Fix Rancher access: add Tailscale service for Traefik with port 9442, fix deployment order

2026-03-24 19:40:37 +00:00
parent ecf17113fb
commit 47b384a337
5 changed files with 37 additions and 11 deletions
--- a/infrastructure/addons/flux-ui/traefik-helmchartconfig-flux-entrypoint.yaml
+++ b/infrastructure/addons/flux-ui/traefik-helmchartconfig-flux-entrypoint.yaml
@@ -1,9 +0,0 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChartConfig
-metadata:
-  name: traefik
-  namespace: kube-system
-spec:
-  valuesContent: |-
-    additionalArguments:
-      - "--entryPoints.flux.address=:9001/tcp"
--- a/infrastructure/addons/kustomization-traefik-config.yaml
+++ b/infrastructure/addons/kustomization-traefik-config.yaml
@@ -13,3 +13,6 @@ spec:
  wait: true
  timeout: 5m
  suspend: false
+  dependsOn:
+    - name: addon-tailscale-operator
+    - name: addon-tailscale-proxyclass
--- a/infrastructure/addons/kustomization.yaml
+++ b/infrastructure/addons/kustomization.yaml
@@ -3,11 +3,11 @@ kind: Kustomization
 resources:
  - kustomization-ccm.yaml
  - kustomization-csi.yaml
-  - kustomization-traefik-config.yaml
  - kustomization-external-secrets.yaml
-  - kustomization-flux-ui.yaml
  - kustomization-tailscale-operator.yaml
  - kustomization-tailscale-proxyclass.yaml
+  - kustomization-traefik-config.yaml
+  - kustomization-flux-ui.yaml
  - kustomization-observability.yaml
  - kustomization-observability-content.yaml
  - kustomization-rancher.yaml
--- a/infrastructure/addons/traefik-config/kustomization.yaml
+++ b/infrastructure/addons/traefik-config/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - helmchartconfig-traefik.yaml
+  - service-traefik-tailscale.yaml
--- a/infrastructure/addons/traefik-config/service-traefik-tailscale.yaml
+++ b/infrastructure/addons/traefik-config/service-traefik-tailscale.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-tailscale
+  namespace: kube-system
+  annotations:
+    tailscale.com/hostname: k8s-cluster-cp-1
+    tailscale.com/proxy-class: infra-stable
+spec:
+  type: LoadBalancer
+  loadBalancerClass: tailscale
+  selector:
+    app.kubernetes.io/instance: traefik-kube-system
+    app.kubernetes.io/name: traefik
+  ports:
+    - name: web
+      port: 80
+      protocol: TCP
+      targetPort: web
+    - name: websecure
+      port: 443
+      protocol: TCP
+      targetPort: websecure
+    - name: flux
+      port: 9001
+      protocol: TCP
+      targetPort: 9001
+    - name: rancher
+      port: 9442
+      protocol: TCP
+      targetPort: 9442