Krumware helps companies build and deliver better software by empowering engineers in the areas of custom apps, cloud-native technologies, and platform engineering. When they needed a networking solution for their Kubernetes-focused system, they were drawn to a platform that also puts developers first. Every member of their team uses Tailscale, and founder Colin Griffin shares how it’s helped them save costs, network effortlessly, and seamlessly operate with a “code-first” approach.

Software engineering gets an upgrade

Colin created Krumware 10 years ago to provide tools, processes, and the “know-how of cloud native” to fellow software engineers. Since then, his company has grown significantly and now helps businesses support their engineers in building better software, with an emphasis on self-service via portals, services, integrations, and automations.

He explains, “We have firsthand knowledge of what developers need, and we can provide and build tools that enable non-developer teams to provide that to developers. Krumware is the productization of that idea.”

With this approach to their own operations, Krumware’s team sought a networking solution that would also fit this engineer-first, code-first approach. But beyond that, it was also crucial that it could make workloads available for developers to share and access in a way that had parity with actual production deployment.

“We evaluated several tools,” shares Colin. “WireGuard was one, and we tried to use it to give access and get everybody on the same network. But that didn't really give us the toolset we needed, and it was a little bit manual.” They also experimented with using Cloudflare Tunnels with Kubernetes, with the hope of providing “safe but public” ingress, but they still required secure access to virtual infrastructure, like clusters and other environments.

Enter Tailscale, which was suggested by one of Krumware's engineers who already used it in their home lab. “The ability to provide Tailscale ingress was huge. That’s what sold it for us.”

An effortless rollout and transparent costs

After exploring Tailscale’s features, Colin realized that it could be an ideal solution to Krumware’s multifaceted networking needs. And with Tailscale’s Kubernetes Operator, a tool that automatically connects workloads to your Tailnet for secure access, team members began preparing for a swift adoption.

“We liked the simplicity of the client. We liked the fact that we could use more of a declarative approach for things like GitOps and access rules. We had all the tools we needed, and we just dropped everything else and standardized on Tailscale.”

At the time, Krumware was a relatively nimble organization of about 15 people, and granting access to their team was as simple as setting up Google Single Sign-On. From there, they authorized seats, and as each person came on board, they were given access to Tailscale. This approach was not only convenient but also much more affordable than the other solutions they considered.

As Colin explains, “It's been great since Tailscale is per-user and not per-endpoint. It's so much easier for us to estimate what the costs are going to be, and honestly, we're saving a lot of money because of that. We feel like subscriptions for open source and for cloud products are a huge tax today, and we see a lot of value in being able to quantify by user instead of by device. I think that's a really big differentiator for Tailscale.”

Going “all in” on Kubernetes

Before founding Krumware, Colin developed software solutions when containers and Kubernetes were growing in popularity. He recognized how these tools could solve core problems in software engineering and decided to go “all in” on the new approach.

“That may be a little backward from other people's journeys, but we're very Kubernetes native,” he shares. “We don't want to think about device management, shipping clients down, and doing all that.”

Their first use case for Tailscale evolved out of their GitOps patterns and deployment architecture. Colin explains that they have a three-layer approach to deployment: the infrastructure plane, the platform tools and orchestration pieces, and the applications or custom services.

“What we were able to do is actually add the Tailscale Kubernetes Operator as a part of our standard platform tools. Every developer has a Kubernetes environment or self-hosts one as a function of the cluster coming online. It’s really, really easy to set up. Once you add the API key credentials, it just works.”

From there, Krumware’s team used both Tailscale egress and ingress to provide connectivity between developer workloads and other platform services. This gave them the benefit of being able to define internal addresses without DNS settings.

Colin explains, “That allows things like our observability tools or metrics collectors to ship out to a central observability plane. The ability to do that through just standard GitOps patterns and manifests really unlocked a lot of efficiency and time savings for the developers.”

This networking setup also provided invaluable discovery capabilities, including the ability to list, observe, and access other people's machines directly. “That's been great because then you don't have to copy and paste a URL every time you need somebody to help you, right? That self-service and discovery have been really key for us.”

Kubernetes meets Tailscale

Colin is very enthusiastic about how well Tailscale has worked with Krumware’s Kubernetes-focused approach so far. “The big benefit of Kubernetes is that you can offload a lot of that responsibility to other components and don't have to build it into your own applications. We were able to effectively apply that at the development level, which helped us execute on that mission of parity with development, staging, and production.”

When each cluster comes online, it immediately gets Tailscale and access to the Tailnet. Then, Krumware’s team distributes credentials and defines which ACLs are assigned to certain workflows or tools.

“On the other side, we get the ingress,” Colin adds. “As every cluster comes online, there's an ingress pattern that becomes available. It's also available through external DNS, so it publishes, and a developer doesn't have to use the internal Tailscale address. We can use a public address and get that URL pairing. There's just a lot of cool magic that can happen.”

Later, they also deployed clients beyond the clusters, down to the customer’s machines themselves.

Colin explains, “Now, we're using Tailscale to provide secure access to internal and externally hosted applications. That was really great for us because we’d just revamped our security posture and InfoSec policies, and it was essentially turnkey for us. We just said, ‘Hey, everyone uses Tailscale now,’ and it was rolled out overnight.”

Saving time and increasing efficiency

So far, Tailscale has helped Krumware increase efficiency and save time, especially in development. This is especially noticeable in the time saved configuring new developer workflows or applications.

Colin elaborates, “Imagine you're onboarding a 20-year-old intern. Without Tailscale, it could be many hours of helping them try to figure out what the networking rules on their machine need to look like, doing proxy configuration if that's something we need. If somebody's working from home and their network has some diversity and all that, this could easily save several days of debugging for network configuration just in the onboarding process per engineer alone.”

His team also saved significant time debugging, due to how apps are configured to work in production versus in development. Colin shares that this could take hundreds of hours in some cases, depending on the environment.

“By leveraging Tailscale inside the cluster, it's not forcing, but encouraging the developer to use ingress, egress, and standard Kubernetes networking policies rather than just port binding on their local machine. This encourages developers to grow into a "Kubernetes mindset"”

Colin shares that because Tailscale just works with standard Kubernetes components, it doesn't require CRDs that might not be in a customer environment.

“Then we get that parity,” says Colin. “We save all that time from customization for a customer environment. So there's a tremendous amount of savings at the tail end of that, too.”

In short, Tailscale enables a method of development that isn't split between production and staging, and it enforces better practices facilitated by Tailscale’s seamless approach to Kubernetes. “Everything has been just amazing. I've just been really pleased by it, and it makes me want to go out and tell people to get it. Just use Tailscale.”

About Krumware

Krumware has been helping companies build and deliver better software since 2016. Their tactical software and platform engineering capabilities reduce implementation time and risk while enabling long-term value with continuous enablement and support. They are known for their expertise in all things cloud-native, Kubernetes, and open-source software, and have been named one of Inc. 5000’s fastest growing companies. As a certified Tailscale partner, Krumware recommends and implements Tailscale as its go-to solution for secure networks and VPN.

If you’re curious about how Tailscale could meet your organization's complex networking needs, contact our team for a demo.