cmd/k8s-operator: allow pod tolerations on nameservers (#17260)

This commit modifies the `DNSConfig` custom resource to allow specifying
[tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
on the nameserver pods.

This will allow users to dictate where their nameserver pods are located
within their clusters.

Fixes: https://github.com/tailscale/tailscale/issues/17092

Signed-off-by: David Bond <davidsbond93@gmail.com>

cmd/k8s-operator/nameserver_test.go

@@ -42,6 +42,16 @@ func TestNameserverReconciler(t *testing.T) {
 				Service: &tsapi.NameserverService{
 					ClusterIP: "5.4.3.2",
 				},
+				Pod: &tsapi.NameserverPod{
+					Tolerations: []corev1.Toleration{
+						{
+							Key:      "some-key",
+							Operator: corev1.TolerationOpEqual,
+							Value:    "some-value",
+							Effect:   corev1.TaintEffectNoSchedule,
+						},
+					},
+				},
 			},
 		},
 	}
@@ -79,6 +89,15 @@ func TestNameserverReconciler(t *testing.T) {
 		wantsDeploy.Spec.Replicas = ptr.To[int32](3)
 		wantsDeploy.Namespace = tsNamespace
 		wantsDeploy.ObjectMeta.Labels = nameserverLabels
+		wantsDeploy.Spec.Template.Spec.Tolerations = []corev1.Toleration{
+			{
+				Key:      "some-key",
+				Operator: corev1.TolerationOpEqual,
+				Value:    "some-value",
+				Effect:   corev1.TaintEffectNoSchedule,
+			},
+		}
+
 		expectEqual(t, fc, wantsDeploy)
 	})