DEPRECATED: Kubernetes is now officailly supported by Tailscale.
The goal of this project is to provide a few ways to run Tailscale inside a Kubernetes Cluster
-
(Optional) Create the following secret which will automate login.
You will need to get an auth key from Tailscale Admin Console.
If you don't provide you the key, you can still use authenticate by using the url in the logs.apiVersion: v1 kind: Secret metadata: name: tailscale-auth stringData: AUTH_KEY: tskey-...
-
Set the image tag:
export IMAGE_TAG=ts:latest
-
Build and push the container
make push
-
Create the sample nginx pod with a tailscale sidecar
make sidecar
-
If you're not using an AuthKey, authenticate by grabbing the login URL here:
kubectl logs tailscale-sidecar tailscale
-
Check if you can to connect to nginx over tailscale:
curl "http://$(tailscale ip -4 nginx)"
Or, if you have MagicDNS enabled:
curl http://nginx
-
Provide the Cluster IP of the service you want to reach by either:
- creating a new deployment
kubectl create deployment nginx --image nginx kubectl expose deployment nginx --port 80 export DEST_IP="$(kubectl get svc nginx -o=jsonpath='{.spec.clusterIP}')"
- or, using an existing service
export DEST_IP="$(kubectl get svc <SVC_NAME> -o=jsonpath='{.spec.clusterIP}')"
- creating a new deployment
-
Deploy the proxy pod
make proxy
-
If you're not using an AuthKey, authenticate by grabbing the login URL here:
kubectl logs proxy
-
Check if you can to connect to nginx over tailscale:
curl "http://$(tailscale ip -4 proxy)"
Or, if you have MagicDNS enabled:
curl http://proxy