diff --git a/ansible/roles/addon-secrets-bootstrap/tasks/main.yml b/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
index e6824dc..369597f 100644
--- a/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
+++ b/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
@@ -9,6 +9,25 @@
   no_log: true
   when: hcloud_token | default('') | length > 0
 
+- name: Ensure Tailscale operator namespace exists
+  command: >-
+    kubectl create namespace {{ tailscale_operator_namespace | default('tailscale-system') }}
+    --dry-run=client -o yaml
+  register: tailscale_namespace_manifest
+  changed_when: false
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0
+
+- name: Apply Tailscale operator namespace
+  command: kubectl apply -f -
+  args:
+    stdin: "{{ tailscale_namespace_manifest.stdout }}"
+  changed_when: true
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0
+
 - name: Apply Tailscale operator OAuth secret
   shell: >-
     kubectl -n {{ tailscale_operator_namespace | default('tailscale-system') }} create secret generic operator-oauth