Switch to using the tailscale helm chart

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

manifests/_apps/tailscale-operator.yaml

@@ -14,9 +14,36 @@ spec:
     path: manifests/tailscale-operator
     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
     targetRevision: HEAD
-    kustomize:
+  syncPolicy:
-      commonLabels:
+    automated: {}
-        app.kubernetes.io/instance: scaleway-cluster
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tailscale-operator-chart-scaleway
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: tailscale
+    name: scaleway
+  source:
+    repoURL: 'https://pkgs.tailscale.com/helmcharts'
+    targetRevision: 1.56.0
+    chart: tailscale-operator
+    helm:
+      version: v3
+      values: |-
+        operatorConfig:
+          hostname: scaleway-cluster
   syncPolicy:
     automated: {}
     syncOptions:
@@ -56,6 +83,36 @@ spec:
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
+metadata:
+  name: tailscale-operator-chart-civo
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: tailscale
+    name: civo
+  source:
+    repoURL: 'https://pkgs.tailscale.com/helmcharts'
+    targetRevision: 1.56.0
+    chart: tailscale-operator
+    helm:
+      version: v3
+      values: |-
+        operatorConfig:
+          hostname: civo-cluster
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
 metadata:
   name: tailscale-operator-scaleway-old
   namespace: argocd
@@ -82,3 +139,33 @@ spec:
     jsonPointers:
     - /data
 ---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tailscale-operator-chart-scaleway-old
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: tailscale
+    name: cluster-fun (scaleway)
+  source:
+    repoURL: 'https://pkgs.tailscale.com/helmcharts'
+    targetRevision: 1.56.0
+    chart: tailscale-operator
+    helm:
+      version: v3
+      values: |-
+        operatorConfig:
+          hostname: scaleway-old-cluster
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+---

manifests/tailscale-operator/kustomization.yaml

@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-metadata:
-  name: tailscale-operator
-
-commonLabels:
-  app.kubernetes.io/name: tailscale-operator
-
-resources:
-- rbac.yaml
-- manifest.yaml

manifests/tailscale-operator/manifest.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: tailscale
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: operator-oauth
@@ -13,61 +8,3 @@ metadata:
     kube-1password/vault: Kubernetes
     kube-1password/secret-text-parse: "true"
 type: Opaque
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-    name: tailscale-operator
-    namespace: tailscale
-spec:
-    replicas: 1
-    selector:
-        matchLabels:
-            app: tailscale-operator
-    strategy:
-        type: Recreate
-    template:
-        metadata:
-            labels:
-                app: tailscale-operator
-        spec:
-            containers:
-                - env:
-                    - name: OPERATOR_HOSTNAME
-                      valueFrom:
-                        fieldRef:
-                          fieldPath: metadata.labels['app.kubernetes.io/instance']
-                    - name: OPERATOR_SECRET
-                      value: operator
-                    - name: OPERATOR_LOGGING
-                      value: info
-                    - name: OPERATOR_NAMESPACE
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.namespace
-                    - name: ENABLE_CONNECTOR
-                      value: "false"
-                    - name: CLIENT_ID_FILE
-                      value: /oauth/client_id
-                    - name: CLIENT_SECRET_FILE
-                      value: /oauth/client_secret
-                    - name: PROXY_IMAGE
-                      value: tailscale/tailscale:unstable
-                    - name: PROXY_TAGS
-                      value: tag:k8s
-                    - name: APISERVER_PROXY
-                      value: "false"
-                    - name: PROXY_FIREWALL_MODE
-                      value: auto
-                  image: tailscale/k8s-operator:unstable
-                  imagePullPolicy: Always
-                  name: operator
-                  volumeMounts:
-                    - mountPath: /oauth
-                      name: oauth
-                      readOnly: true
-            serviceAccountName: operator
-            volumes:
-                - name: oauth
-                  secret:
-                    secretName: operator-oauth

manifests/tailscale-operator/rbac.yaml

@@ -1,117 +0,0 @@
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-    name: operator
-    namespace: tailscale
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-    name: proxies
-    namespace: tailscale
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-    name: tailscale-operator
-rules:
-    - apiGroups:
-        - ""
-      resources:
-        - events
-        - services
-        - services/status
-      verbs:
-        - '*'
-    - apiGroups:
-        - networking.k8s.io
-      resources:
-        - ingresses
-        - ingresses/status
-      verbs:
-        - '*'
-    - apiGroups:
-        - tailscale.com
-      resources:
-        - connectors
-        - connectors/status
-      verbs:
-        - get
-        - list
-        - watch
-        - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-    name: tailscale-operator
-roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: tailscale-operator
-subjects:
-    - kind: ServiceAccount
-      name: operator
-      namespace: tailscale
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-    name: operator
-    namespace: tailscale
-rules:
-    - apiGroups:
-        - ""
-      resources:
-        - secrets
-      verbs:
-        - '*'
-    - apiGroups:
-        - apps
-      resources:
-        - statefulsets
-      verbs:
-        - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-    name: proxies
-    namespace: tailscale
-rules:
-    - apiGroups:
-        - ""
-      resources:
-        - secrets
-      verbs:
-        - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-    name: operator
-    namespace: tailscale
-roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: operator
-subjects:
-    - kind: ServiceAccount
-      name: operator
-      namespace: tailscale
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-    name: proxies
-    namespace: tailscale
-roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: proxies
-subjects:
-    - kind: ServiceAccount
-      name: proxies
-      namespace: tailscale
----