add services

clusters/cl01tl/services/tailscale-operator/templates/connector.yaml

@@ -0,0 +1,19 @@
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+  name: subnet-router-local
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: subnet-router-local
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: tailscale
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  hostname: subnet-router-local-cl01tl
+  proxyClass: default
+  subnetRouter:
+    advertiseRoutes:
+      - 192.168.1.0/24
+      - 10.230.0.0/24
+      - 10.232.0.0/22

clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml

@@ -0,0 +1,16 @@
+apiVersion: tailscale.com/v1alpha1
+kind: DNSConfig
+metadata:
+  name: ts-dns
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ts-dns
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: tailscale
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  nameserver:
+    image:
+      repo: tailscale/k8s-nameserver
+      tag: unstable-v1.81.44

clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: operator-oauth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: operator-oauth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: client_id
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /tailscale/k8s-operator
+        metadataPolicy: None
+        property: clientId
+    - secretKey: client_secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /tailscale/k8s-operator
+        metadataPolicy: None
+        property: clientSecret

clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml

@@ -0,0 +1,26 @@
+apiVersion: tailscale.com/v1alpha1
+kind: ProxyClass
+metadata:
+  name: default
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: default
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: proxy
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  metrics:
+    enable: true
+    serviceMonitor:
+      enable: true
+  statefulSet:
+    pod:
+      tailscaleContainer:
+        resources:
+          limits:
+            squat.ai/tun: "1"
+      tailscaleInitContainer:
+        resources:
+          limits:
+            squat.ai/tun: "1"