Tailscale Integration
Step 1: Setup Tailscale Auth
If you don't already have a tailscale account you can sign up here https://login.tailscale.com/login
Go to Settings > Personal Settings > Keys > Generate Auth Key https://login.tailscale.com/admin/settings/keys
Make sure to check Ephemeral and Reusable
Copy the API Key they give you
Step 2: Deploy Tailscale Relay
Go to https://zeet.co/new/helm?repo=https://helm.zeet.dev&chart=tailscale-relay
Paste the following YAML:
config:
authKey: "YOUR_AUTH_KEY"
variables:
TAILSCALE_ADVERTISE_ROUTES: "10.0.0.0/16,172.20.0.0/16"
10.0.0.0
is the default value for Zeet managed VPC.
172.20.0.0
is the default value for Zeet managed Cluster.
If you have custom VPC or Cluster configuration you can replace them with your own values. You can also contact support to confirm the values for advertise routes.
Click "Deploy Now" A build should start and complete pretty quickly -- ~10s
Step 3: Configure Tailscale
- Approve Routes in Tailscale Go back to tailscale.com > Machines https://login.tailscale.com/admin/machines
You should now see a new entry that looks like "name-tailscale-relay-0"
Click the 3 dots on that machine > Review Route Settings
Approve "10.0.0.0/16" and "172.0.0.0/16" by clicking individual routes or approve all routes
Now you should be able to access zeet services with internal IP using tailscale
- (optional) Disable Key Expiry on that machine as well - if you don't do this, you'll have to refresh the key in a few months
- (optional) Configure Tailscale Magic DNS
https://login.tailscale.com/admin/dns
Go to DNS settings and click "Add nameserver" with the Custom...
option
Put in 127.20.0.10
for Name Server and then enable split DNS and input NAMESPACE.svc.cluster.local
as the Search Domain
127.20.0.10
is the default DNS address for Zeet managed Clusters. You can replcae it with your own custom values
You can find the value for NAMESPACE
in the project settings tab for the tailscale relay project in Zeet
Now you should be able to access internal services using Magic DNS powered domain routing