kairos icon indicating copy to clipboard operation
kairos copied to clipboard

Published 20 hours ago verified publisher icon kairos-io

Add Tailscale VPN as a community bundle

Open Ludea opened this issue 2 years ago • 7 comments

Is your feature request related to a problem? Please describe.

Use a vpn to connect to kairos / k3s cluster

Describe the solution you'd like

add Tailscale into community bundle

Describe alternatives you've considered

another vpn could do the job

Additional context

Ludea avatar Jun 08 '23 06:06 Ludea

Hi @Ludea, thanks for opening the issue. Since you mention, any VPN, could you use edgeVPN? https://kairos.io/docs/architecture/network/

mauromorales avatar Jun 08 '23 07:06 mauromorales

the main benefit to use tailscale is to avoid opening a port from router and access vpn through a tailscale subdomain (i think the name is reverse tunnel, i'm not sure)

Ludea avatar Jun 08 '23 07:06 Ludea

I also need this function, because many of my other devices, such as Android, windows and nas, have widely used tailscale as a vpn. And tailscale has many enhanced functions, such as ssl certificate, reverse proxy, dns and so on. Please consider this proposal. Thank you.

east4ming avatar Jun 27 '24 04:06 east4ming

@east4ming thanks for reaching out, atm we are not planning to work on this, but we'd be happy to get some contributions

mauromorales avatar Jun 27 '24 12:06 mauromorales

@east4ming thanks for reaching out, atm we are not planning to work on this, but we'd be happy to get some contributions

I would like to know how to use kairos with tailscale, can you help me? Thank you

east4ming avatar Jun 27 '24 15:06 east4ming

@east4ming I'm not a tailscale user so I cannot tell you myself, what have you tried that is not working so far?

mauromorales avatar Jun 28 '24 05:06 mauromorales

@east4ming I'm not a tailscale user so I cannot tell you myself, what have you tried that is not working so far?

I have tried 3 methods with success. The three methods are:

  1. install-config: execute tailscale install script via stage (curl....) -> Result: Failure. I tried multiple stages, executing in boot stage, the filesystem is already read-only; executing in other stages, it fails, and I didn't find any logs when I turned on debug.
  2. bundles: I made my own tailscale bundle, taking coco and flux as reference -> Result: Failure. I didn't find any logs about it.
  3. custom image: based on kairos standard debian, built it as a docker image, then built it as an iso using aurora, and installed the system using that iso. Result: Success.

3 The example is as follows:

FROM ghcr.io/tailscale/tailscale:stable as build

FROM quay.io/kairos/debian:bookworm-standard-amd64-generic-v3.0.14-k3sv1.29.3-k3s1

COPY --from=build /usr/local/bin/tailscale /usr/bin/
COPY --from=build /usr/local/bin/tailscaled /usr/sbin/
RUN mkdir -p /var/lib/tailscale
COPY tailscaled.service /etc/systemd/system/
COPY tailscaled.defaults /etc/default/tailscaled
RUN systemctl enable tailscaled.service

Thanks.

Despite the success, it's still a bit of a pain in the ass for me. I was expecting a bundle based model. If you can provide guidance on the bundle, I can show my error code.

east4ming avatar Jun 28 '24 13:06 east4ming

Check out:

https://github.com/Itxaka/sysext-examples/blob/main/tailscale.sh

bencorrado avatar Nov 08 '24 22:11 bencorrado

I no longer need a community bundlefor tailscale I deploy it with argocd bundle. I keep this ticket open for community.

Ludea avatar Nov 12 '24 07:11 Ludea