diff --git a/tf/digitalocean.tf b/tf/digitalocean.tf
index 6eb9baa..f41286f 100644
--- a/tf/digitalocean.tf
+++ b/tf/digitalocean.tf
@@ -134,13 +134,13 @@ resource "digitalocean_firewall" "k8s-master-firewall" {
     source_addresses = [var.tailscale_ipv4_range]
   }
 
-  # Kubernetes API - open for now (GitHub Actions has 4000+ dynamic IPs)
-  # TODO: Consider self-hosted runners in VPC to restrict this
-  # Security: K8s API requires valid client certs, so exposure is low risk
+  # Kubernetes API - VPC + Tailscale only
+  # GitHub Actions uses self-hosted runners in VPC
+  # Admin access via Tailscale
   inbound_rule {
     protocol         = "tcp"
     port_range       = "6443"
-    source_addresses = ["0.0.0.0/0", "::/0"]
+    source_addresses = [digitalocean_vpc.akatsuki-production-vpc.ip_range, var.tailscale_ipv4_range]
   }
 
   # etcd - VPC only (cluster-internal)