use a random suffix for ha proxy name

clstokes · clstokes · commit ea8dc027ca05 · 2025-12-22T16:16:36.000-08:00
diff --git a/terraform/aws/aws-eks-operator/README.md b/terraform/aws/aws-eks-operator/README.md
@@ -76,7 +76,7 @@ kubectl get pods -n tailscale
 ```shell
 terraform destroy
 
-# remove leftover Tailscale devices at https://login.tailscale.com/admin/machines
+# remove leftover Tailscale devices at https://login.tailscale.com/admin/machines and services at https://login.tailscale.com/admin/services
 ```
 
 ## Limitations
diff --git a/terraform/aws/aws-eks-operator/main.tf b/terraform/aws/aws-eks-operator/main.tf
@@ -18,10 +18,20 @@ locals {
 
   # Tailscale Operator configuration
   namespace_name                = "tailscale"
-  operator_name                 = local.name
+  operator_name                 = "${local.name}-${random_string.operator_name_suffix.result}"
   operator_version              = "1.92.4"
   tailscale_oauth_client_id     = var.tailscale_oauth_client_id
   tailscale_oauth_client_secret = var.tailscale_oauth_client_secret
+
+  ha_proxy_service_name = "${helm_release.tailscale_operator.name}-ha"
+}
+
+# This isn't required but helps avoid Let's Encrypt throttling to make testing and iterating easier.
+resource "random_string" "operator_name_suffix" {
+  length  = 3
+  numeric = false
+  special = false
+  upper   = false
 }
 
 # Remove this to use your own VPC.
@@ -39,6 +49,8 @@ module "eks" {
   name               = local.name
   kubernetes_version = local.cluster_version
 
+  tags = local.aws_tags
+
   addons = {
     coredns = {}
     eks-pod-identity-agent = {
@@ -62,16 +74,14 @@ module "eks" {
 
   eks_managed_node_groups = {
     main = {
-      name           = local.name
+      name           = "${substr(local.name, 0, 20)}"
       instance_types = [local.node_instance_type]
 
       desired_size = local.desired_size
       max_size     = local.max_size
       min_size     = local.min_size
     }
   }
-
-  tags = local.aws_tags
 }
 
 resource "kubernetes_namespace_v1" "tailscale_operator" {
@@ -136,10 +146,10 @@ resource "helm_release" "tailscale_operator" {
 resource "null_resource" "kubectl_ha_proxy" {
   count = 1 # Change to 0 to destroy. Commenting or removing the resource will not run the destroy provisioners.
   triggers = {
-    region        = data.aws_region.current.region
-    cluster_arn   = module.eks.cluster_arn
-    cluster_name  = module.eks.cluster_name
-    operator_name = helm_release.tailscale_operator.name
+    region                = data.aws_region.current.region
+    cluster_arn           = module.eks.cluster_arn
+    cluster_name          = module.eks.cluster_name
+    ha_proxy_service_name = local.ha_proxy_service_name
   }
 
   #
@@ -149,7 +159,7 @@ resource "null_resource" "kubectl_ha_proxy" {
     command = "aws eks update-kubeconfig --region ${self.triggers.region} --name ${self.triggers.cluster_name}"
   }
   provisioner "local-exec" {
-    command = "OPERATOR_NAME=${self.triggers.operator_name} envsubst < ${path.module}/tailscale-api-server-ha-proxy.yaml | kubectl apply --context=${self.triggers.cluster_arn} -f -"
+    command = "HA_PROXY_SERVICE_NAME=${self.triggers.ha_proxy_service_name} envsubst < ${path.module}/tailscale-api-server-ha-proxy.yaml | kubectl apply --context=${self.triggers.cluster_arn} -f -"
   }
 
   #
@@ -161,7 +171,7 @@ resource "null_resource" "kubectl_ha_proxy" {
   }
   provisioner "local-exec" {
     when    = destroy
-    command = "OPERATOR_NAME=${self.triggers.operator_name} envsubst < ${path.module}/tailscale-api-server-ha-proxy.yaml | kubectl delete --context=${self.triggers.cluster_arn} -f -"
+    command = "HA_PROXY_SERVICE_NAME=${self.triggers.ha_proxy_service_name} envsubst < ${path.module}/tailscale-api-server-ha-proxy.yaml | kubectl delete --context=${self.triggers.cluster_arn} -f -"
   }
 
   depends_on = [
diff --git a/terraform/aws/aws-eks-operator/tailscale-api-server-ha-proxy.yaml b/terraform/aws/aws-eks-operator/tailscale-api-server-ha-proxy.yaml
@@ -2,7 +2,7 @@
 apiVersion: tailscale.com/v1alpha1
 kind: ProxyGroup
 metadata:
-    name: ${OPERATOR_NAME}-ha
+    name: ${HA_PROXY_SERVICE_NAME}
 spec:
     type: kube-apiserver
     replicas: 2
diff --git a/terraform/aws/aws-eks-operator/versions.tf b/terraform/aws/aws-eks-operator/versions.tf
@@ -6,18 +6,22 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 6.0, < 7.0"
     }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 3.0.1, < 4.0"
-    }
     helm = {
       source  = "hashicorp/helm"
       version = ">= 3.1.1, < 4.0"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 3.0.1, < 4.0"
+    }
     null = {
       source  = "hashicorp/null"
       version = ">= 3.2.0, < 4.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0, < 4.0"
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -6,18 +6,22 @@ terraform {`
`6`	`6`	`source = "hashicorp/aws"`
`7`	`7`	`version = ">= 6.0, < 7.0"`
`8`	`8`	`}`
`9`		`- kubernetes = {`
`10`		`- source = "hashicorp/kubernetes"`
`11`		`- version = ">= 3.0.1, < 4.0"`
`12`		`- }`
`13`	`9`	`helm = {`
`14`	`10`	`source = "hashicorp/helm"`
`15`	`11`	`version = ">= 3.1.1, < 4.0"`
`16`	`12`	`}`
	`13`	`+ kubernetes = {`
	`14`	`+ source = "hashicorp/kubernetes"`
	`15`	`+ version = ">= 3.0.1, < 4.0"`
	`16`	`+ }`
`17`	`17`	`null = {`
`18`	`18`	`source = "hashicorp/null"`
`19`	`19`	`version = ">= 3.2.0, < 4.0"`
`20`	`20`	`}`
	`21`	`+ random = {`
	`22`	`+ source = "hashicorp/random"`
	`23`	`+ version = ">= 3.0, < 4.0"`
	`24`	`+ }`
`21`	`25`	`}`
`22`	`26`	`}`
`23`	`27`