Cloudfleet is an industry disruptor that’s changing how people use Kubernetes. Their platform provides a managed Kubernetes cluster solution that allows users to add compute nodes from any cloud or on-premise location, with just-in-time infrastructure, and automated upgrades. Cloudfleet builds their product on top of Tailscale’s platform to create secure connections with less hassle.

Co-founder of Cloudfleet, Yegor Tokmakov, and the team behind Cloudfleet describe how this novel approach helps provide a “Kubernetes experience, as it was meant to be,” while saving their company substantial costs.

Democratizing hybrid infrastructure

Today’s enterprises increasingly strive to be vendor-agnostic. They want flexibility in choosing their infrastructure providers, and they’re under pressure to optimize their cloud spend. In reality, most already operate in complex environments, using two or more cloud providers alongside on-premises infrastructure.

The team behind Cloudfleet has encountered this pattern countless times in their careers. While the promise of hybrid and multi-cloud environments is appealing, the reality is often operationally painful. Companies find themselves needing deep, provider-specific expertise and investing heavily in tooling just to maintain day-to-day operations. Cloudfleet was founded to change that.

As Yegor explains: “We want our customers to be able to use any infrastructure — on-premises, at the edge, or in the cloud — and get the same level of service they expect from the best cloud providers, all based on an open-source software stack. Whether they’re driven by regulatory requirements, cost optimization, or building truly global workloads, our vision is to provide an orchestration layer where the boundaries between environments no longer matter.”

To make that vision real, the team set out to build a managed Kubernetes platform that supports any cloud and any location. It delivers the kind of operational simplicity and reliability typically reserved for hyperscaler-native services, while enabling full control, flexibility, and digital sovereignty.

“The core difference with us,” Yegor adds, “is that our customers can bring in compute nodes from any cloud or on-prem location. We operate the cluster, monitor the health of the nodes, and handle security and networking. From single-tenant SaaS deployments to hybrid clusters to distributed LLM training jobs, we’re already powering hundreds of clusters and managing thousands of nodes.”

“Tailscale has been instrumental in helping us build a secure, scalable network across diverse environments. It’s been a great partner for Cloudfleet, and we now confidently recommend it to our customers for their own networking needs.”

The power of building with Tailscale

Before building Cloudfleet, the team had already used Tailscale for their personal needs. Yegor shares, “One of our founding team members built a homelab for himself. I am actually downplaying it when I call it a homelab, because it's serious datacenter-grade stuff running there, and he needed a solution to remotely access this infrastructure. This is how we learned about Tailscale.”

The insights they gained as personal users of Tailscale proved enlightening. And as they delved into Tailscale’s network structure, they realized it would be a perfect fit for their vision of Cloudfleet.

As Yegor explains, “The core of our product is a Kubernetes cluster, and these can contain compute nodes from virtually unlimited places. Kubernetes is designed to work with flat networks. So, the control plane and the nodes must be on a flat network.”

In essence, Cloudfleet is a solution that spans across data centers and clouds, so it requires a networking solution with a similarly “flat” structure. By joining the same tailnet before joining the same cluster, Cloudfleet’s control plane and its users’ nodes can securely communicate through Tailscale’s IP space.

Moreover, Tailscale provides encryption in transit by default for nodes in traditional datacenters and superscalers, which helps customers fulfill the strictest security standards on any infrastructure platform. All of this is achieved without compromising network performance.

“The nodes start to think they are on the same network,” adds Yegor. “Kubernetes simply fits into the overlay network that Tailscale creates. So it's in the core of the product.

The experience of building on Tailscale has worked out very well for Cloudfleet so far, with Yegor elaborating, “Tailscale has been instrumental in helping us build a secure, scalable network across diverse environments. It’s been a great partner for Cloudfleet, and we now confidently recommend it to our customers for their own networking needs.”

“80% to 90% of our NAT cost dropped after the move to IPv6 with Tailscale.”

Network isolation, made easy

Cloudfleet uses Tailscale subnet routers to allow nodes to access the control plane. Yegor explains, “We are hosting hundreds of Kubernetes control planes, and each control plane has one IP. These IPs all belong to one subnet that is announced by subnet routers in each Cloudfleet region.” He adds, “The subnet router uses ACLs to ensure only the nodes belonging to a Kubernetes cluster can access that cluster’s control plane IP.” Tailscale ACLs ensure the microsegmentation required by this multi-tenancy architecture.

Tailscale also allows Cloudfleet to securely auto-provision Kubernetes nodes by issuing temporary authentication keys. Each node receives a tag that defines its access permissions via Tailscale’s ACLs. “When we add new nodes to a cluster, we issue an authentication key that helps them to identify themselves with Tailscale’s tag, like a one-use auth key.”

When a user adds a compute node, Cloudfleet’s API provides authorization to the node with a specific tag. Tailscale’s ACLs allow the node to talk to the control plane’s IP address and any nodes with the same tag. This ensures Cloudfleet has a secure way to connect nodes across multiple tenants without requiring complex and burdensome network configurations.

Reducing NAT costs by 90%

Tailscale’s IPv6 functionality has helped Cloudfleet save significantly in NAT costs. As Yegor explains, “Many of our nodes already have IPv6. For example, people are using some smaller providers that enable it by default. They do that because they want to save IPv4 costs, so they are trying to push people to IPv6.”

However, Cloudfleet’s control plane initially didn’t support IPv6. In many instances, they were forced to rely on relay servers and NAT, which increased costs significantly as the company scaled.

That’s when it occurred to the team to switch to IPv6 with Tailscale and use direct connections. “We suddenly said, ‘Okay, why don't we also use IPv6 in our control plane? Because then we would bypass NAT. And we did it, and suddenly I think 90% of our connections between nodes and control planes are now happening in IPv6.”

The cost reduction from this change was significant. Yegor shares, “80% to 90% of our NAT cost dropped after the move to IPv6 with Tailscale.”

Building a secure path for your success

Changing the way things have always been done was Cloudfleet’s challenge, but fortunately, secure connectivity for their platform wasn’t. By building on Tailscale, they provided their users with a reliable way to connect Kubernetes clusters from anywhere, while reducing management hassles and saving considerable costs.

If you’d like to explore how Tailscale’s capabilities can inspire innovation and meet your company’s networking and security needs, contact our team today.