HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Tailscale Kubernetes Operator for Grafana/Prometheus access
Some checks failed
Deploy Cluster / Ansible (push) Has been cancelled
Details
Deploy Cluster / Terraform (push) Has been cancelled
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-03-02 20:28:51 +00:00
parent 4f61a840c7
commit a0ed6523ec
6 changed files with 131 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/roles/observability/defaults/main.yml
View File

@@ -16,3 +16,7 @@ grafana_storage_class: "local-path"
loki_storage_class: "local-path"
loki_enabled: true
tailscale_oauth_client_id: ""
tailscale_oauth_client_secret: ""
tailscale_tailnet: ""

57
ansible/roles/observability/tasks/main.yml
View File

@@ -156,7 +156,61 @@
changed_when: true
when: loki_enabled
- name: Show observability access details
- name: Configure Grafana for Tailscale access
block:
- name: Patch Grafana service for Tailscale
command: >-
kubectl -n {{ observability_namespace }} patch svc kube-prometheus-stack-grafana
-p '{"metadata":{"annotations":{"tailscale.com/hostname":"grafana"}},"spec":{"type":"LoadBalancer","loadBalancerClass":"tailscale"}}'
register: grafana_patch
changed_when: true
- name: Patch Prometheus service for Tailscale
command: >-
kubectl -n {{ observability_namespace }} patch svc kube-prometheus-stack-prometheus
-p '{"metadata":{"annotations":{"tailscale.com/hostname":"prometheus"}},"spec":{"type":"LoadBalancer","loadBalancerClass":"tailscale"}}'
register: prometheus_patch
changed_when: true
- name: Wait for Tailscale to assign LoadBalancer IP (Grafana)
shell: >-
kubectl -n {{ observability_namespace }} get svc kube-prometheus-stack-grafana
-o jsonpath='{.status.loadBalancer.ingress[0].ip}'
register: grafana_lb_ip
until: grafana_lb_ip.stdout | length > 0
retries: 30
delay: 10
changed_when: false
- name: Wait for Tailscale to assign LoadBalancer IP (Prometheus)
shell: >-
kubectl -n {{ observability_namespace }} get svc kube-prometheus-stack-prometheus
-o jsonpath='{.status.loadBalancer.ingress[0].ip}'
register: prometheus_lb_ip
until: prometheus_lb_ip.stdout | length > 0
retries: 30
delay: 10
changed_when: false
- name: Show Tailscale access details
debug:
msg: |
Observability stack deployed with Tailscale access!
Grafana: http://grafana (or http://{{ grafana_lb_ip.stdout }})
Prometheus: http://prometheus (or http://{{ prometheus_lb_ip.stdout }})
Login: admin / {{ grafana_password_effective }}
Access via:
- MagicDNS: http://grafana or http://prometheus (if enabled)
- Direct IP: http://{{ grafana_lb_ip.stdout }} or http://{{ prometheus_lb_ip.stdout }}
- Tailnet FQDN: http://grafana.{{ tailscale_tailnet | default('tailnet.ts.net') }}
Note: Ensure Tailscale Kubernetes Operator is installed first
when: tailscale_oauth_client_id is defined and tailscale_oauth_client_id | length > 0
- name: Show observability access details (fallback)
debug:
msg: |
Observability stack deployed.
@@ -169,3 +223,4 @@
{% else %}
Loki: Disabled
{% endif %}
when: tailscale_oauth_client_id is not defined or tailscale_oauth_client_id | length == 0