fix: Align Rancher tailnet hostname with live proxy

README.md

@@ -241,7 +241,7 @@ Terraform/bootstrap secrets remain in Gitea Actions secrets and are not managed
 
 ### Rancher access
 
-- Rancher is private-only and exposed through Tailscale at `https://rancher.silverside-gopher.ts.net/dashboard/`.
+- Rancher is private-only and exposed through Tailscale at `https://rancher-1.silverside-gopher.ts.net/dashboard/`.
 - The public Hetzner load balancer path is not used for Rancher.
 - Rancher uses the CNPG-backed PostgreSQL cluster in `cnpg-cluster`.
 

STABLE_BASELINE.md

@@ -9,7 +9,7 @@ This document defines the current engineering target for this repository.
 - Hetzner Load Balancer for Kubernetes API
 - private Hetzner network
 - Tailscale operator access
-- Rancher UI exposed only through Tailscale
+- Rancher UI exposed only through Tailscale (`rancher-1.silverside-gopher.ts.net`)
 
 ## In Scope
 

infrastructure/addons/rancher-config/server-url-setting.yaml

@@ -2,4 +2,4 @@ apiVersion: management.cattle.io/v3
 kind: Setting
 metadata:
   name: server-url
-value: https://rancher.silverside-gopher.ts.net
+value: https://rancher-1.silverside-gopher.ts.net

infrastructure/addons/rancher/rancher-tailscale-service.yaml

@@ -4,7 +4,7 @@ metadata:
   name: rancher-tailscale
   namespace: cattle-system
   annotations:
-    tailscale.com/hostname: rancher
+    tailscale.com/hostname: rancher-1
     tailscale.com/proxy-class: infra-stable
 spec:
   type: LoadBalancer
@@ -19,4 +19,4 @@ spec:
     - name: https
       port: 443
       protocol: TCP
-      targetPort: 444
+      targetPort: 443