Increase priority of tailscale pods

2025-05-19 11:38:04 -06:00 · 2025-05-19 11:38:04 -06:00 · 23cc0fd76c
commit 23cc0fd76c
parent 485f26ca19
5 changed files with 62 additions and 2 deletions
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -47,13 +47,13 @@ releases:
    namespace: tailscale
    createNamespace: true
    chart: tailscale/tailscale-operator
+    values:
+      - ./tailscale/values.yaml
    setString:
      - name: oauth.clientId
        value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }}
      - name: oauth.clientSecret
        value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }}
-      - name: apiServerProxyConfig.mode
-        value: noauth
  # storage infrastructure
  - name: rook-ceph
    namespace: rook-ceph
--- a/tailscale/connector.yaml
+++ b/tailscale/connector.yaml
@ -0,0 +1,11 @@
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+  name: home-cidr
+spec:
+  tags:
+  - "tag:k8s"
+  hostname: home-cidr
+  subnetRouter:
+    advertiseRoutes:
+      - "192.168.1.0/24"
--- a/tailscale/rbac.yaml
+++ b/tailscale/rbac.yaml
@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tailscale
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tailscale
+rules:
+  - apiGroups: [""]
+    resourceNames: ["tailscale-auth"]
+    resources: ["secrets"]
+    verbs: ["get", "update", "patch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tailscale
+subjects:
+  - kind: ServiceAccount
+    name: tailscale
+roleRef:
+  kind: Role
+  name: tailscale
+  apiGroup: rbac.authorization.k8s.io
--- a/tailscale/values.yaml
+++ b/tailscale/values.yaml
@ -0,0 +1,4 @@
+operatorConfig:
+  extraEnv:
+    - name: PROXY_PRIORITY_CLASS_NAME
+      value: critical
--- a/utils/priorityclasses.yaml
+++ b/utils/priorityclasses.yaml
@ -0,0 +1,15 @@
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: critical
+value: 1000000
+globalDefault: false
+description: "This priority class is for admin and critical maintenance services"
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: high
+value: 500000
+globalDefault: false
+description: "This priority class is for high value services"