Erich Blume
5b464eaf60
- Add autoApprovers so ProxyGroup pods (tag:k8s) can auto-approve VIP service routes, as required by Tailscale multi-cluster Ingress docs - Revert Alloy endpoints from direct Tailscale Ingress back to Caddy (*.ops.eblu.me) to decouple observability from VIP routing - Update changelog to reflect final state Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
362 B
362 B
Restrict fly.io proxy ACLs to dedicated tag:flyio-target endpoints instead of broad tag:k8s and tag:homelab grants. Migrate all Tailscale Ingresses to a shared ProxyGroup with per-Ingress tag overrides (tag:flyio-target on docs, loki, prometheus). Add autoApprovers for VIP service routes. Enable --accept-routes on indri for ProxyGroup VIP routing.