2.2 KiB
2.2 KiB
Kestra Deployment
GitOps deployment for Kestra with Tailscale HTTPS access and route acceptance.
Prerequisites
PostgreSQL Database
Connect to your PostgreSQL server and create the database:
CREATE DATABASE kestra;
CREATE USER kestra WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE kestra TO kestra;
ALTER DATABASE kestra OWNER TO kestra;
Host Configuration
Download Tailscale serve configuration to /opt/kestra (first time only):
sudo mkdir -p /opt/kestra/tailscale
sudo curl -o /opt/kestra/tailscale/serve-config.json https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/serve-config.json
Deployment
- Create a new stack in Portainer
- Select "Repository" and point to this repository
- Portainer will load
stack.envautomatically - Override sensitive values (
CHANGE_ME) in the environment variables section:TS_AUTHKEY- Tailscale auth key (reusable recommended)DB_PASSWORD- PostgreSQL passwordKESTRA_ADMIN_PASSWORD- Kestra admin password (min 8 chars, uppercase + number)
- Deploy
Features
- Tailscale Sidecar: HTTPS access via Tailscale with automatic certificate management
- Route Acceptance:
--accept-routesenabled to reach other services on the tailnet - PostgreSQL Backend: External PostgreSQL for persistent storage and queue
- Docker-in-Docker: Socket mounted for running containerized tasks
- Inline Configuration: Uses
KESTRA_CONFIGURATIONenvironment variable (official pattern)
Access
Once deployed: https://kestra.taila5ad8.ts.net
Directory Structure
/opt/kestra/
└── tailscale/
└── serve-config.json # Tailscale HTTPS configuration
Environment Variables
| Variable | Description | Required |
|---|---|---|
TS_AUTHKEY |
Tailscale authentication key | Yes |
DB_HOST |
PostgreSQL host | Yes |
DB_PORT |
PostgreSQL port | Yes |
DB_NAME |
Database name | Yes |
DB_USER |
Database user | Yes |
DB_PASSWORD |
Database password | Yes |
KESTRA_ADMIN_USER |
Admin username | No (default: admin) |
KESTRA_ADMIN_PASSWORD |
Admin password (min 8 chars, uppercase + number) | Yes |