Hello,
we installed tailscale as a subnet router in a Kubernets cluster using the relevant guide in the Docs. The namespace we used is istio-enabled (I would provide a reference link here but I am only allowed two links as a new user). However, in the tailscale pod logs we can see that it has trouble connecting to log.tailscale.io and also that it tries to connect to DERP servers, without success.
We can also see logs like
dial tcp 172.20.0.1:443: Connection refused
where 172.20.0.1 is the ClusterIP Kubernetes service in the default namespace.
Eventually, we abandoned this setup and re-installed tailscale as a subnet router in the default namespace, which is not istio-enabled. This worked quite well. However, we would still like to know how we could have resolved the problem… does anyone have experience with tailscale as part of an Istio service mesh? Is something like that even possible? Should we perhaps configure tailscale as an external service?
Thanks in advance, and sorry for not providing detailed logs - unfortunately we have deleted the relevant setup!