Update envoy-gateway-system namespace to enforce privileged pod security and adjust tailscale-gateway deployment with increased replicas and new annotations for Tailscale integration.

Author: rajsinghtech

clusters/common/apps/envoy-gateway-system/namespace.yaml

@@ -4,4 +4,5 @@ kind: Namespace
 metadata:
   name: envoy-gateway-system
   labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled 
+    kustomize.toolkit.fluxcd.io/prune: disabled 
+    pod-security.kubernetes.io/enforce: privileged

clusters/common/apps/keiretsu/tailscale-gateway/envoyproxy.yaml

@@ -8,7 +8,11 @@ spec:
     type: Kubernetes
     kubernetes:
       envoyDeployment:
-        replicas: 2
+        replicas: 3
+        pod:
+          annotations:
+            tailcar.rajsingh.info/inject: "true"
+            tailcar.rajsingh.info/tailnet: keiretsu-labs-github
       envoyService:
         annotations:
           tailscale.com/hostname: ${LOCATION}-keiretsu-envoy-gateway

tailscale/policy.hujson

@@ -147,6 +147,11 @@
 			"target": ["*"],
 			"app": {
 				"tailscale.com/app-connectors": [
+					{
+						"name":        "aws-cloudfront-global",
+						"connectors":  ["tag:k8s"],
+						"presetAppID": "aws-cloudfront-global",
+					},
 					{
 						"name":       "shared",
 						"connectors": ["tag:k8s"],