---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: tailscale-operator
  namespace: tailscale-system
spec:
  interval: 10m
  timeout: 5m
  chart:
    spec:
      chart: tailscale-operator
      version: "1.90.x"  # Update to match operator version
      sourceRef:
        kind: HelmRepository
        name: tailscale
        namespace: flux-system
      interval: 1h
  valuesFrom:
    # OAuth credentials loaded from SOPS-encrypted secret
    - kind: Secret
      name: operator-oauth
      valuesKey: values.yaml
  values:
    # Operator configuration
    operator:
      hostname: keyboardvagabond-operator
      replicaCount: 2
      image:
        repository: tailscale/k8s-operator
        tag: v1.90.8
        pullPolicy: IfNotPresent
      # Node anti-affinity to distribute operator pods across nodes
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - tailscale-operator
              topologyKey: kubernetes.io/hostname
    
    # Metrics configuration
    metrics:
      enabled: false
    
    # Resource limits
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        cpu: 500m
        memory: 512Mi