From 210b617cc9117639e22f09a1031595502d9ab482 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Mon, 2 Mar 2026 23:32:36 +0000
Subject: [PATCH] fix: pin tailscale operator to control-plane node for DNS
 stability

---
 ansible/roles/tailscale-operator/defaults/main.yml     |  8 ++++++++
 .../templates/operator-values.yaml.j2                  | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/ansible/roles/tailscale-operator/defaults/main.yml b/ansible/roles/tailscale-operator/defaults/main.yml
index 5b2cb2c..77f28ab 100644
--- a/ansible/roles/tailscale-operator/defaults/main.yml
+++ b/ansible/roles/tailscale-operator/defaults/main.yml
@@ -7,3 +7,11 @@ tailscale_oauth_client_secret: ""
 
 tailscale_operator_default_tags:
   - "tag:k8s-operator"
+
+tailscale_operator_node_selector:
+  kubernetes.io/hostname: "k8s-cluster-cp-1"
+
+tailscale_operator_tolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
diff --git a/ansible/roles/tailscale-operator/templates/operator-values.yaml.j2 b/ansible/roles/tailscale-operator/templates/operator-values.yaml.j2
index af3bebb..58a5baf 100644
--- a/ansible/roles/tailscale-operator/templates/operator-values.yaml.j2
+++ b/ansible/roles/tailscale-operator/templates/operator-values.yaml.j2
@@ -6,5 +6,15 @@ operatorConfig:
 {% for tag in tailscale_operator_default_tags %}
     - "{{ tag }}"
 {% endfor %}
+  nodeSelector:
+{% for key, value in tailscale_operator_node_selector.items() %}
+    {{ key }}: "{{ value }}"
+{% endfor %}
+  tolerations:
+{% for tol in tailscale_operator_tolerations %}
+    - key: "{{ tol.key }}"
+      operator: "{{ tol.operator }}"
+      effect: "{{ tol.effect }}"
+{% endfor %}
 
 installCRDs: true