From 48870433bfa1c9622d19492a48d1924ba3b26fb5 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sun, 29 Mar 2026 22:19:23 +0000
Subject: [PATCH] fix: Remove tls:external from Rancher HelmRelease

With Tailscale LoadBalancer, TLS is not actually terminated at the edge.
The Tailscale proxy does TCP passthrough, so Rancher must serve its own
TLS certs. Setting tls: external caused Rancher to listen HTTP-only,
which broke HTTPS access through Tailscale.
---
 infrastructure/addons/rancher/helmrelease-rancher.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/infrastructure/addons/rancher/helmrelease-rancher.yaml b/infrastructure/addons/rancher/helmrelease-rancher.yaml
index 4627f2a..4fbb59f 100644
--- a/infrastructure/addons/rancher/helmrelease-rancher.yaml
+++ b/infrastructure/addons/rancher/helmrelease-rancher.yaml
@@ -23,7 +23,6 @@ spec:
       retries: 3
   values:
     hostname: rancher.silverside-gopher.ts.net
-    tls: external
     replicas: 1
     extraEnv:
       - name: CATTLE_PROMETHEUS_METRICS