000 Subject: [PATCH 06/12] restructure: move tailscale into namespace folder --- deployments/tailscale/tailscale/serviceaccount.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 deployments/tailscale/tailscale/serviceaccount.yaml diff --git a/deployments/tailscale/tailscale/serviceaccount.yaml b/deployments/tailscale/tailscale/serviceaccount.yaml new file mode 100644 index 0000000..d272e5d --- /dev/null +++ b/deployments/tailscale/tailscale/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale-operator + namespace: tailscale \ No newline at end of file -- 2.52.0 From 5f4be0a66830cff39059a07f4e36c38d614a46c0 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:11 +0000 Subject: [PATCH 07/12] restructure: move tailscale into namespace folder --- .../tailscale/operator/deployment.yaml | 43 ------------------- 1 file changed, 43 deletions(-) delete mode 100644 deployments/tailscale/operator/deployment.yaml diff --git a/deployments/tailscale/operator/deployment.yaml b/deployments/tailscale/operator/deployment.yaml deleted file mode 100644 index 7e0d039..0000000 --- a/deployments/tailscale/operator/deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tailscale-operator - namespace: tailscale - labels: - app: tailscale-operator -spec: - replicas: 1 - selector: - matchLabels: - app: tailscale-operator - template: - metadata: - labels: - app: tailscale-operator - spec: - serviceAccountName: tailscale-operator - containers: - - name: operator - image: ghcr.io/tailscale/k8s-operator:v1.78.3 - imagePullPolicy: IfNotPresent - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLIENT_ID_FILE - value: /etc/tailscale/oauth/client-id - - name: CLIENT_SECRET_FILE - value: /etc/tailscale/oauth/client-secret - volumeMounts: - - name: oauth-secret - mountPath: /etc/tailscale/oauth - readOnly: true - volumes: - - name: oauth-secret - secret: - secretName: tailscale-operator-secret -- 2.52.0 From a1e399c4bda5be5044ae661616a303f6b162c520 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:11 +0000 Subject: [PATCH 08/12] restructure: move tailscale into namespace folder --- deployments/tailscale/operator/clusterrole.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 deployments/tailscale/operator/clusterrole.yaml diff --git a/deployments/tailscale/operator/clusterrole.yaml b/deployments/tailscale/operator/clusterrole.yaml deleted file mode 100644 index a7782e3..0000000 --- a/deployments/tailscale/operator/clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tailscale-operator -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps", "services", "pods", "endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["apps"] - resources: ["deployments", "statefulsets", "daemonsets"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["tailscale.com"] - resources: ["*"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- 2.52.0 From d8d4f9203e7303c205c2fd44850ca9d1aca6837c Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:11 +0000 Subject: [PATCH 09/12] restructure: move tailscale into namespace folder --- .../tailscale/operator/clusterrolebinding.yaml | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 deployments/tailscale/operator/clusterrolebinding.yaml diff --git a/deployments/tailscale/operator/clusterrolebinding.yaml b/deployments/tailscale/operator/clusterrolebinding.yaml deleted file mode 100644 index b2a8476..0000000 --- a/deployments/tailscale/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tailscale-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tailscale-operator -subjects: - - kind: ServiceAccount - name: tailscale-operator - namespace: tailscale -- 2.52.0 From ce0a8ca933be0d1fd9d008cdf5081eed57ef01d7 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:12 +0000 Subject: [PATCH 10/12] restructure: move tailscale into namespace folder --- .../tailscale/operator/external-secret.yaml | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 deployments/tailscale/operator/external-secret.yaml diff --git a/deployments/tailscale/operator/external-secret.yaml b/deployments/tailscale/operator/external-secret.yaml deleted file mode 100644 index 2268e10..0000000 --- a/deployments/tailscale/operator/external-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tailscale-operator-secret - namespace: tailscale -spec: - refreshInterval: 1h - secretStoreRef: - name: orion-vault - kind: ClusterSecretStore - target: - name: tailscale-operator-secret - creationPolicy: Owner - data: - - secretKey: client-id - remoteRef: - key: tailscale/operator - property: CLIENT_ID_FILE - - secretKey: client-secret - remoteRef: - key: tailscale/operator - property: CLIENT_SECRET_FILE -- 2.52.0 From b3ab290cb67390e5afe6721793e842eedb769dec Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:12 +0000 Subject: [PATCH 11/12] restructure: move tailscale into namespace folder --- deployments/tailscale/operator/serviceaccount.yaml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 deployments/tailscale/operator/serviceaccount.yaml diff --git a/deployments/tailscale/operator/serviceaccount.yaml b/deployments/tailscale/operator/serviceaccount.yaml deleted file mode 100644 index 0798ebd..0000000 --- a/deployments/tailscale/operator/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tailscale-operator - namespace: tailscale - labels: - app: tailscale-operator -- 2.52.0 From f9eac3c1841c464defed623e2d398de16ed77865 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 17 May 2026 22:29:12 +0000 Subject: [PATCH 12/12] restructure: move tailscale into namespace folder --- deployments/tailscale/external-secret.yaml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 deployments/tailscale/external-secret.yaml diff --git a/deployments/tailscale/external-secret.yaml b/deployments/tailscale/external-secret.yaml deleted file mode 100644 index d6c9cef..0000000 --- a/deployments/tailscale/external-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tailscale-auth - namespace: tailscale -spec: - refreshInterval: 1h - secretStoreRef: - name: orion-vault - kind: ClusterSecretStore - target: - name: tailscale-auth - creationPolicy: Owner - data: - - secretKey: TS_AUTH_KEY - remoteRef: - key: Talos Cluster/tailscale - property: TS_AUTH_KEY -- 2.52.0