2026-06-24
Do more with Tailscale on your clusters
#tailscale #kubernetes #networking #vpn
If you reach your clusters over Tailscale, there’s more you can do with it now. We’ve moved the integration onto the official Tailscale Kubernetes Operator. Your existing access keeps working exactly as before, your VPC CIDR and any extra routes stay advertised, and you get a handful of new capabilities on top.
What’s new
- Expose in-cluster services to your tailnet. Publish a Service straight onto your tailnet, reachable only by your tailnet devices, no public load balancer or DNS record needed.
- Reach tailnet services from the cluster. Let workloads in the cluster connect out to a service elsewhere on your tailnet (egress) by name.
- Per-namespace control. Decide which namespaces are allowed to publish onto or egress through the tailnet, so teams can carve up access cleanly.
kubectlover Tailscale. Optionally reach the Kubernetes API server through your tailnet, without exposing it publicly.
What you need to do
Nothing for your current access. We roll the change out cluster by cluster and connectivity is preserved throughout, so the move is transparent.
Want to use the new capabilities? They’re opt-in per cluster. Reach out and we’ll enable them for the namespaces you choose.