From 349f75729a5fd61d0e76a1c7eb2c892451d0685c Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Fri, 20 Mar 2026 09:24:35 +0000
Subject: [PATCH] fix: bootstrap tailscale namespace before secret

---
 .../addon-secrets-bootstrap/tasks/main.yml    | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/ansible/roles/addon-secrets-bootstrap/tasks/main.yml b/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
index e6824dc..369597f 100644
--- a/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
+++ b/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
@@ -9,6 +9,25 @@
   no_log: true
   when: hcloud_token | default('') | length > 0
 
+- name: Ensure Tailscale operator namespace exists
+  command: >-
+    kubectl create namespace {{ tailscale_operator_namespace | default('tailscale-system') }}
+    --dry-run=client -o yaml
+  register: tailscale_namespace_manifest
+  changed_when: false
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0
+
+- name: Apply Tailscale operator namespace
+  command: kubectl apply -f -
+  args:
+    stdin: "{{ tailscale_namespace_manifest.stdout }}"
+  changed_when: true
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0
+
 - name: Apply Tailscale operator OAuth secret
   shell: >-
     kubectl -n {{ tailscale_operator_namespace | default('tailscale-system') }} create secret generic operator-oauth