fix: pin tailscale operator to control-plane node for DNS stability

ansible/roles/tailscale-operator/defaults/main.yml

@@ -7,3 +7,11 @@ tailscale_oauth_client_secret: ""
 
 tailscale_operator_default_tags:
   - "tag:k8s-operator"
+
+tailscale_operator_node_selector:
+  kubernetes.io/hostname: "k8s-cluster-cp-1"
+
+tailscale_operator_tolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"

ansible/roles/tailscale-operator/templates/operator-values.yaml.j2

@@ -6,5 +6,15 @@ operatorConfig:
 {% for tag in tailscale_operator_default_tags %}
     - "{{ tag }}"
 {% endfor %}
+  nodeSelector:
+{% for key, value in tailscale_operator_node_selector.items() %}
+    {{ key }}: "{{ value }}"
+{% endfor %}
+  tolerations:
+{% for tol in tailscale_operator_tolerations %}
+    - key: "{{ tol.key }}"
+      operator: "{{ tol.operator }}"
+      effect: "{{ tol.effect }}"
+{% endfor %}
 
 installCRDs: true