From b0c4beb211e096c5694530b80a07aed2d895e290 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Fri, 15 Dec 2023 18:50:28 +0000 Subject: [PATCH] Switch to using the tailscale helm chart Signed-off-by: Marcus Noble --- manifests/_apps/tailscale-operator.yaml | 93 +++++++++++++- .../tailscale-operator/kustomization.yaml | 11 -- manifests/tailscale-operator/manifest.yaml | 63 ---------- manifests/tailscale-operator/rbac.yaml | 117 ------------------ 4 files changed, 90 insertions(+), 194 deletions(-) delete mode 100644 manifests/tailscale-operator/kustomization.yaml delete mode 100644 manifests/tailscale-operator/rbac.yaml diff --git a/manifests/_apps/tailscale-operator.yaml b/manifests/_apps/tailscale-operator.yaml index 246824e..5a02172 100644 --- a/manifests/_apps/tailscale-operator.yaml +++ b/manifests/_apps/tailscale-operator.yaml @@ -14,9 +14,36 @@ spec: path: manifests/tailscale-operator repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" targetRevision: HEAD - kustomize: - commonLabels: - app.kubernetes.io/instance: scaleway-cluster + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + ignoreDifferences: + - kind: Secret + jsonPointers: + - /data +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tailscale-operator-chart-scaleway + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: cluster.fun + destination: + namespace: tailscale + name: scaleway + source: + repoURL: 'https://pkgs.tailscale.com/helmcharts' + targetRevision: 1.56.0 + chart: tailscale-operator + helm: + version: v3 + values: |- + operatorConfig: + hostname: scaleway-cluster syncPolicy: automated: {} syncOptions: @@ -56,6 +83,36 @@ spec: --- apiVersion: argoproj.io/v1alpha1 kind: Application +metadata: + name: tailscale-operator-chart-civo + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: cluster.fun + destination: + namespace: tailscale + name: civo + source: + repoURL: 'https://pkgs.tailscale.com/helmcharts' + targetRevision: 1.56.0 + chart: tailscale-operator + helm: + version: v3 + values: |- + operatorConfig: + hostname: civo-cluster + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + ignoreDifferences: + - kind: Secret + jsonPointers: + - /data +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application metadata: name: tailscale-operator-scaleway-old namespace: argocd @@ -82,3 +139,33 @@ spec: jsonPointers: - /data --- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tailscale-operator-chart-scaleway-old + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: cluster.fun + destination: + namespace: tailscale + name: cluster-fun (scaleway) + source: + repoURL: 'https://pkgs.tailscale.com/helmcharts' + targetRevision: 1.56.0 + chart: tailscale-operator + helm: + version: v3 + values: |- + operatorConfig: + hostname: scaleway-old-cluster + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + ignoreDifferences: + - kind: Secret + jsonPointers: + - /data +--- diff --git a/manifests/tailscale-operator/kustomization.yaml b/manifests/tailscale-operator/kustomization.yaml deleted file mode 100644 index 8500fd9..0000000 --- a/manifests/tailscale-operator/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -metadata: - name: tailscale-operator - -commonLabels: - app.kubernetes.io/name: tailscale-operator - -resources: -- rbac.yaml -- manifest.yaml diff --git a/manifests/tailscale-operator/manifest.yaml b/manifests/tailscale-operator/manifest.yaml index ae11f0f..59c7fa0 100644 --- a/manifests/tailscale-operator/manifest.yaml +++ b/manifests/tailscale-operator/manifest.yaml @@ -1,9 +1,4 @@ apiVersion: v1 -kind: Namespace -metadata: - name: tailscale ---- -apiVersion: v1 kind: Secret metadata: name: operator-oauth @@ -13,61 +8,3 @@ metadata: kube-1password/vault: Kubernetes kube-1password/secret-text-parse: "true" type: Opaque ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tailscale-operator - namespace: tailscale -spec: - replicas: 1 - selector: - matchLabels: - app: tailscale-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: tailscale-operator - spec: - containers: - - env: - - name: OPERATOR_HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['app.kubernetes.io/instance'] - - name: OPERATOR_SECRET - value: operator - - name: OPERATOR_LOGGING - value: info - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_CONNECTOR - value: "false" - - name: CLIENT_ID_FILE - value: /oauth/client_id - - name: CLIENT_SECRET_FILE - value: /oauth/client_secret - - name: PROXY_IMAGE - value: tailscale/tailscale:unstable - - name: PROXY_TAGS - value: tag:k8s - - name: APISERVER_PROXY - value: "false" - - name: PROXY_FIREWALL_MODE - value: auto - image: tailscale/k8s-operator:unstable - imagePullPolicy: Always - name: operator - volumeMounts: - - mountPath: /oauth - name: oauth - readOnly: true - serviceAccountName: operator - volumes: - - name: oauth - secret: - secretName: operator-oauth diff --git a/manifests/tailscale-operator/rbac.yaml b/manifests/tailscale-operator/rbac.yaml deleted file mode 100644 index ff0dcac..0000000 --- a/manifests/tailscale-operator/rbac.yaml +++ /dev/null @@ -1,117 +0,0 @@ - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: operator - namespace: tailscale ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: proxies - namespace: tailscale ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tailscale-operator -rules: - - apiGroups: - - "" - resources: - - events - - services - - services/status - verbs: - - '*' - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - verbs: - - '*' - - apiGroups: - - tailscale.com - resources: - - connectors - - connectors/status - verbs: - - get - - list - - watch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tailscale-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tailscale-operator -subjects: - - kind: ServiceAccount - name: operator - namespace: tailscale ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: operator - namespace: tailscale -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: proxies - namespace: tailscale -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: operator - namespace: tailscale -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: - - kind: ServiceAccount - name: operator - namespace: tailscale ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: proxies - namespace: tailscale -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: proxies -subjects: - - kind: ServiceAccount - name: proxies - namespace: tailscale ----