cmd/k8s-operator/deploy: allow modifying operator tags via Helm values

Updates tailscale/tailscale#10659

Signed-off-by: Chandon Pierre <[email protected]>

cmd/k8s-operator/deploy/chart/templates/deployment.yaml

@@ -49,6 +49,8 @@ spec:
           image: {{ .Values.operatorConfig.image.repo }}{{- if .Values.operatorConfig.image.digest -}}{{ printf "@%s" .Values.operatorConfig.image.digest}}{{- else -}}{{ printf "%s" $operatorTag }}{{- end }}
           imagePullPolicy: {{ .Values.operatorConfig.image.pullPolicy }}
           env:
+            - name: OPERATOR_INITIAL_TAGS
+              value: {{ join "," .Values.operatorConfig.defaultTags }}
             - name: OPERATOR_HOSTNAME
               value: {{ .Values.operatorConfig.hostname }}
             - name: OPERATOR_SECRET

cmd/k8s-operator/deploy/chart/values.yaml

@@ -15,6 +15,13 @@ oauth: {}
 installCRDs: "true"
 
 operatorConfig:
+  # ACL tag that operator will be tagged with. Operator must be made owner of
+  # these tags
+  # https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
+  # Multiple tags are defined as array items and passed to the operator as a comma-separated string
+  defaultTags:
+    - "tag:k8s-operator"
+
   image:
     repo: tailscale/k8s-operator
     # Digest will be prioritized over tag. If neither are set appVersion will be

cmd/k8s-operator/deploy/manifests/operator.yaml

@@ -284,6 +284,8 @@ spec:
         spec:
             containers:
                 - env:
+                    - name: OPERATOR_INITIAL_TAGS
+                      value: tag:k8s-operator
                     - name: OPERATOR_HOSTNAME
                       value: tailscale-operator
                     - name: OPERATOR_SECRET

docs/windows/policy/tailscale.admx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <policyDefinitions revision="1.0" schemaVersion="1.0"
                    xmlns="http://www.microsoft.com/GroupPolicy/PolicyDefinitions">
   <policyNamespaces>