HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: automate private tailnet access on cp1
All checks were successful
Deploy Cluster / Terraform (push) Successful in 47s
Details
Deploy Cluster / Ansible (push) Successful in 9m45s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-03-08 04:16:06 +00:00
parent 7c15ac5846
commit f95e0051a5
4 changed files with 88 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -229,11 +229,13 @@ Grafana and Prometheus are exposed through a single Tailscale front door backed
### Access Grafana and Prometheus
Preferred (when Tailscale Operator is healthy):
Preferred private access:
- Grafana: `http://observability/grafana/` (or `http://observability.<your-tailnet>/grafana/`)
- Prometheus: `http://observability/prometheus/` (or `http://observability.<your-tailnet>/prometheus/`)
- Flux UI: `http://observability:9001/` (or `http://observability.<your-tailnet>:9001/`)
- Grafana: `http://k8s-cluster-cp-1.<your-tailnet>:30080/`
- Prometheus: `http://k8s-cluster-cp-1.<your-tailnet>:30990/`
- Flux UI: `http://k8s-cluster-cp-1.<your-tailnet>:30901/`
This access path is bootstrapped automatically by Ansible on `control_plane[0]` using persistent `kubectl port-forward` systemd services plus `tailscale serve`, so it survives cluster rebuilds.
Fallback (port-forward from a tailnet-connected machine):