HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d339b3163d73b49a76dee1ebb0f9f3c7339fb09
HetznerTerra/ansible/roles/private-access/tasks/main.yml
MichaelFisher1997 89c2c99963
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m21s
Details
Deploy Cluster / Ansible (push) Successful in 9m2s
Details
Fix Rancher: remove conflicting LoadBalancer, add HTTPS port-forward, use tailscale serve only
2026-03-25 00:59:16 +00:00

87 lines
2.9 KiB
YAML
Raw Blame History

---
- name: Create systemd unit for Grafana private access
template:
src: kubectl-port-forward.service.j2
dest: /etc/systemd/system/k8s-portforward-grafana.service
mode: "0644"
vars:
unit_description: Port-forward Grafana for Tailscale access
unit_namespace: observability
unit_target: svc/observability-kube-prometheus-stack-grafana
unit_local_port: 13080
unit_remote_port: 80
- name: Create systemd unit for Prometheus private access
template:
src: kubectl-port-forward.service.j2
dest: /etc/systemd/system/k8s-portforward-prometheus.service
mode: "0644"
vars:
unit_description: Port-forward Prometheus for Tailscale access
unit_namespace: observability
unit_target: svc/observability-kube-prometh-prometheus
unit_local_port: 19090
unit_remote_port: 9090
- name: Create systemd unit for Flux UI private access
template:
src: kubectl-port-forward.service.j2
dest: /etc/systemd/system/k8s-portforward-flux-ui.service
mode: "0644"
vars:
unit_description: Port-forward Flux UI for Tailscale access
unit_namespace: flux-system
unit_target: svc/flux-system-weave-gitops
unit_local_port: 19001
unit_remote_port: 9001
- name: Create systemd unit for Rancher HTTP private access
template:
src: kubectl-port-forward.service.j2
dest: /etc/systemd/system/k8s-portforward-rancher.service
mode: "0644"
vars:
unit_description: Port-forward Rancher HTTP for Tailscale access
unit_namespace: cattle-system
unit_target: svc/cattle-system-rancher
unit_local_port: 19442
unit_remote_port: 80
- name: Create systemd unit for Rancher HTTPS private access
template:
src: kubectl-port-forward.service.j2
dest: /etc/systemd/system/k8s-portforward-rancher-https.service
mode: "0644"
vars:
unit_description: Port-forward Rancher HTTPS for Tailscale access
unit_namespace: cattle-system
unit_target: svc/cattle-system-rancher
unit_local_port: 19443
unit_remote_port: 443
- name: Reload systemd
systemd:
daemon_reload: true
- name: Enable and start private access port-forward services
systemd:
name: "{{ item }}"
enabled: true
state: started
loop:
- k8s-portforward-grafana.service
- k8s-portforward-prometheus.service
- k8s-portforward-flux-ui.service
- k8s-portforward-rancher.service
- k8s-portforward-rancher-https.service
- name: Configure Tailscale Serve for private access endpoints
shell: >-
tailscale serve reset &&
tailscale serve --bg --tcp={{ private_access_grafana_port }} tcp://127.0.0.1:13080 &&
tailscale serve --bg --tcp={{ private_access_prometheus_port }} tcp://127.0.0.1:19090 &&
tailscale serve --bg --tcp={{ private_access_flux_port }} tcp://127.0.0.1:19001 &&
tailscale serve --bg --tcp={{ private_access_rancher_port }} tcp://127.0.0.1:19442 &&
tailscale serve --bg --tcp=9443 tcp://127.0.0.1:19443
changed_when: true
Reference in New Issue View Git Blame Copy Permalink