From 2c28a3fc540910fbf6a59eb4abcb13fbd9a914f8 Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Wed, 21 Jan 2026 11:45:31 -0800
Subject: [PATCH] Update tailscale_serve for qemu2 API server address

The k8s API server is now at 192.168.105.2:6443 (inside qemu2 VM)
instead of localhost:44491 (old podman port mapping).

Note: TCP passthrough via tailscale svc:k8s is configured but
connection times out - may need admin console approval or debugging.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 ansible/roles/tailscale_serve/defaults/main.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/tailscale_serve/defaults/main.yml b/ansible/roles/tailscale_serve/defaults/main.yml
index a7b437f..e9c5970 100644
--- a/ansible/roles/tailscale_serve/defaults/main.yml
+++ b/ansible/roles/tailscale_serve/defaults/main.yml
@@ -24,9 +24,8 @@ tailscale_serve_services:
       upstream: http://localhost:5050
 
   # Kubernetes API server (TCP passthrough for mTLS)
-  # NOTE: Port is dynamic with podman driver - check with:
-  #   ssh indri "kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'"
+  # With qemu2 driver, API server is inside VM at 192.168.105.2:6443
   - name: svc:k8s
     tcp:
       port: 443
-      upstream: tcp://localhost:44491
+      upstream: tcp://192.168.105.2:6443