diff --git a/ansible/roles/private-access/tasks/main.yml b/ansible/roles/private-access/tasks/main.yml index 9c01325..8485cb4 100644 --- a/ansible/roles/private-access/tasks/main.yml +++ b/ansible/roles/private-access/tasks/main.yml @@ -35,18 +35,30 @@ unit_local_port: 19001 unit_remote_port: 9001 -- name: Create systemd unit for Rancher private access +- name: Create systemd unit for Rancher HTTP private access template: src: kubectl-port-forward.service.j2 dest: /etc/systemd/system/k8s-portforward-rancher.service mode: "0644" vars: - unit_description: Port-forward Rancher for Tailscale access + unit_description: Port-forward Rancher HTTP for Tailscale access unit_namespace: cattle-system unit_target: svc/cattle-system-rancher unit_local_port: 19442 unit_remote_port: 80 +- name: Create systemd unit for Rancher HTTPS private access + template: + src: kubectl-port-forward.service.j2 + dest: /etc/systemd/system/k8s-portforward-rancher-https.service + mode: "0644" + vars: + unit_description: Port-forward Rancher HTTPS for Tailscale access + unit_namespace: cattle-system + unit_target: svc/cattle-system-rancher + unit_local_port: 19443 + unit_remote_port: 443 + - name: Reload systemd systemd: daemon_reload: true @@ -61,6 +73,7 @@ - k8s-portforward-prometheus.service - k8s-portforward-flux-ui.service - k8s-portforward-rancher.service + - k8s-portforward-rancher-https.service - name: Configure Tailscale Serve for private access endpoints shell: >- @@ -68,5 +81,6 @@ tailscale serve --bg --tcp={{ private_access_grafana_port }} tcp://127.0.0.1:13080 && tailscale serve --bg --tcp={{ private_access_prometheus_port }} tcp://127.0.0.1:19090 && tailscale serve --bg --tcp={{ private_access_flux_port }} tcp://127.0.0.1:19001 && - tailscale serve --bg --tcp={{ private_access_rancher_port }} tcp://127.0.0.1:19442 + tailscale serve --bg --tcp={{ private_access_rancher_port }} tcp://127.0.0.1:19442 && + tailscale serve --bg --tcp=9443 tcp://127.0.0.1:19443 changed_when: true diff --git a/infrastructure/addons/rancher/helmrelease-rancher.yaml b/infrastructure/addons/rancher/helmrelease-rancher.yaml index fce1ea1..a42fcbb 100644 --- a/infrastructure/addons/rancher/helmrelease-rancher.yaml +++ b/infrastructure/addons/rancher/helmrelease-rancher.yaml @@ -22,11 +22,9 @@ spec: remediation: retries: 3 values: - hostname: k8s-cluster-cp-1.silverside-gopher.ts.net + hostname: k8s-cluster-cp-1-1.silverside-gopher.ts.net tls: external replicas: 1 - bootstrapPassword: "" - existingSecret: rancher-bootstrap-password extraEnv: - name: CATTLE_PROMETHEUS_METRICS value: "true" diff --git a/infrastructure/addons/rancher/kustomization.yaml b/infrastructure/addons/rancher/kustomization.yaml index 7f586fe..b7ec6d8 100644 --- a/infrastructure/addons/rancher/kustomization.yaml +++ b/infrastructure/addons/rancher/kustomization.yaml @@ -4,5 +4,4 @@ resources: - namespace.yaml - helmrepository-rancher.yaml - helmrelease-rancher.yaml - - service-rancher-tailscale.yaml - rancher-bootstrap-password-externalsecret.yaml diff --git a/infrastructure/addons/rancher/service-rancher-tailscale.yaml b/infrastructure/addons/rancher/service-rancher-tailscale.yaml deleted file mode 100644 index cea0675..0000000 --- a/infrastructure/addons/rancher/service-rancher-tailscale.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: rancher-tailscale - namespace: cattle-system - annotations: - tailscale.com/hostname: k8s-cluster-cp-1-rancher - tailscale.com/proxy-class: infra-stable -spec: - type: LoadBalancer - loadBalancerClass: tailscale - selector: - app: cattle-system-rancher - ports: - - name: https - port: 443 - protocol: TCP - targetPort: 444