Advanced example
Tailscale Operator
Expose cluster workloads to your tailnet via LoadBalancer or Ingress. No public IPs or load balancers.
The Tailscale Kubernetes Operator lets you expose services to your tailnet. Cloudburst burst nodes already use Tailscale to join the cluster; the same tailnet can expose workloads to your devices.
1. Install the operator
Follow the official setup (OAuth client, namespace, etc.). Then:
kubectl apply -f https://raw.githubusercontent.com/tailscale/tailscale/main/cmd/k8s-operator/deploy/manifests/operator.yaml2. Expose a Service via LoadBalancer
Create a LoadBalancer Service with loadBalancerClass: tailscale. The operator provisions a Tailscale node; the service gets a MagicDNS name in your tailnet.
apiVersion: v1
kind: Service
metadata:
name: nginx
annotations:
tailscale.com/hostname: nginx
spec:
ports:
- name: http
port: 80
targetPort: 80
type: LoadBalancer
loadBalancerClass: tailscale
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 803. Expose via Ingress (HTTPS + MagicDNS)
Use ingressClassName: tailscale for TLS and automatic MagicDNS. Requires HTTPS and MagicDNS on your tailnet.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
spec:
defaultBackend:
service:
name: nginx
port:
number: 80
ingressClassName: tailscale
tls:
- hosts:
- nginx4. Verify
# Service shows MagicDNS name in EXTERNAL-IP
kubectl get svc nginx
# Ingress shows hostname (e.g. nginx.tailxyz.ts.net)
kubectl get ingress nginx
# Access from any Tailscale device: curl https://nginx.tailxyz.ts.net