I have a bunch of linux servers with Tailscale installed on them. I’ve recently installed k3s on each of those servers and created a kubernetes cluster.
Now, I want to expose some of the applications running on my cluster to public internet using Tailscale Funnel.
So in the final picture, there will be tailscale daemons running on the physical node, plus for each of the exposed services a Tailscale container running inside a pod. As far as I understand, the services I expose will appear as different machines on my Tailnet.
I have several concerns over this set up:
- Does this set up make sense?
- Am I introducing some security breaches by effectively putting containerized apps and physical machines on the same tailnet?
- Is the funnel network traffic going to be encrypted twice, wasting cpu cycles on both ends?
- Is there a better way?