From a3b2defb4c2cd61cdbedee9c3318abddb7382466 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Fri, 15 Dec 2023 13:16:21 +0000 Subject: [PATCH] Remove tailscale-operator chart Signed-off-by: Marcus Noble --- manifests/_apps/tailscale-operator.yaml | 28 ----- manifests/tailscale-operator/manifest.yaml | 60 +++++++++++ manifests/tailscale-operator/rbac.yaml | 117 +++++++++++++++++++++ 3 files changed, 177 insertions(+), 28 deletions(-) create mode 100644 manifests/tailscale-operator/rbac.yaml diff --git a/manifests/_apps/tailscale-operator.yaml b/manifests/_apps/tailscale-operator.yaml index 230ca3b..9e0823a 100644 --- a/manifests/_apps/tailscale-operator.yaml +++ b/manifests/_apps/tailscale-operator.yaml @@ -23,31 +23,3 @@ spec: jsonPointers: - /data --- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: tailscale-operator-chart - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: tailscale - name: scaleway - source: - repoURL: 'https://github.com/tailscale/tailscale.git' - path: "main/cmd/k8s-operator/deploy/chart" - targetRevision: HEAD - chart: tailscale-operator - helm: - version: v3 - values: |- - operatorConfig: - hostname: "scaleway" - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ---- diff --git a/manifests/tailscale-operator/manifest.yaml b/manifests/tailscale-operator/manifest.yaml index 25563b8..67f3813 100644 --- a/manifests/tailscale-operator/manifest.yaml +++ b/manifests/tailscale-operator/manifest.yaml @@ -1,4 +1,9 @@ apiVersion: v1 +kind: Namespace +metadata: + name: tailscale +--- +apiVersion: v1 kind: Secret metadata: name: operator-oauth @@ -9,3 +14,58 @@ metadata: kube-1password/secret-text-parse: "true" type: Opaque --- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tailscale-operator + namespace: tailscale +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-operator + strategy: + type: Recreate + template: + metadata: + labels: + app: tailscale-operator + spec: + containers: + - env: + - name: OPERATOR_HOSTNAME + value: tailscale-operator + - name: OPERATOR_SECRET + value: operator + - name: OPERATOR_LOGGING + value: info + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ENABLE_CONNECTOR + value: "false" + - name: CLIENT_ID_FILE + value: /oauth/client_id + - name: CLIENT_SECRET_FILE + value: /oauth/client_secret + - name: PROXY_IMAGE + value: tailscale/tailscale:unstable + - name: PROXY_TAGS + value: tag:k8s + - name: APISERVER_PROXY + value: "false" + - name: PROXY_FIREWALL_MODE + value: auto + image: tailscale/k8s-operator:unstable + imagePullPolicy: Always + name: operator + volumeMounts: + - mountPath: /oauth + name: oauth + readOnly: true + serviceAccountName: operator + volumes: + - name: oauth + secret: + secretName: operator-oauth diff --git a/manifests/tailscale-operator/rbac.yaml b/manifests/tailscale-operator/rbac.yaml new file mode 100644 index 0000000..ff0dcac --- /dev/null +++ b/manifests/tailscale-operator/rbac.yaml @@ -0,0 +1,117 @@ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: operator + namespace: tailscale +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxies + namespace: tailscale +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tailscale-operator +rules: + - apiGroups: + - "" + resources: + - events + - services + - services/status + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - '*' + - apiGroups: + - tailscale.com + resources: + - connectors + - connectors/status + verbs: + - get + - list + - watch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tailscale-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tailscale-operator +subjects: + - kind: ServiceAccount + name: operator + namespace: tailscale +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: operator + namespace: tailscale +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - '*' + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: proxies + namespace: tailscale +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: operator + namespace: tailscale +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: operator +subjects: + - kind: ServiceAccount + name: operator + namespace: tailscale +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: proxies + namespace: tailscale +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: proxies +subjects: + - kind: ServiceAccount + name: proxies + namespace: tailscale +---