arillso.container.tailscale role – Manage Tailscale Kubernetes resources

Note

This role is part of the arillso.container collection (version 1.0.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install arillso.container.

To use it in a playbook, specify: arillso.container.tailscale.

Entry point main – Manage Tailscale Kubernetes resources

Synopsis

  • Manages Tailscale ProxyGroups (ingress, egress, kube-apiserver) in Kubernetes

  • Manages Ingress Services (LoadBalancer, Ingress) for exposing services to Tailnet

  • Manages Egress Services for accessing Tailnet resources from Kubernetes

  • Supports FQDN and IP-based access for egress services

Parameters

Parameter

Comments

tailscale_egress_services

list / elements=dictionary

List of Tailscale Egress Services (FQDN or IP-based)

Default: []

fqdn

string

Target FQDN in Tailscale network (mutually exclusive with ip)

ip

string

Target IP in Tailscale network (mutually exclusive with fqdn)

name

string / required

Name of the Egress Service

namespace

string / required

Namespace for the Service

ports

list / elements=dictionary / required

List of ports to forward

name

string / required

Port name

port

integer / required

Port number

protocol

string

Protocol type

Choices:

  • "TCP" ← (default)

  • "UDP"

proxy_group

string / required

ProxyGroup to use for egress

tailscale_ingress_services

list / elements=dictionary

List of Tailscale Ingress Services (LoadBalancer or Ingress)

Default: []

default_backend

dictionary

Default backend for Ingress

hostname

string

Custom hostname for the service

name

string / required

Name of the Ingress Service

namespace

string / required

Namespace for the Service

ports

list / elements=dictionary / required

List of ports to expose

name

string / required

Port name

port

integer / required

Port number

protocol

string

Protocol type

Choices:

  • "TCP" ← (default)

  • "UDP"

targetPort

integer

Target port on pods

proxy_group

string

ProxyGroup to use for ingress

rules

list / elements=dictionary

Ingress rules

selector

dictionary

Label selector for LoadBalancer service

tls

list / elements=dictionary

TLS configuration for Ingress

type

string

Service type (LoadBalancer or Ingress)

Choices:

  • "loadbalancer" ← (default)

  • "ingress"

tailscale_kubeconfig_path

string

Path to kubeconfig file for cluster access

Default: "/etc/rancher/k3s/k3s.yaml"

tailscale_proxygroups

list / elements=dictionary

List of Tailscale ProxyGroups (all three types supported)

Default: []

hostname_prefix

string

Hostname prefix for the ProxyGroup

kube_apiserver

dictionary

Kube-APIServer specific configuration (only for type kube-apiserver)

mode

string

Authentication mode for API server access

Choices:

  • "auth" ← (default)

  • "noauth"

name

string / required

Name of the ProxyGroup

namespace

string

Namespace for the ProxyGroup

Default: "default"

replicas

integer

Number of proxy replicas

Default: 1

tags

list / elements=string / required

Tailscale tags for the ProxyGroup

type

string / required

ProxyGroup type

Choices:

  • "ingress"

  • "egress"

  • "kube-apiserver"

tailscale_state

string

State of Tailscale resources (present or absent)

Choices:

  • "present" ← (default)

  • "absent"

Authors

  • Simon Bärlocher