Add xtal node metrics scrape

[claytono]

Expose xtal node_exporter through the Tailscale operator and add it to Prometheus scraping.

• Add the ExternalName service and ArgoCD ignore for the operator-managed externalName

• Allow k8s-tagged Tailscale clients to reach xtal on port 9100

[Copilot]

Pull request overview

This PR exposes xtal’s node_exporter metrics to the Kubernetes cluster via the Tailscale operator and adds a static Prometheus scrape target for it.

Changes:

• Adds a Tailscale ACL rule allowing tag:k8s clients to reach xtal on TCP/9100.
• Introduces an operator-managed ExternalName Service for xtal node_exporter and wires it into the tailscale-operator kustomization.
• Updates Prometheus static scrape config and ArgoCD ApplicationSet to ignore operator-managed externalName drift.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
opentofu/tailscale.tf	Adds ACL entry permitting k8s-tagged Tailscale clients to scrape xtal on port 9100.
kubernetes/tailscale-operator/xtal-node-exporter.yaml	New ExternalName Service intended to represent the xtal node_exporter endpoint.
kubernetes/tailscale-operator/kustomization.yaml	Includes the new Service manifest in the tailscale-operator deployment.
kubernetes/prometheus/config/prometheus.yml	Adds xtal-node-exporter Service DNS name as a Prometheus scrape target with an explicit instance label.
kubernetes/argocd/appset.yaml	Enables RespectIgnoreDifferences and ignores drift for the operator-managed Service.spec.externalName.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a5762b49-de83-4275-8600-e3b83ff513e3

📥 Commits

Reviewing files that changed from the base of the PR and between 02e1eb3 and 59e536b.

📒 Files selected for processing (5)

• kubernetes/argocd/appset.yaml
• kubernetes/prometheus/config/prometheus.yml
• kubernetes/tailscale-operator/kustomization.yaml
• kubernetes/tailscale-operator/xtal-node-exporter.yaml
• opentofu/tailscale.tf

✅ Files skipped from review due to trivial changes (1)

• kubernetes/tailscale-operator/kustomization.yaml

---

Walkthrough

Adds an ExternalName Service annotated for Tailscale, registers it in kustomize, adds a Prometheus scrape target, configures Argo CD to ignore externalName drift, and extends Tailscale ACLs to allow k8s access to the node exporter.

Changes

Xtal Node Exporter Monitoring via Tailscale

Layer / File(s)	Summary
ExternalName Service Definition and Deployment kubernetes/tailscale-operator/xtal-node-exporter.yaml, kubernetes/tailscale-operator/kustomization.yaml	New ExternalName Service xtal-node-exporter with tailscale.com/tailnet-fqdn: xtal.cow-banjo.ts.net, placeholder externalName, port metrics:9100, and added to kustomize resources.
Prometheus Scrape Target Configuration kubernetes/prometheus/config/prometheus.yml	Appended xtal-node-exporter.tailscale.svc.cluster.local:9100 to the node resources static_configs with label instance: xtal:9100.
ArgoCD Drift Handling for External Name kubernetes/argocd/appset.yaml	Set RespectIgnoreDifferences=true and added ignoreDifferences rule to ignore /spec/externalName on Services matching Tailscale tailnet annotations.
Tailscale Network ACL Authorization opentofu/tailscale.tf	Updated ACL comment and added ACL rule permitting tag:k8s sources to reach node_exporter at claytono@github:9100 over TCP.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• claytono/infra#719: Also modifies opentofu/tailscale.tf to add Tailscale ACL rules (different tag/target).
• claytono/infra#1032: Another PR updating tailscale_acl.main to authorize k8s/other tags to external services.
• claytono/infra#2008: Modifies tailscale_acl.main JSON; related by ACL resource edits.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add xtal node metrics scrape' clearly describes the main change: adding xtal node metrics to Prometheus scraping, which is the primary objective across all modified files.
Description check	✅ Passed	The description is directly related to the changeset, covering the key modifications: exposing xtal node_exporter through Tailscale operator, adding ArgoCD ignore rules, and enabling k8s clients to access the metrics port.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch xtal-node-metrics

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}