Get started
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Zero Trust Networking icon


Secure access for Kubernetes, solved (seriously)

Secure remote access for ingress/egress, cross-cluster peering, and the Kubernetes control plane.


Connect your Kubernetes clusters with anything, anywhere

Secure remote access to the control plane
infrastructure agnostic
Zero trust access

Kubernetes networking without limits

Remote access to the control plane

Remote access to the Kubernetes control plane

Connect directly and securely to the control plane from anywhere, even for hosted Kubernetes services.

Connect Anything to Kubernetes

From databases to servers, provide full ingress and egress connectivity from Kubernetes clusters to non-Kubernetes resources via your Tailscale tailnet.
expose kubernetes workloads

Expose Kubernetes Workloads

Expose a Kubernetes cluster workload to your tailnet with a Tailscale load balancer service, annotate an existing service that fronts your workload, or create an ingress service, all without the public Internet.
Secure end-to-end connectivity

Secure End-to-End Connectivity

Connect services (north-south, east-west) across heterogeneous environments, encrypting communications using WireGuard®.

Tailscale Kubernetes operator

expose services
Easily expose services in your Kubernetes cluster to your Tailscale network
fast flexible and secure
Achieve fast, flexible, and secure Kubernetes networking, cross-cluster peering, and control plane access, without the need for additional networking infrastructure
securely connect
Securely connect to the Kubernetes control plane (kube-apiserver) via an API server proxy, with or without authentication
seamless egress
Seamless egress from a Kubernetes cluster to an external service on your Tailscale network
secure connectivity
Secure connectivity to and between your Kubernetes clusters that works like magic
full control
Full control with MagicDNS, Access Control Lists and other Tailscale security features natively built-in
Access everywhere
Kubernetes access everywhere and anywhere, from on-premises to public clouds.
Trying to set up a traditional VPN resulted in our team spending a lot of time with support … we wanted a hassle-free VPN that will always be on while protecting our services, and is transparent to the end user. Buying Tailscale and getting that 25th iteration level of product completion on day one was a better deal for everyone.
Bart Swedrowski, Director of Systems Engineering at Zego
Read full story

Modernize networking for Kubernetes with Tailscale, powered by WireGuard

Works anywhere

Use any major server, desktop, or mobile operating system — including Linux, macOS, Android, and iOS.

Kubernetes operator

Connect services and encrypt communications across heterogeneous environments with Tailscale Kubernetes operator.

User management

Sync users and groups with your IdP, and log in using SSO, MFA, or two-factor authentication.

Access control lists (ACLs)

Enforce granular access control policies (ACLs) as code, and programmatically manage your policy file with GitOps.

Subnet routers

Secure all your resources — use Subnet routers to add devices (or entire VPCs) where you haven't installed Tailscale yet.

Add services

Set up internal services — Quickly spin up services like Golinks to enable easy access to the apps and resources your team uses the most.

Tailscale SSH

SSH into devices on your network without the need to manually generate, distribute, and rotate SSH keys.

Regional Routing

Increase network resiliency with high availability that keeps critical resources connected via a global fleet of overlapping connectors.

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
Hugging Face