remove allowed users; configure magic dns and dns servers to advertise; set prometheus monitoring annotations[ci skip]

modules/kubernetes/headscale/config.yaml

@@ -210,7 +210,8 @@ dns_config:
 
   # List of DNS servers to expose to clients.
   nameservers:
-    - 1.1.1.1
+    - "10.0.20.101"
+    - "1.1.1.1"
 
   # NextDNS (see https://tailscale.com/kb/1218/nextdns/).
   # "abc123" is example NextDNS ID, replace with yours.
@@ -235,7 +236,7 @@ dns_config:
   #     - 8.8.8.8
 
   # Search domains to inject.
-  domains: []
+  domains: ["viktorbarzin.lan"]
 
   # Extra DNS records
   # so far only A-records are supported (on the tailscale side)
@@ -256,7 +257,7 @@ dns_config:
   # `base_domain` must be a FQDNs, without the trailing dot.
   # The FQDN of the hosts will be
   # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
-  base_domain: example.com
+  base_domain: viktorbarzin.lan
 
 # Unix socket used for the CLI to connect without authentication
 # Note: for production you will want to set this to something like:

modules/kubernetes/headscale/main.tf

@@ -28,6 +28,9 @@ resource "kubernetes_deployment" "headscale" {
   }
   spec {
     replicas = 1
+    strategy {
+      type = "Recreate"
+    }
     selector {
       match_labels = {
         app = "headscale"
@@ -100,6 +103,10 @@ resource "kubernetes_service" "headscale" {
     labels = {
       "app" = "headscale"
     }
+    annotations = {
+      "prometheus.io/scrape" = "true"
+      "prometheus.io/port"   = "9090"
+    }
     # annotations = {
     #   "metallb.universe.tf/allow-shared-ip" : "shared"
     # }

upgrade-k8s.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+VERSION=$1
+
+sudo apt update
+sudo apt upgrade kubeadm=$1