Serving a subdomain via Tailscale

This isn’t so much a support question, more a general one, but there wasn’t an appropriate category and once I selected SUPPORT QUESTIONS I couldn’t deselect it.

I own a domain dsb.dev, which has a few things hosted in various subdomains. I also have my home k3s cluster that I currently access via Tailscale.

I’d like to be able to set up my ingresses so that grafana.homelab.dsb.dev routes to my grafana deployment (among other things I have running) providing the machine I’m using is connected to Tailscale.

A requirement of a .dev domain is that everything must be https. So I’ve set up cert-manager in my cluster and configured it to use letsencrypt so my ingresses just get the certificates they need.

This is where I get stuck, I’m not sure how to configure my Google Domain in a way that *.homelab.dsb.dev routes to my master k3s node via its Tailscale IP and allows me to generate certificates via letsencrypt. It’s not something I’ve done before, and I’ve had a hard time finding resources for something like this.

Wondering if anyone could explain to me if (and how) a set-up like this is possible?

I just got this working.

For starters, I had to switch from Google Domains to CloudFlare. As Google Domains doesn’t have the necessary APIs to do what I want.

Secondly, I created an A record to point *.homelab.dsb.dev to my Tailscale IP.

Third, I updated cert-manager to use CloudFlare and added my API token etc.

Lastly, I updated my ingresses to use the new issuer, waited a couple minutes and presto. I can access my stuff on a proper domain, providing I’m on my Tailscale network.

Great! Glad you got it working. If you’re willing to not use your
dsb.dev domain, MagicDNS also exists for this kind of job:
https://tailscale.com/kb/1081/magic-dns. It creates a special custom
domain (not one in .dev) that is only visible from inside your
personal tailscale network.