I am using this, it's working well for me. Here are a few notes after using it for a while (I had a couple of surprises / nits):
1. The operator will request letsencrypt certificates and store them in a secret. In my specific case I was redeploying the underlying host a lot using CI and hit letsencrypt rate limits. Before looking into it, I guess I'd expected tailscale to manage the certs on their end. On reflection how it actually works is better (they don't get private key) but it caught me out.
2. Doesn't seem to pick up ingress changes very cleanly, tend to have to kick the tailscale pod spawned by the operator to get things working after a change. Only really a problem during the "fiddling" phase of setting stuff up.
3. It's not quite a "production" thing, pod images are like tailscale:unstable, it would be nice if there was a helm chart and proper versioning etc (totally fair, it's marked as beta).
4. Sometimes I want tailscale on an underlying host _and_ the operator, if you are the kind of person who gives an instance the same name as the service it is a little annoying. For example, suppose you have a host called rancher.my.fqdn it will come up in tailscale as rancher.foo-bar.ts.net and your ingress has to be rancher-1.foo-bar.ts.net. I guess I just have to not do that (e.g. give the host a different name).
1. The operator will request letsencrypt certificates and store them in a secret. In my specific case I was redeploying the underlying host a lot using CI and hit letsencrypt rate limits. Before looking into it, I guess I'd expected tailscale to manage the certs on their end. On reflection how it actually works is better (they don't get private key) but it caught me out.
2. Doesn't seem to pick up ingress changes very cleanly, tend to have to kick the tailscale pod spawned by the operator to get things working after a change. Only really a problem during the "fiddling" phase of setting stuff up.
3. It's not quite a "production" thing, pod images are like tailscale:unstable, it would be nice if there was a helm chart and proper versioning etc (totally fair, it's marked as beta).
4. Sometimes I want tailscale on an underlying host _and_ the operator, if you are the kind of person who gives an instance the same name as the service it is a little annoying. For example, suppose you have a host called rancher.my.fqdn it will come up in tailscale as rancher.foo-bar.ts.net and your ingress has to be rancher-1.foo-bar.ts.net. I guess I just have to not do that (e.g. give the host a different name).