Kubernetes

Secure access for Kubernetes, solved (seriously)

Secure remote access for ingress/egress, cross-cluster peering, and the Kubernetes control plane.

Get started

Contact sales

Connect your Kubernetes clusters with anything, anywhere

Secure remote access to the control plane

Kubernetes networking without limits

Remote access to the Kubernetes control plane

Connect directly and securely to the control plane from anywhere, even for hosted Kubernetes services.

Connect Anything to Kubernetes

From databases to servers, provide full ingress and egress connectivity from Kubernetes clusters to non-Kubernetes resources via your Tailscale tailnet.

Expose Kubernetes Workloads

Expose a Kubernetes cluster workload to your tailnet with a Tailscale load balancer service, annotate an existing service that fronts your workload, or create an ingress service, all without the public Internet.

Secure End-to-End Connectivity

Connect services (north-south, east-west) across heterogeneous environments, encrypting communications using WireGuard®.

Tailscale Kubernetes operator

Easily expose services in your Kubernetes cluster to your Tailscale network

Achieve fast, flexible, and secure Kubernetes networking, cross-cluster peering, and control plane access, without the need for additional networking infrastructure

Securely connect to the Kubernetes control plane (kube-apiserver) via an API server proxy, with or without authentication

Seamless egress from a Kubernetes cluster to an external service on your Tailscale network

Secure connectivity to and between your Kubernetes clusters that works like magic

Full control with MagicDNS, Access Control Lists and other Tailscale security features natively built-in

Kubernetes access everywhere and anywhere, from on-premises to public clouds.

“Trying to set up a traditional VPN resulted in our team spending a lot of time with support … we wanted a hassle-free VPN that will always be on while protecting our services, and is transparent to the end user. Buying Tailscale and getting that 25th iteration level of product completion on day one was a better deal for everyone.”

Bart Swedrowski, Director of Systems Engineering at Zego

Read full story

Modernize networking for Kubernetes with Tailscale, powered by WireGuard

See all features

Works anywhere

Use any major server, desktop, or mobile operating system — including Linux, macOS, Android, and iOS.

Kubernetes operator

Connect services and encrypt communications across heterogeneous environments with Tailscale Kubernetes operator.

User management

Sync users and groups with your IdP, and log in using SSO, MFA, or two-factor authentication.

Access control lists (ACLs)

Enforce granular access control policies (ACLs) as code, and programmatically manage your policy file with GitOps.

Subnet routers

Secure all your resources — use Subnet routers to add devices (or entire VPCs) where you haven't installed Tailscale yet.

Add services

Set up internal services — Quickly spin up services like Golinks to enable easy access to the apps and resources your team uses the most.

Tailscale SSH

SSH into devices on your network without the need to manually generate, distribute, and rotate SSH keys.

Regional Routing

Increase network resiliency with high availability that keeps critical resources connected via a global fleet of overlapping connectors.