Remove tailscale-operator chart

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

manifests/_apps/tailscale-operator.yaml

@@ -23,31 +23,3 @@ spec:
     jsonPointers:
     - /data
 ---
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: tailscale-operator-chart
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: cluster.fun
-  destination:
-    namespace: tailscale
-    name: scaleway
-  source:
-    repoURL: 'https://github.com/tailscale/tailscale.git'
-    path: "main/cmd/k8s-operator/deploy/chart"
-    targetRevision: HEAD
-    chart: tailscale-operator
-    helm:
-      version: v3
-      values: |-
-        operatorConfig:
-          hostname: "scaleway"
-  syncPolicy:
-    automated: {}
-    syncOptions:
-      - CreateNamespace=true
-
----

manifests/tailscale-operator/manifest.yaml

@@ -1,4 +1,9 @@
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: tailscale
+---
+apiVersion: v1
 kind: Secret
 metadata:
   name: operator-oauth
@@ -9,3 +14,58 @@ metadata:
     kube-1password/secret-text-parse: "true"
 type: Opaque
 ---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: tailscale-operator
+    namespace: tailscale
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            app: tailscale-operator
+    strategy:
+        type: Recreate
+    template:
+        metadata:
+            labels:
+                app: tailscale-operator
+        spec:
+            containers:
+                - env:
+                    - name: OPERATOR_HOSTNAME
+                      value: tailscale-operator
+                    - name: OPERATOR_SECRET
+                      value: operator
+                    - name: OPERATOR_LOGGING
+                      value: info
+                    - name: OPERATOR_NAMESPACE
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.namespace
+                    - name: ENABLE_CONNECTOR
+                      value: "false"
+                    - name: CLIENT_ID_FILE
+                      value: /oauth/client_id
+                    - name: CLIENT_SECRET_FILE
+                      value: /oauth/client_secret
+                    - name: PROXY_IMAGE
+                      value: tailscale/tailscale:unstable
+                    - name: PROXY_TAGS
+                      value: tag:k8s
+                    - name: APISERVER_PROXY
+                      value: "false"
+                    - name: PROXY_FIREWALL_MODE
+                      value: auto
+                  image: tailscale/k8s-operator:unstable
+                  imagePullPolicy: Always
+                  name: operator
+                  volumeMounts:
+                    - mountPath: /oauth
+                      name: oauth
+                      readOnly: true
+            serviceAccountName: operator
+            volumes:
+                - name: oauth
+                  secret:
+                    secretName: operator-oauth

manifests/tailscale-operator/rbac.yaml

@@ -0,0 +1,117 @@
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: operator
+    namespace: tailscale
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: proxies
+    namespace: tailscale
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: tailscale-operator
+rules:
+    - apiGroups:
+        - ""
+      resources:
+        - events
+        - services
+        - services/status
+      verbs:
+        - '*'
+    - apiGroups:
+        - networking.k8s.io
+      resources:
+        - ingresses
+        - ingresses/status
+      verbs:
+        - '*'
+    - apiGroups:
+        - tailscale.com
+      resources:
+        - connectors
+        - connectors/status
+      verbs:
+        - get
+        - list
+        - watch
+        - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: tailscale-operator
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: tailscale-operator
+subjects:
+    - kind: ServiceAccount
+      name: operator
+      namespace: tailscale
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: operator
+    namespace: tailscale
+rules:
+    - apiGroups:
+        - ""
+      resources:
+        - secrets
+      verbs:
+        - '*'
+    - apiGroups:
+        - apps
+      resources:
+        - statefulsets
+      verbs:
+        - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: proxies
+    namespace: tailscale
+rules:
+    - apiGroups:
+        - ""
+      resources:
+        - secrets
+      verbs:
+        - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: operator
+    namespace: tailscale
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: operator
+subjects:
+    - kind: ServiceAccount
+      name: operator
+      namespace: tailscale
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: proxies
+    namespace: tailscale
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: proxies
+subjects:
+    - kind: ServiceAccount
+      name: proxies
+      namespace: tailscale
+---