diff --git a/helmfile.yaml b/helmfile.yaml
index 260ab86..9cb2e46 100644
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -47,13 +47,13 @@ releases:
     namespace: tailscale
     createNamespace: true
     chart: tailscale/tailscale-operator
+    values:
+      - ./tailscale/values.yaml
     setString:
       - name: oauth.clientId
         value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }}
       - name: oauth.clientSecret
         value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }}
-      - name: apiServerProxyConfig.mode
-        value: noauth
   # storage infrastructure
   - name: rook-ceph
     namespace: rook-ceph
diff --git a/tailscale/connector.yaml b/tailscale/connector.yaml
new file mode 100644
index 0000000..ef42258
--- /dev/null
+++ b/tailscale/connector.yaml
@@ -0,0 +1,11 @@
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+  name: home-cidr
+spec:
+  tags:
+  - "tag:k8s"
+  hostname: home-cidr
+  subnetRouter:
+    advertiseRoutes:
+      - "192.168.1.0/24"
diff --git a/tailscale/rbac.yaml b/tailscale/rbac.yaml
new file mode 100644
index 0000000..ed5137a
--- /dev/null
+++ b/tailscale/rbac.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tailscale
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tailscale
+rules:
+  - apiGroups: [""]
+    resourceNames: ["tailscale-auth"]
+    resources: ["secrets"]
+    verbs: ["get", "update", "patch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tailscale
+subjects:
+  - kind: ServiceAccount
+    name: tailscale
+roleRef:
+  kind: Role
+  name: tailscale
+  apiGroup: rbac.authorization.k8s.io
diff --git a/tailscale/values.yaml b/tailscale/values.yaml
new file mode 100644
index 0000000..21ec46a
--- /dev/null
+++ b/tailscale/values.yaml
@@ -0,0 +1,4 @@
+operatorConfig:
+  extraEnv:
+    - name: PROXY_PRIORITY_CLASS_NAME
+      value: critical
diff --git a/utils/priorityclasses.yaml b/utils/priorityclasses.yaml
new file mode 100644
index 0000000..3af03f1
--- /dev/null
+++ b/utils/priorityclasses.yaml
@@ -0,0 +1,15 @@
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: critical
+value: 1000000
+globalDefault: false
+description: "This priority class is for admin and critical maintenance services"
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: high
+value: 500000
+globalDefault: false
+description: "This priority class is for high value services"