From 23cc0fd76c65ba93fadd1764c5c0868f00b9df0f Mon Sep 17 00:00:00 2001 From: Grant <5445379+grantdhunter@users.noreply.github.com> Date: Mon, 19 May 2025 11:38:04 -0600 Subject: [PATCH] Increase priority of tailscale pods --- helmfile.yaml | 4 ++-- tailscale/connector.yaml | 11 +++++++++++ tailscale/rbac.yaml | 30 ++++++++++++++++++++++++++++++ tailscale/values.yaml | 4 ++++ utils/priorityclasses.yaml | 15 +++++++++++++++ 5 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 tailscale/connector.yaml create mode 100644 tailscale/rbac.yaml create mode 100644 tailscale/values.yaml create mode 100644 utils/priorityclasses.yaml diff --git a/helmfile.yaml b/helmfile.yaml index 260ab86..9cb2e46 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -47,13 +47,13 @@ releases: namespace: tailscale createNamespace: true chart: tailscale/tailscale-operator + values: + - ./tailscale/values.yaml setString: - name: oauth.clientId value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }} - name: oauth.clientSecret value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }} - - name: apiServerProxyConfig.mode - value: noauth # storage infrastructure - name: rook-ceph namespace: rook-ceph diff --git a/tailscale/connector.yaml b/tailscale/connector.yaml new file mode 100644 index 0000000..ef42258 --- /dev/null +++ b/tailscale/connector.yaml @@ -0,0 +1,11 @@ +apiVersion: tailscale.com/v1alpha1 +kind: Connector +metadata: + name: home-cidr +spec: + tags: + - "tag:k8s" + hostname: home-cidr + subnetRouter: + advertiseRoutes: + - "192.168.1.0/24" diff --git a/tailscale/rbac.yaml b/tailscale/rbac.yaml new file mode 100644 index 0000000..ed5137a --- /dev/null +++ b/tailscale/rbac.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tailscale +rules: + - apiGroups: [""] + resourceNames: ["tailscale-auth"] + resources: ["secrets"] + verbs: ["get", "update", "patch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tailscale +subjects: + - kind: ServiceAccount + name: tailscale +roleRef: + kind: Role + name: tailscale + apiGroup: rbac.authorization.k8s.io diff --git a/tailscale/values.yaml b/tailscale/values.yaml new file mode 100644 index 0000000..21ec46a --- /dev/null +++ b/tailscale/values.yaml @@ -0,0 +1,4 @@ +operatorConfig: + extraEnv: + - name: PROXY_PRIORITY_CLASS_NAME + value: critical diff --git a/utils/priorityclasses.yaml b/utils/priorityclasses.yaml new file mode 100644 index 0000000..3af03f1 --- /dev/null +++ b/utils/priorityclasses.yaml @@ -0,0 +1,15 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: critical +value: 1000000 +globalDefault: false +description: "This priority class is for admin and critical maintenance services" +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: high +value: 500000 +globalDefault: false +description: "This priority class is for high value services"