blumeops/docs/reference/kubernetes/tailscale-operator.md

---
title: tailscale-operator
tags:
  - kubernetes
  - tailscale
---

# Tailscale Kubernetes Operator

The Tailscale operator enables Kubernetes services to be exposed directly on the Tailscale network via Ingress resources.

## Quick Reference

| Property | Value |
|----------|-------|
| **Namespace** | `tailscale` |
| **Helm Chart** | `tailscale/tailscale-operator` |
| **ArgoCD App** | `tailscale-operator` |

## How It Works

When you create an Ingress with `ingressClassName: tailscale`:

1. Operator provisions a Tailscale node for the service
2. Service becomes accessible at `<hostname>.tail8d86e.ts.net`
3. TLS is handled automatically via Tailscale

## Limitations

Services exposed via Tailscale Ingress are **not accessible** from:
- Other Kubernetes pods (they're not Tailscale clients)
- Docker containers on indri

For pod-to-service communication, use [[routing|Caddy]] (`*.ops.eblu.me`) instead.

## Related

- [[tailscale]] - Network configuration
- [[routing]] - Service routing options
- [[apps]] - Application registry
Add Phase 3 tutorials with audience targeting (#94) ## Summary - Create tutorials directory structure with index page - Add 5 main tutorials targeting different audiences: - what-is-blumeops (Reader, AI) - High-level orientation - exploring-the-docs (All) - Navigation guide - ai-assistance-guide (AI, Owner) - Context for AI-assisted operations - contributing (Contributor) - First contribution workflow - replicating-blumeops (Replicator) - Overview for building similar setup - Add 4 replication sub-tutorials: - tailscale-setup, kubernetes-bootstrap, argocd-config, observability-stack - Update README.md to mark Phase 3 complete - Add changelog fragment Each tutorial explicitly identifies its target audiences and links to reference material rather than re-explaining concepts. ## Deployment and Testing - [x] All pre-commit hooks pass (doc-links validates wiki links) - [ ] Build docs via workflow to verify rendering - [ ] Review content for accuracy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/94 2026-02-03 18:51:57 -08:00			`---`
			`title: tailscale-operator`
			`tags:`
			`- kubernetes`
			`- tailscale`
			`---`

			`# Tailscale Kubernetes Operator`

			`The Tailscale operator enables Kubernetes services to be exposed directly on the Tailscale network via Ingress resources.`

			`## Quick Reference`

			`\| Property \| Value \|`
			`\|----------\|-------\|`
			\| Namespace \| `tailscale` \|
			\| Helm Chart \| `tailscale/tailscale-operator` \|
			\| ArgoCD App \| `tailscale-operator` \|

			`## How It Works`

			When you create an Ingress with `ingressClassName: tailscale`:

			`1. Operator provisions a Tailscale node for the service`
			2. Service becomes accessible at `<hostname>.tail8d86e.ts.net`
			`3. TLS is handled automatically via Tailscale`

			`## Limitations`

			`Services exposed via Tailscale Ingress are not accessible from:`
			`- Other Kubernetes pods (they're not Tailscale clients)`
			`- Docker containers on indri`

Enforce unique doc filenames and simple wiki-links (#109) ## Summary - Rename section index files to match their titles (tutorials.md, reference.md, how-to.md, explanation.md) so all filenames are unique - Convert all ~47 path-based wiki-links to simple filename format across 15 files - Update doc-filenames task to no longer skip index.md files - Update doc-links task to reject path-based links containing '/' This ensures all wiki-links work correctly in obsidian.nvim by making links resolvable by filename alone. ## Testing - `mise run doc-filenames` - all unique - `mise run doc-links` - no broken or path-based links - `mise run doc-titles` - no duplicates Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/109 2026-02-04 17:21:34 -08:00			For pod-to-service communication, use [[routing\|Caddy]] (`*.ops.eblu.me`) instead.
Add Phase 3 tutorials with audience targeting (#94) ## Summary - Create tutorials directory structure with index page - Add 5 main tutorials targeting different audiences: - what-is-blumeops (Reader, AI) - High-level orientation - exploring-the-docs (All) - Navigation guide - ai-assistance-guide (AI, Owner) - Context for AI-assisted operations - contributing (Contributor) - First contribution workflow - replicating-blumeops (Replicator) - Overview for building similar setup - Add 4 replication sub-tutorials: - tailscale-setup, kubernetes-bootstrap, argocd-config, observability-stack - Update README.md to mark Phase 3 complete - Add changelog fragment Each tutorial explicitly identifies its target audiences and links to reference material rather than re-explaining concepts. ## Deployment and Testing - [x] All pre-commit hooks pass (doc-links validates wiki links) - [ ] Build docs via workflow to verify rendering - [ ] Review content for accuracy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/94 2026-02-03 18:51:57 -08:00
			`## Related`

			`- [[tailscale]] - Network configuration`
			`- [[routing]] - Service routing options`
			`- [[apps]] - Application registry`