You showed, with the new SSH feature, that you can hijack a specific port.
Could we have something like that, with a customizable port and target, utilizing the proxy mode.
Usecase : Sidecars for k8s deployments.
This would allow me, to deploy a sidecar with Tailscale, define a port, and a target container/service, and then expose that service, to my Tailscale network with ACL etc. That would be pretty cool, and extremely usefull.
Today, as i understand, deploying a Sidecar Tailscale requires me to rely on some differet service, to forward to request, to the target container, which imho is not a pretty solution.
The way i can do someting like this, is using Cloudflared tunnel. But this exposes my services to the entire internet, and has some drawbacks when you are not using http/https traffic.
Oh and its not Tailscale, which is probably the biggest drawback 
Hope you have plans to do someting like this