feat: add Tailscale Kubernetes Operator for Grafana/Prometheus access

ansible/roles/tailscale-operator/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+tailscale_operator_namespace: "tailscale-system"
+tailscale_operator_version: "1.68.1"
+
+tailscale_oauth_client_id: ""
+tailscale_oauth_client_secret: ""
+
+tailscale_operator_hostname: ""

ansible/roles/tailscale-operator/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+- name: Check if Helm is installed
+  command: helm version --short
+  register: helm_check
+  changed_when: false
+  failed_when: false
+
+- name: Install Helm
+  shell: curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+  when: helm_check.rc != 0
+  changed_when: true
+
+- name: Create Tailscale operator namespace
+  command: kubectl create namespace {{ tailscale_operator_namespace }}
+  register: create_ns
+  failed_when: create_ns.rc != 0 and "AlreadyExists" not in create_ns.stderr
+  changed_when: create_ns.rc == 0
+
+- name: Add Tailscale Helm repo
+  command: helm repo add tailscale https://pkgs.tailscale.com/unstable/helmcharts
+  register: add_repo
+  failed_when: add_repo.rc != 0 and "already exists" not in add_repo.stderr
+  changed_when: add_repo.rc == 0
+
+- name: Update Helm repos
+  command: helm repo update
+  changed_when: false
+
+- name: Write Tailscale operator values
+  template:
+    src: operator-values.yaml.j2
+    dest: /tmp/tailscale-operator-values.yaml
+    mode: "0644"
+
+- name: Install Tailscale Kubernetes Operator
+  command: >-
+    helm upgrade --install tailscale-operator tailscale/operator
+    --namespace {{ tailscale_operator_namespace }}
+    --version {{ tailscale_operator_version }}
+    --values /tmp/tailscale-operator-values.yaml
+    --wait
+    --timeout 5m
+  changed_when: true
+
+- name: Wait for Tailscale operator to be ready
+  command: kubectl -n {{ tailscale_operator_namespace }} rollout status deployment/tailscale-operator --timeout=5m
+  changed_when: false

ansible/roles/tailscale-operator/templates/operator-values.yaml.j2

@@ -0,0 +1,9 @@
+apiServerProxyConfig:
+  mode: "true"
+
+oauth:
+  clientId: "{{ tailscale_oauth_client_id }}"
+  clientSecret: "{{ tailscale_oauth_client_secret }}"
+
+operatorConfig:
+  hostname: "{{ tailscale_operator_hostname | default('ts-operator') }}"