HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Tailscale DNS names instead of IPs for TLS SANs
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m21s
Details
Deploy Cluster / Ansible (push) Successful in 9m0s
Details

Browse Source 
Changed from hardcoded Tailscale IPs to DNS names:
- k8s-cluster-cp-1.silverside-gopher.ts.net
- k8s-cluster-cp-2.silverside-gopher.ts.net
- k8s-cluster-cp-3.silverside-gopher.ts.net

This is more robust since Tailscale IPs change on rebuild,
but DNS names remain consistent.

After next rebuild, cluster accessible via:
- kubectl --server=https://k8s-cluster-cp-1.silverside-gopher.ts.net:6443
This commit is contained in:
MichaelFisher1997
2026-03-23 23:50:48 +00:00
parent 4726db2b5b
commit 0e52d8f159
2 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/roles/k3s-server/tasks/main.yml
View File

@@ -64,7 +64,7 @@
--tls-san={{ k3s_primary_ip }}
--tls-san={{ k3s_primary_public_ip }}
--tls-san={{ kube_api_endpoint }}
{% for ip in tailscale_control_plane_ips %}--tls-san={{ ip }} {% endfor %}
{% for name in tailscale_control_plane_names %}--tls-san={{ name }} {% endfor %}
{% if k3s_disable_embedded_ccm | bool %}--disable-cloud-controller{% endif %}
{% if k3s_disable_servicelb | bool %}--disable=servicelb{% endif %}
{% if k3s_kubelet_cloud_provider_external | bool %}--kubelet-arg=cloud-provider=external{% endif %}