feat: integrate tailscale access and lock SSH/API to tailnet

2026-03-01 04:04:56 +00:00
parent f95dfbf9ac
commit 1eebfe77df
9 changed files with 134 additions and 23 deletions
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -10,6 +10,13 @@ s3_bucket     = "k8s-terraform-state"

 cluster_name = "k8s-prod"

+tailscale_auth_key = "tskey-auth-..."
+tailscale_tailnet  = "yourtailnet.ts.net"
+
+restrict_api_ssh_to_tailnet = true
+tailnet_cidr                = "100.64.0.0/10"
+enable_nodeport_public      = false
+
 control_plane_count = 3
 control_plane_type  = "cx23"

@@ -18,6 +25,6 @@ worker_type  = "cx33"

 location = "nbg1"

-allowed_ssh_ips = ["0.0.0.0/0"]
+allowed_ssh_ips = []

-allowed_api_ips = ["0.0.0.0/0"]
+allowed_api_ips = []