fix: Reserve Tailscale service hostnames and tag exposed proxies

Reserve grafana/prometheus/flux alongside rancher during rebuild cleanup so stale tailnet devices do not force -1 hostnames. Tag the exposed Tailscale services so operator-managed proxies are provisioned with explicit prod/service tags from the tailnet policy.
2026-04-18 05:48:26 +00:00
parent ceefcc3b29
commit 68dbd2e5b7
5 changed files with 7 additions and 0 deletions
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -122,6 +122,9 @@
  vars:
    tailscale_reserved_hostnames:
      - rancher
+      - grafana
+      - prometheus
+      - flux

  roles:
    - tailscale-cleanup