GitOps for Tailscale ACLs

Access Control Lists (ACLs) use ACL syntax to define what users or devices can access in your Tailscale network (known as a tailnet). An alternative to managing the ACL changes in the Access Controls page of the admin console to use GitOps for Tailscale ACLs to manage the ACL changes. With GitOps, your Git pull requests will send your tailnet policy file to Tailscale to determine whether the ACL is valid and whether all ACL tests pass. Your Git pushes also check validity and run tests, and if successful, will automatically apply your tailnet policy file changes to your tailnet.

GitOps for Tailscale ACLs is available for all plans.

Using GitOps for ACLs:

  • Gives you a single source of truth for your tailnet policy file, that you can manage outside of the Tailscale admin console
  • Allows you to version tailnet policy files
  • Gives you an audit trail of commits to change tailnet policy files, including what changed and who made the change

With GitOps for Tailscale ACLs, you maintain your tailnet policy file with Git. This provides a central reference that can use the same controls for tailnet policy file changes as for code changes (“config as code”). For example, you can set up your Git repository to require reviews by another person, invoke tests for your tailnet policy file changes, and then use GitOps to automatically apply the changes to your tailnet.

The following topics provide details for setting up GitOps for Tailscale ACLs: