refactor: move tailscale join fully into cloud-init

Remove guest-agent enrollment workflow, pass TS auth key through Terraform variables/secrets, and run tailscale up with tag:k8s during cloud-init bootstrap alongside SSH key injection.
2026-02-28 13:13:34 +00:00
parent c87bb16f10
commit 8887a8bb87
6 changed files with 14 additions and 175 deletions
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -71,3 +71,9 @@ variable "SSH_KEY_PUBLIC" {
  type        = string
  description = "Public SSH key injected via cloud-init"
 }
+
+variable "TS_AUTHKEY" {
+  type        = string
+  sensitive   = true
+  description = "Tailscale auth key used during cloud-init enrollment"
+}