diff --git a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
index c428d5d1e..12c8ff82a 100644
--- a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
@@ -1,6 +1,5 @@
 # Copyright (c) Tailscale Inc & AUTHORS
 # SPDX-License-Identifier: BSD-3-Clause
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,6 +24,10 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.operatorConfig.hostNetwork.enabled }}
+      hostNetwork: true
+      dnsPolicy: {{ .Values.operatorConfig.hostNetwork.dnsPolicy }}
+      {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -44,6 +47,11 @@ spec:
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- if .Values.operatorConfig.port.enabled }}
+          ports:
+            - containerPort: {{ .Values.operatorConfig.port.containerPort }}
+              protocol: TCP
+          {{- end }}
           {{- with .Values.operatorConfig.resources }}
           resources:
             {{- toYaml . | nindent 12 }}
@@ -68,6 +76,10 @@ spec:
               value: /oauth/client_id
             - name: CLIENT_SECRET_FILE
               value: /oauth/client_secret
+            {{- if .Values.operatorConfig.port.enabled }}
+            - name: PORT
+              value: {{ .Values.operatorConfig.port.containerPort | quote }}
+            {{- end }}
             {{- $proxyTag := printf ":%s" ( .Values.proxyConfig.image.tag | default .Chart.AppVersion )}}
             - name: PROXY_IMAGE
               value: {{ coalesce .Values.proxyConfig.image.repo .Values.proxyConfig.image.repository }}{{- if .Values.proxyConfig.image.digest -}}{{ printf "@%s" .Values.proxyConfig.image.digest}}{{- else -}}{{ printf "%s" $proxyTag }}{{- end }}
@@ -99,4 +111,4 @@ spec:
       {{- with .Values.operatorConfig.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+      {{- end }}
\ No newline at end of file
diff --git a/cmd/k8s-operator/deploy/chart/values.yaml b/cmd/k8s-operator/deploy/chart/values.yaml
index e6f4cada4..086ff76fa 100644
--- a/cmd/k8s-operator/deploy/chart/values.yaml
+++ b/cmd/k8s-operator/deploy/chart/values.yaml
@@ -22,6 +22,16 @@ operatorConfig:
   defaultTags:
     - "tag:k8s-operator"
 
+  # Manual configuration of Tailscaled port
+  port:
+    enabled: false
+    containerPort: 8080
+
+  # Optional host network configuration. Likely only needed for public Kubernetes nodes
+  hostNetwork:
+    enabled: false
+    dnsPolicy: ClusterFirstWithHostNet  # Common options: ClusterFirst, ClusterFirstWithHostNet, Default
+
   image:
     # Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/k8s-operator.
     repository: tailscale/k8s-operator