Allow forrest to access internal services
This is mostly for monitoring
This commit is contained in:
@ -6,3 +6,30 @@
|
||||
|
||||
- name: Prometheus
|
||||
include_tasks: prometheus.yml
|
||||
|
||||
- name: Get routes
|
||||
command:
|
||||
argv:
|
||||
- ip
|
||||
- -6
|
||||
- route
|
||||
- show
|
||||
- "{{ vps_hosts.private_ipv6_range }}"
|
||||
register: routes
|
||||
changed_when: false
|
||||
become: true
|
||||
|
||||
- name: Add route to private services via ingress
|
||||
command:
|
||||
argv:
|
||||
- ip
|
||||
- -6
|
||||
- route
|
||||
- add
|
||||
- "{{ vps_hosts.private_ipv6_range }}"
|
||||
- via
|
||||
- "{{ pve_hosts.ingress.link_local }}"
|
||||
- dev
|
||||
- eth0
|
||||
become: true
|
||||
when: vps_hosts.private_ipv6_marker not in routes.stdout
|
||||
|
@ -14,6 +14,7 @@ http:
|
||||
sourceRange:
|
||||
- "{{ tailscale_cidr }}"
|
||||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ pve_hosts.forrest.ip }}"
|
||||
|
||||
private-access:
|
||||
ipWhiteList:
|
||||
|
Reference in New Issue
Block a user