Tailscale Kubernetes Operator

by l2dyon 9/22/2023, 12:39:06 PM with 10 comments
  • by sneakon 9/22/2023, 1:32:57 PM

    The amount of trust placed in DockerHub to serve the correct images to everyone for uncritical download and execution is insane to me.

    The whole industry does it, and it's the same as "curl | bash" to specify image:tag and not image@hash.

    If I were TAO I'd apply for a job at Docker or their hosting provider.

  • by shawabawa3on 9/22/2023, 2:09:08 PM

    One thing that i think is really missing is redundancy on the proxies

    Currently there's no way to have two proxies that listen on the same tailscale hostname/ip

    Ideally in Kubernetes every pod is redundant to allow downscaling of nodes efficiently, so this means we have to eat a minute or so of downtime randomly every now and then on our tailscale endpoints

  • by HappyCathodeon 9/22/2023, 1:21:55 PM

    That's really neat. Cloudflare tunnel for external customer egress, and Tailscale for internal tool egress. No more costly cloud specific load balancers !

  • by Stem0037on 9/22/2023, 3:46:43 PM

    Does it support headscale? https://github.com/juanfont/headscale

  • by drewdaon 9/22/2023, 2:12:46 PM

    We've been using https://github.com/mvisonneau/docker-tailscale/ on k8s clusters. Good to see an official option coming.

  • by gmemstron 9/22/2023, 1:03:05 PM

    Maybe not wise to post here yet as the docs mark this as a private alpha.

  • by hobofanon 9/22/2023, 5:45:10 PM

    I think an alternative solution would be nice, where services are just registered with their service discovery, though I suppose that would require them providing an official API for that part of their product.

    In my current setup for Tailscale + Kubernetes, I just use their subnet router[0] and add the kubedns server for the cluster.local domains to their MagicDNS. Having proper service discovery would make this into a nice round solutionl.

    [0]: https://tailscale.com/kb/1185/kubernetes/#subnet-router

  • by thelastparadiseon 9/22/2023, 1:01:25 PM

    It's a neat idea but I wouldn't put this in my k8s cluster.

    Keep it simple st*pid!

  • by knodion 9/22/2023, 3:36:28 PM

    Love it!!! This is going to make (my) dev and testing env cluster so much easier.

    Now imagine running derp-server with in the DC with your k8s.

  • by tecleandoron 9/22/2023, 1:04:18 PM

    Nice! I think I'll try to implement this in my TrueNAS this weekend, as it makes way way easier to access all the services I deploy there.

    TrueCharts charts have Tailscale support, but not all my charts are from there, and also I'm kind of avoiding them.

    Also, it's nice if you deploy something without a chart.