diff --git a/README.md b/README.md index 30e8f10..7e05130 100644 --- a/README.md +++ b/README.md @@ -217,7 +217,7 @@ Ansible `site.yml` now skips `observability` and `observability-content` roles b ## Observability Stack -The Ansible playbook deploys a lightweight observability stack in the `observability` namespace: +Flux deploys a lightweight observability stack in the `observability` namespace: - `kube-prometheus-stack` (Prometheus + Grafana) - `loki` @@ -225,7 +225,7 @@ The Ansible playbook deploys a lightweight observability stack in the `observabi Grafana content is managed as code via ConfigMaps in `infrastructure/addons/observability-content/` (Flux), migrated from `ansible/roles/observability-content/`. -Services are kept internal by default, with optional declarative Tailscale exposure when the Tailscale Kubernetes Operator is healthy. +Grafana and Prometheus are exposed via Tailscale (`loadBalancerClass: tailscale`) when the Tailscale Kubernetes Operator is healthy. ### Access Grafana and Prometheus diff --git a/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml b/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml index 2adcb62..b0931c1 100644 --- a/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml +++ b/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml @@ -29,7 +29,11 @@ spec: storageClassName: local-path size: 5Gi service: - type: ClusterIP + type: LoadBalancer + loadBalancerClass: tailscale + annotations: + tailscale.com/hostname: grafana + tailscale.com/proxy-class: infra-stable sidecar: datasources: enabled: true @@ -41,7 +45,11 @@ spec: searchNamespace: observability prometheus: service: - type: ClusterIP + type: LoadBalancer + loadBalancerClass: tailscale + annotations: + tailscale.com/hostname: prometheus + tailscale.com/proxy-class: infra-stable prometheusSpec: retention: 7d storageSpec: