diff --git a/argocd/manifests/databases/README.md b/argocd/manifests/databases/README.md index 9bd005e..7696217 100644 --- a/argocd/manifests/databases/README.md +++ b/argocd/manifests/databases/README.md @@ -39,10 +39,12 @@ The `miniflux` user password is auto-generated by CloudNativePG and stored in `b After the cluster is healthy: ```bash -# Connect as eblume (same style as current brew pg) -# Uses same password as pg.tail8d86e.ts.net +# Connect via Tailscale (temporary hostname during migration) +psql -h k8s-pg.tail8d86e.ts.net -U eblume -W -d miniflux + +# Or with password from 1Password PGPASSWORD=$(op --vault blumeops item get guxu3j7ajhjyey6xxl2ovsl2ui --fields password --reveal) \ - psql -h -U eblume -d miniflux + psql -h k8s-pg.tail8d86e.ts.net -U eblume -d miniflux # Get miniflux app credentials (for applications) kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d @@ -53,7 +55,7 @@ kubectl -n databases get secret blumeops-pg-superuser -o jsonpath='{.data.passwo ### Connecting via kubectl port-forward -Until Tailscale exposure is configured: +Alternative if Tailscale service is unavailable: ```bash # Terminal 1: Port-forward to the primary @@ -80,12 +82,16 @@ kubectl -n databases get cluster blumeops-pg -o jsonpath='{.status.managedRolesS kubectl -n databases logs -l cnpg.io/cluster=blumeops-pg ``` -## Future: Tailscale Exposure +## Tailscale Exposure -The cluster is currently internal-only. In Phase 4, after miniflux migrates to k8s, -the `pg.tail8d86e.ts.net` Tailscale service will be pointed to this cluster. +### Current: Temporary Service -When exposed, you'll be able to connect with: -```bash -psql -h pg.tail8d86e.ts.net -U eblume -W -d miniflux -``` +`k8s-pg.tail8d86e.ts.net` - LoadBalancer service for testing during migration. + +### Phase 4: Production Service + +After miniflux migrates to k8s, the `pg.tail8d86e.ts.net` Tailscale service will switch +from brew PostgreSQL (indri) to this k8s cluster. At that point: +1. Delete `service-tailscale.yaml` (the `k8s-pg` service) +2. Update/create a service with `tailscale.com/hostname: "pg"` +3. Verify the orphaned `k8s-pg` device is removed from tailnet diff --git a/argocd/manifests/databases/kustomization.yaml b/argocd/manifests/databases/kustomization.yaml index 9e4ff0a..a115143 100644 --- a/argocd/manifests/databases/kustomization.yaml +++ b/argocd/manifests/databases/kustomization.yaml @@ -5,3 +5,4 @@ namespace: databases resources: - blumeops-pg.yaml + - service-tailscale.yaml diff --git a/argocd/manifests/databases/service-tailscale.yaml b/argocd/manifests/databases/service-tailscale.yaml new file mode 100644 index 0000000..ab69280 --- /dev/null +++ b/argocd/manifests/databases/service-tailscale.yaml @@ -0,0 +1,21 @@ +# Tailscale LoadBalancer for PostgreSQL access +# Temporary service for testing during migration (k8s-pg.tail8d86e.ts.net) +# Will be replaced by pg.tail8d86e.ts.net in Phase 4 +apiVersion: v1 +kind: Service +metadata: + name: blumeops-pg-tailscale + namespace: databases + annotations: + tailscale.com/hostname: "k8s-pg" +spec: + type: LoadBalancer + loadBalancerClass: tailscale + selector: + cnpg.io/cluster: blumeops-pg + role: primary + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP