Expose Kubernetes API as Tailscale service (Step 0.14) #27

Merged

eblume merged 1 commit from feature/k8s-tailscale-service into main

2026-01-18 12:49:21 -08:00

Author	SHA1	Message	Date
Erich Blume	32ef455280	Expose Kubernetes API as Tailscale service (Step 0.14) - Add tag:k8s-api to Pulumi ACLs and indri device tags - Configure tailscale serve with TCP passthrough for k8s API - Update minikube role to use k8s.tail8d86e.ts.net in cert SANs - Add apiserver_port config (internal port 6443, dynamic host port) - Document Step 0.14 in k8s-migration plan The k8s API is now accessible at https://k8s.tail8d86e.ts.net using TCP passthrough to preserve mTLS authentication. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-18 12:48:33 -08:00

Author

SHA1

Message

Date

Erich Blume

32ef455280

Expose Kubernetes API as Tailscale service (Step 0.14)

- Add tag:k8s-api to Pulumi ACLs and indri device tags
- Configure tailscale serve with TCP passthrough for k8s API
- Update minikube role to use k8s.tail8d86e.ts.net in cert SANs
- Add apiserver_port config (internal port 6443, dynamic host port)
- Document Step 0.14 in k8s-migration plan

The k8s API is now accessible at https://k8s.tail8d86e.ts.net using
TCP passthrough to preserve mTLS authentication.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-18 12:48:33 -08:00