{"id":31545234,"url":"https://github.com/rajsinghtech/tailcar","last_synced_at":"2026-04-16T03:32:29.112Z","repository":{"id":317815472,"uuid":"1068811759","full_name":"rajsinghtech/tailcar","owner":"rajsinghtech","description":"Tailscale Sidecar Injector for Kubernetes","archived":false,"fork":false,"pushed_at":"2025-10-23T02:39:50.000Z","size":137,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-23T04:24:50.086Z","etag":null,"topics":["kubernetes","kubernetes-operator","sidecar","tailscale"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rajsinghtech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-03T00:18:49.000Z","updated_at":"2025-10-23T02:39:01.000Z","dependencies_parsed_at":"2025-10-03T08:41:50.121Z","dependency_job_id":"06fb3569-9a52-4f92-9c7a-c6712917852e","html_url":"https://github.com/rajsinghtech/tailcar","commit_stats":null,"previous_names":["rajsinghtech/tailcar"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/rajsinghtech/tailcar","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftailcar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftailcar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftailcar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftailcar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rajsinghtech","download_url":"https://codeload.github.com/rajsinghtech/tailcar/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftailcar/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31870507,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"online","status_checked_at":"2026-04-16T02:00:06.042Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","kubernetes-operator","sidecar","tailscale"],"created_at":"2025-10-04T14:42:10.949Z","updated_at":"2026-04-16T03:32:29.104Z","avatar_url":"https://github.com/rajsinghtech.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tailcar\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg width=\"200\" alt=\"Tailcar Logo\" src=\"./assets/logo.svg\"\u003e\n\n  [![Go Report Card](https://goreportcard.com/badge/github.com/rajsinghtech/tailcar)](https://goreportcard.com/report/github.com/rajsinghtech/tailcar)\n  [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n  [![Kubernetes](https://img.shields.io/badge/Kubernetes-v1.20+-blue.svg)](https://kubernetes.io/)\n\n  **Kubernetes operator for automatic Tailscale sidecar injection**\n\n  Seamlessly integrate Tailscale into your Kubernetes pods with zero-touch sidecar injection.\n\u003c/div\u003e\n\n---\n\n## Quick Start\n\n### Prerequisites\n- Kubernetes cluster (v1.20+)\n- `kubectl` configured\n- Helm 3.x (recommended)\n- [cert-manager](https://cert-manager.io/) installed (for webhook TLS)\n- Tailscale account with OAuth client\n\n### Install cert-manager\n\n```bash\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.0/cert-manager.yaml\n```\n\n### Install with Helm (Recommended)\n\n```bash\n# Create namespace and install latest stable release\nkubectl create namespace tailcar-system\nhelm install tailcar oci://ghcr.io/rajsinghtech/tailcar-helm \\\n  --namespace tailcar-system\n```\n\n### Create Tailscale OAuth Secret\n\n```bash\nkubectl create secret generic my-tailnet-oauth \\\n  --from-literal=client-id='\u003cyour-oauth-client-id\u003e' \\\n  --from-literal=client-secret='\u003cyour-oauth-client-secret\u003e' \\\n  -n default\n```\n\n### Create Your First Tailnet\n\n```yaml\napiVersion: tailcar.rajsingh.info/v1alpha1\nkind: Tailnet\nmetadata:\n  name: my-tailnet\nspec:\n  tailnetName: \"-\"  # Use \"-\" for default tailnet\n\n  oauthSecretRef:\n    name: my-tailnet-oauth\n    namespace: default\n\n  tailscale:\n    tags:\n      - \"tag:k8s\"\n```\n\n```bash\nkubectl apply -f tailnet.yaml\n```\n\n### Enable Sidecar Injection\n\n#### Option 1: Per-Pod Injection\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: my-app\n  annotations:\n    tailcar.rajsingh.info/inject: \"true\"\n    tailcar.rajsingh.info/tailnet: \"my-tailnet\"\nspec:\n  containers:\n  - name: app\n    image: nginx\n```\n\n#### Option 2: Namespace-Level Injection\n\nEnable automatic injection for all pods in a namespace:\n\n```yaml\napiVersion: v1\nkind: Namespace\nmetadata:\n  name: production\n  labels:\n    tailcar.rajsingh.info/injection: \"enabled\"\n    tailcar.rajsingh.info/default-tailnet: \"my-tailnet\"\n```\n\nAll pods created in this namespace will automatically get the Tailscale sidecar injected. Individual pods can override the tailnet by setting the `tailcar.rajsingh.info/tailnet` annotation.\n\n```bash\nkubectl apply -f pod.yaml\n```\n\n---\n\n### OAuth Client Setup\n\nCreate an OAuth client in the [Tailscale admin console](https://login.tailscale.com/admin/settings/oauth):\n\n1. Navigate to **Settings** → **OAuth clients**\n2. Generate a new OAuth client\n3. Grant required scopes:\n   - `all:write` (recommended for operator)\n   - Or: `devices:write` + `keys:write`\n4. Add tags that the client can create (e.g., `tag:k8s`)\n\n**Scopes Explained:**\n- `all:write` - Full access to manage devices and keys\n- `devices:write` - Create and modify devices\n- `keys:write` - Create and manage authentication keys\n\n---\n\n## License\n\nThis project is licensed under the [Apache License 2.0](LICENSE).\n\n---\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=rajsinghtech/tailcar\u0026type=Date)](https://star-history.com/#rajsinghtech/tailcar\u0026Date)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n*Built with [Kubebuilder](https://kubebuilder.io/) and \u003c3 from the [Tailscale](https://tailscale.com) community*\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frajsinghtech%2Ftailcar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frajsinghtech%2Ftailcar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frajsinghtech%2Ftailcar/lists"}