Host Tailscale resources in Kubernetes with Connector
Last validated:
A Connector is a Custom Resource Definition (CRD) provided by the Tailscale Kubernetes Operator. It lets you deploy a Tailscale device inside your cluster that bridges your tailnet and your cluster infrastructure.
Connector capabilities
The Connector resource lets a single Tailscale device serve one or more of the following roles:
- Subnet router: Advertises routes to your cluster's internal networks, such as Pod and Service CIDRs, to your tailnet.
- Exit node: Routes all internet-bound traffic from other tailnet devices through your Kubernetes cluster. Use this to maintain a consistent public IP address or to route traffic through a specific geographic region.
- App connector: Provides identity-aware access to public SaaS applications through your tailnet, centralizing egress and security policies.
A single Connector can act as both a subnet router and an exit node simultaneously.
Example Connector configuration
The following manifest creates a subnet router that advertises the cluster's internal Pod CIDR:
apiVersion: tailscale.com/v1alpha1
kind: Connector
metadata:
name: my-cluster-connector
spec:
subnetRouter:
advertiseRoutes:
- "10.40.0.0/14"
Further exploration
- Deploy exit nodes and subnet routers on Kubernetes using the Connector custom resource.
- Deploy app connectors on Kubernetes to provide identity-aware access to public SaaS applications.