/tailscale-on-k8s

Primary LanguageShellApache License 2.0Apache-2.0

DEPRECATED: Kubernetes is now officailly supported by Tailscale.

Overview

The goal of this project is to provide a few ways to run Tailscale inside a Kubernetes Cluster

Instructions

Setup

  1. (Optional) Create the following secret which will automate login.
    You will need to get an auth key from Tailscale Admin Console.
    If you don't provide you the key, you can still use authenticate by using the url in the logs.

    apiVersion: v1
    kind: Secret
    metadata:
      name: tailscale-auth
    stringData:
      AUTH_KEY: tskey-...
  2. Set the image tag:

    export IMAGE_TAG=ts:latest
  3. Build and push the container

    make push

Sample Sidecar

  1. Create the sample nginx pod with a tailscale sidecar

    make sidecar
  2. If you're not using an AuthKey, authenticate by grabbing the login URL here:

    kubectl logs tailscale-sidecar tailscale
  3. Check if you can to connect to nginx over tailscale:

    curl "http://$(tailscale ip -4 nginx)"

    Or, if you have MagicDNS enabled:

    curl http://nginx

Sample Proxy

  1. Provide the Cluster IP of the service you want to reach by either:

    • creating a new deployment
      kubectl create deployment nginx --image nginx
      kubectl expose deployment nginx --port 80
      export DEST_IP="$(kubectl get svc nginx -o=jsonpath='{.spec.clusterIP}')"
    • or, using an existing service
      export DEST_IP="$(kubectl get svc <SVC_NAME> -o=jsonpath='{.spec.clusterIP}')"
  2. Deploy the proxy pod

    make proxy
  3. If you're not using an AuthKey, authenticate by grabbing the login URL here:

    kubectl logs proxy
  4. Check if you can to connect to nginx over tailscale:

    curl "http://$(tailscale ip -4 proxy)"

    Or, if you have MagicDNS enabled:

    curl http://proxy