GitOps for Tailscale ACLs
Access Control Lists (ACLs) use ACL syntax to define what users or devices can access in your Tailscale network (known as a tailnet). An alternative to managing the ACL changes in the Access Controls page of the admin console to use GitOps for Tailscale ACLs to manage the ACL changes. With GitOps, your Git pull requests will send your tailnet policy file to Tailscale to determine whether the ACL is valid and whether all ACL tests pass. Your Git pushes also check validity and run tests, and if successful, will automatically apply your tailnet policy file changes to your tailnet.
Using GitOps for ACLs:
- Gives you a single source of truth for your tailnet policy file, that you can manage outside of the Tailscale admin console
- Lets you version tailnet policy files
- Gives you an audit trail of commits to change tailnet policy files, including what changed and who made the change
With GitOps for Tailscale ACLs, you maintain your tailnet policy file with Git. This provides a central reference that can use the same controls for tailnet policy file changes as for code changes ("config as code"). For example, you can set up your Git repository to require reviews by another person, invoke tests for your tailnet policy file changes, and then use GitOps to automatically apply the changes to your tailnet.
The following topics provide details for setting up GitOps for Tailscale ACLs:
- GitOps for Tailscale ACLs with Bitbucket
- GitOps for Tailscale ACLs with GitHub Actions
- GitOps for Tailscale ACLs with GitLab CI
The topics listed above also provide information for removing GitOps for Tailscale ACLs from your tailnet, should you decide to no longer use it.