K3s Homelab: Access your workloads securely with Tailscale

Hello, homelab enthusiasts! 👋 In part three of our Kubernetes journey, we're diving into secure service access with Tailscale! 🚀 What if you could access your Kubernetes services from *anywhere* without exposing them to the public internet? 🤔 That's the power of Tailscale! This mesh VPN provider, with its Kubernetes operator, simplifies exposing your services directly to your Tailscale network. No complicated firewall rules or public endpoints needed! 🎉 We'll cover: * **Demo 1:** Accessing a PostgreSQL database running in K3s from a remote machine, securely and easily. See how just two annotations make this possible! 🤯 * **Demo 2:** Accessing an HTTP service (WETTY - a browser-based terminal to an Alpine Linux pod) via Ingress with Tailscale. HTTPS with automatic TLS certificates? Yes, please! 😎 * **Setup:** A step-by-step walkthrough of installing the Tailscale client, K3s, and the Tailscale Operator. We'll cover OAuth client setup, role-based access with tags, and more! * **Exposing Services:** Three different methods: * ClusterIP service with annotations (for TCP/UDP) * LoadBalancer service with Tailscale class * Ingress for HTTP services (with automatic HTTPS!) * **Bonus:** Exposing services to the *public internet* using Tailscale Funnel! 🌐 * **Comparison:** Tailscale vs. Traditional VPNs vs. CloudflareD. Which is right for you? 🤔 I'm Filip, and let's get started! Join me as we unlock secure and simplified Kubernetes service access with Tailscale! 💻 #kubernetes #tailscale #homelab #k3s #vpn #security #devops #cloudnative #wireguard #meshvpn #ingress #loadbalancer #clustercip #oauth #helm #magicdns Links: https://github.com/filip-lebiecki/k3s-tailscale https://tailscale.com/kb/1236/kubernetes-operator Chapters: 00:00 Introduction 01:01 Demo 04:31 Tailscale Client Install 06:14 K3s install 06:46 Install Tailscale K8s Operator 09:57 Exposing ClusterIP 14:43 Exposing Load Balancer 16:33 Exposing Ingress 18:52 Exposing services to the Internet