Serving a subdomain via Tailscale

This isn’t so much a support question, more a general one, but there wasn’t an appropriate category and once I selected SUPPORT QUESTIONS I couldn’t deselect it.

I own a domain, which has a few things hosted in various subdomains. I also have my home k3s cluster that I currently access via Tailscale.

I’d like to be able to set up my ingresses so that routes to my grafana deployment (among other things I have running) providing the machine I’m using is connected to Tailscale.

A requirement of a .dev domain is that everything must be https. So I’ve set up cert-manager in my cluster and configured it to use letsencrypt so my ingresses just get the certificates they need.

This is where I get stuck, I’m not sure how to configure my Google Domain in a way that * routes to my master k3s node via its Tailscale IP and allows me to generate certificates via letsencrypt. It’s not something I’ve done before, and I’ve had a hard time finding resources for something like this.

Wondering if anyone could explain to me if (and how) a set-up like this is possible?

I just got this working.

For starters, I had to switch from Google Domains to CloudFlare. As Google Domains doesn’t have the necessary APIs to do what I want.

Secondly, I created an A record to point * to my Tailscale IP.

Third, I updated cert-manager to use CloudFlare and added my API token etc.

Lastly, I updated my ingresses to use the new issuer, waited a couple minutes and presto. I can access my stuff on a proper domain, providing I’m on my Tailscale network.

Great! Glad you got it working. If you’re willing to not use your domain, MagicDNS also exists for this kind of job: It creates a special custom
domain (not one in .dev) that is only visible from inside your
personal tailscale network.