feat: route observability through one tailscale endpoint

2026-03-07 01:04:03 +00:00
parent be04602bfb
commit 4c104f74e8
6 changed files with 71 additions and 13 deletions
--- a/infrastructure/addons/observability/grafana-ingress.yaml
+++ b/infrastructure/addons/observability/grafana-ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: observability
+spec:
+  ingressClassName: traefik
+  rules:
+    - http:
+        paths:
+          - path: /grafana
+            pathType: Prefix
+            backend:
+              service:
+                name: observability-kube-prometheus-stack-grafana
+                port:
+                  number: 80
--- a/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml
+++ b/infrastructure/addons/observability/helmrelease-kube-prometheus-stack.yaml
@@ -24,16 +24,16 @@ spec:
  values:
    grafana:
      enabled: true
+      grafana.ini:
+        server:
+          root_url: http://observability/grafana/
+          serve_from_sub_path: true
      persistence:
        enabled: true
        storageClassName: local-path
        size: 5Gi
      service:
-        type: LoadBalancer
-        loadBalancerClass: tailscale
-        annotations:
-          tailscale.com/hostname: grafana
-          tailscale.com/proxy-class: infra-stable
+        type: ClusterIP
      sidecar:
        datasources:
          enabled: true
@@ -45,12 +45,10 @@ spec:
          searchNamespace: observability
    prometheus:
      service:
-        type: LoadBalancer
-        loadBalancerClass: tailscale
-        annotations:
-          tailscale.com/hostname: prometheus
-          tailscale.com/proxy-class: infra-stable
+        type: ClusterIP
      prometheusSpec:
+        externalUrl: http://observability/prometheus/
+        routePrefix: /prometheus/
        retention: 7d
        storageSpec:
          volumeClaimTemplate:
--- a/infrastructure/addons/observability/kustomization.yaml
+++ b/infrastructure/addons/observability/kustomization.yaml
@@ -2,6 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
+  - traefik-tailscale-service.yaml
+  - grafana-ingress.yaml
+  - prometheus-ingress.yaml
  - helmrepository-prometheus-community.yaml
  - helmrepository-grafana.yaml
  - helmrelease-kube-prometheus-stack.yaml
--- a/infrastructure/addons/observability/prometheus-ingress.yaml
+++ b/infrastructure/addons/observability/prometheus-ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prometheus
+  namespace: observability
+spec:
+  ingressClassName: traefik
+  rules:
+    - http:
+        paths:
+          - path: /prometheus
+            pathType: Prefix
+            backend:
+              service:
+                name: observability-kube-prometh-prometheus
+                port:
+                  number: 9090
--- a/infrastructure/addons/observability/traefik-tailscale-service.yaml
+++ b/infrastructure/addons/observability/traefik-tailscale-service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-tailscale
+  namespace: kube-system
+  annotations:
+    tailscale.com/hostname: observability
+    tailscale.com/proxy-class: infra-stable
+spec:
+  type: LoadBalancer
+  loadBalancerClass: tailscale
+  selector:
+    app.kubernetes.io/instance: traefik-kube-system
+    app.kubernetes.io/name: traefik
+  ports:
+    - name: web
+      port: 80
+      protocol: TCP
+      targetPort: web
+    - name: websecure
+      port: 443
+      protocol: TCP
+      targetPort: websecure