apiVersion: apps/v1
kind: Deployment
metadata:
  name: tailscale-operator
  namespace: tailscale
  labels:
    app: tailscale-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tailscale-operator
  template:
    metadata:
      labels:
        app: tailscale-operator
    spec:
      containers:
        - name: operator
          image: ghcr.io/tailscale/operator:latest
          ports:
            - containerPort: 8080
              name: http-metrics
              protocol: TCP
          env:
            - name: TS_KUBE_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          envFrom:
            - secretRef:
                name: tailscale-operator-secret
          volumeMounts:
            - name: oauth-config
              mountPath: /etc/tailscale/oauth
              readOnly: true
      volumes:
        - name: oauth-config
          secret:
            secretName: tailscale-operator-secret
---
apiVersion: v1
kind: Service
metadata:
  name: tailscale-operator
  namespace: tailscale
  labels:
    app: tailscale-operator
spec:
  ports:
    - port: 8080
      name: http-metrics
      targetPort: http-metrics
  selector:
    app: tailscale-operator