Florian Apolloner

Wow, this looks great. One question @ItalyPaleAle, is it possible to use a single use auth key and have the tailscale state stored on disk? As far as I understand...

> so I arbitrarily set /var/tailscale as the default folder; I can change it to whatever you recommend. `/var/tailscale` would be rather uncommon, I'd recommend `/var/lib/tailscale` instead. Btw what was...

`/etc` seems weird to me since it is state not config. `/var/lib/tailscale` would match what a normal tailscale installation would use, so maybe not that uncommon? Though not really usable...

I think the current tailscale cert integration relies on the actual tailscale service to be running. When using tsnet no such socket exists at all... So I don't think that...

> This can cause a mismatch in configuration, as this implicitely requires both to be set up with the same authkey / tailscale account, as we there should not be...

FWIW personally I think tailscale certs (maybe aside from the tls flag) for the tsnet entrypoint are pretty much out of scope for this PR and can be added later...

> If you get this to work with yaml and non-ephemeral nodes, I would be happy to see it work. I didn't run it myself yet, but how did you...

Okay, we managed to pinpoint it further: If we configure Haproxy to send a `Connection: close` header then the issue does not occur. So this issue manifests itself only if...

I have debugged this a bit and as far as I can tell something happened with the container builds between 1.11.3 and 1.11.4. Putting a newly built coredns into the...

Having this feature would help vector to write nicely into fluentd which currently has the message tag as part of the url path: https://docs.fluentd.org/input/http