Cluster Access

Cluster Access

Access patterns for the current GloriousFlywheel on-prem target.

The preferred operator model is:

  • direct or tailnet-private kubeconfig access to the honey cluster
  • no new public Kubernetes API path
  • no new public management SSH path

Current On-Prem Target

  • physical cluster: honey
  • primary kubeconfig: ~/.kube/kubeconfig-honey.yaml
  • primary context: honey
  • API server: https://100.113.89.12:6443

Node-role hosts inside that cluster footprint:

  • honey tailnet IP: 100.113.89.12
  • bumble tailnet IP: 100.88.101.107
  • sting tailnet IP: 100.85.46.118

Direct Kubeconfig

export KUBECONFIG=~/.kube/kubeconfig-honey.yaml
export KUBE_CONTEXT=honey
kubectl --context honey get nodes -o wide

This is the primary local operator path for GloriousFlywheel.

Tailnet Access

Tailnet or MagicDNS access is the preferred remote operator path.

Current private-service examples:

  • grafana-observability.taila4c78d.ts.net:3000
  • loki-observability.taila4c78d.ts.net:3100
  • tempo-observability.taila4c78d.ts.net:3200
  • otlp-observability-grpc.taila4c78d.ts.net:4317
  • bazel-cache-grpc.taila4c78d.ts.net:9092

SSH Tunnel / SOCKS Proxy

When only SSH access to a jump host is available, use this as a compatibility path rather than the preferred operator model.

ssh -fN -D 1080 honey@100.113.89.12
export HTTPS_PROXY=socks5h://localhost:1080
kubectl --context honey get pods -n runner-dashboard

Direct tailnet SSH is preferred when available:

ssh honey@100.113.89.12
ssh bumble@100.88.101.107
ssh sting@100.85.46.118

GitLab Agent (Legacy Compatibility)

The GitLab Kubernetes Agent can still exist as a compatibility access path for GitLab-oriented surfaces, but it is not the preferred GloriousFlywheel deployment model anymore.

Civo Compatibility (decommissioned April 2026)

The Civo cluster and its compatibility context (tinyland-civo-dev) have been decommissioned. No Civo-based access path is available.

Public Management Paths

Do not add:

  • a public Kubernetes API for the on-prem cluster
  • a new public bastion as the normal operator path
  • a public replacement for the current tailnet-first observability and cache services

Access Pattern Summary

Pattern Use Case Requires
Direct kubeconfig Preferred local operator path Reachability to honey API
Tailnet / MagicDNS Preferred remote operator path Tailnet access
SSH tunnel Compatibility path SSH access to jump host
GitLab Agent Legacy compatibility path Agent installed on cluster
tinyland-civo-dev Decommissioned (April 2026)

GloriousFlywheel