This repo contains Pulumi infrastructure as code definitions for an AWS demo environment that shows various Tailscale uses. It also contains a wrapper CLI with Pulumi's automation API to automate the provisioning of the infrastructure.
It provisions to 3 AWS regions:
- us-west-2
- us-east-1
- eu-central-1
The resources this repo provisions are:
- A VPC with public and private subnets
- A Tailscale subnet router and exit node in a high-availability pair
- An app connector
- A private EKS cluster with no public access
- Karpenter to provision private node groups
- The Tailscale Kubernetes operator set to auth mode
- A subnet router configured with 4via6 for the Kubernetes service CIDR
- Prometheus with a Tailscale ingress for private access to the web UI
You can use the Automation API CLI to provision all the infrastructure. You'll need a Pulumi backend configured before this will work.
go run cli/main.go destroy --path $(pwd)/infrastructure/You can get streamed JSON logs with
go run cli/main.go destroy --path $(pwd)/infrastructure/ --jsonStack configuration has been checked into this repo. If you'd like to be able to run this entire repo, please open an issue and I'll move the stack configuration out of the repo.