Tailscale, Self Hosted Kubernetes and Funnels

can · April 3, 2023, 11:59am

I have a bunch of linux servers with Tailscale installed on them. I’ve recently installed k3s on each of those servers and created a kubernetes cluster.

Now, I want to expose some of the applications running on my cluster to public internet using Tailscale Funnel.

So in the final picture, there will be tailscale daemons running on the physical node, plus for each of the exposed services a Tailscale container running inside a pod. As far as I understand, the services I expose will appear as different machines on my Tailnet.

I have several concerns over this set up:

Does this set up make sense?
Am I introducing some security breaches by effectively putting containerized apps and physical machines on the same tailnet?
Is the funnel network traffic going to be encrypted twice, wasting cpu cycles on both ends?
Is there a better way?

valexeev · June 28, 2023, 9:32am

A shameless plug here. I’m currently working on the Tailscale-based Ingress Controller (a fork of an earlier work I found on Github) that allows you to expose services on the tailnet including Funnel.

Feel free to test and see if it fits your purpose.

Topic		Replies	Views
Tailscale Funnel and Containers in Tailscale	0	566	April 6, 2023
Subnet router as EC2 instance or Container Containers in Tailscale	0	521	December 7, 2022
Is it possible to run Tailscale both in Docker containers _and_ on the host?	2	3423	August 29, 2022
Tailscale Funnels - Multiple Services per Machine?	0	1231	February 23, 2023
Setting Tailscale Funnel Up on unRaid Tailscale About articles (troubleshooting, info)	1	767	March 18, 2023

Tailscale, Self Hosted Kubernetes and Funnels

Related Topics