feat: expose flux observability services over tailscale

2026-03-05 00:43:29 +00:00
parent 86fb5d5b90
commit 06c1356f1e
2 changed files with 12 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -217,7 +217,7 @@ Ansible `site.yml` now skips `observability` and `observability-content` roles b
 ## Observability Stack
-The Ansible playbook deploys a lightweight observability stack in the `observability` namespace:
+Flux deploys a lightweight observability stack in the `observability` namespace:
 - `kube-prometheus-stack` (Prometheus + Grafana)
 - `loki`
@@ -225,7 +225,7 @@ The Ansible playbook deploys a lightweight observability stack in the `observabi
 Grafana content is managed as code via ConfigMaps in `infrastructure/addons/observability-content/` (Flux), migrated from `ansible/roles/observability-content/`.
-Services are kept internal by default, with optional declarative Tailscale exposure when the Tailscale Kubernetes Operator is healthy.
+Grafana and Prometheus are exposed via Tailscale (`loadBalancerClass: tailscale`) when the Tailscale Kubernetes Operator is healthy.
 ### Access Grafana and Prometheus
--- a/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml
+++ b/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml
@@ -29,7 +29,11 @@ spec:
        storageClassName: local-path
        size: 5Gi
      service:
-        type: ClusterIP
+        type: LoadBalancer
        loadBalancerClass: tailscale
        annotations:
          tailscale.com/hostname: grafana
          tailscale.com/proxy-class: infra-stable
      sidecar:
        datasources:
          enabled: true
@@ -41,7 +45,11 @@ spec:
          searchNamespace: observability
    prometheus:
      service:
-        type: ClusterIP
+        type: LoadBalancer
        loadBalancerClass: tailscale
        annotations:
          tailscale.com/hostname: prometheus
          tailscale.com/proxy-class: infra-stable
      prometheusSpec:
        retention: 7d
        storageSpec: