Hello Is it possible to use tailscale on harvester nodes I h Rancher Users #harvester

Hello! Is it possible to use tailscale on harvest...

rapid-dawn-36553

06/16/2025, 8:17 PM

Hello! Is it possible to use tailscale on harvester nodes? I have some servers with public ips and no private network. I want to put them in one cluster but have the node-to-node traffic go over a tailscale interface instead of the regular public interface.

thousands-advantage-10804

06/16/2025, 10:13 PM

Are they bare metal? It is possible to route over tailscale. But I am fairly sure it won’t work well.

rapid-dawn-36553

06/16/2025, 10:29 PM

yeah, baremetal

rapid-dawn-36553

06/16/2025, 10:29 PM

they're in the same dc (for now) so mostly just wanting it to make sure I'm not exposing things to the internet that I shouldn't

thousands-advantage-10804

06/16/2025, 10:31 PM

Can you get private Nic’s? Due to how harvester boots getting Tailscale to work for all node to node is a very bad idea. You can absolutely run Tailscale from within the vms.

rapid-dawn-36553

06/16/2025, 10:46 PM

I might be able to, I asked the provider for pricing at least. What do you mean by how harvester boots?

thousands-advantage-10804

06/16/2025, 10:51 PM

Each boot the os gets rebuilt. Making persistent additions hard.

rapid-dawn-36553

06/16/2025, 10:57 PM

Ohh, gotcha. I saw there was a way to pass in cloud-init config for each node, and could include some commands there, but wasn't sure if that'd run early enough in the boot process or not

rapid-dawn-36553

06/16/2025, 10:57 PM

but I think tailscale would need a persistent directory to store its state in to at least keep the same ip

thousands-advantage-10804

06/16/2025, 10:59 PM

You should test it. Would be interesting to see it working.

rapid-dawn-36553

06/16/2025, 11:02 PM

I'llI give it a shot. I use the tailscale extension for Talos linux/k8s, so that's why I'm hoping I can do something similar with harvester 😄

thousands-advantage-10804

06/16/2025, 11:27 PM

Can you route all traffic for talos over tailnet?

rapid-dawn-36553

06/17/2025, 12:16 AM

Yep, talos basically sees the tailnet ip as the primary node ip so it builds the vxlan on top of it

thousands-advantage-10804

06/17/2025, 12:18 AM

Would be interesting. let me ask a eng I know.

thousands-advantage-10804

06/17/2025, 1:45 AM

according to a harvester eng, it is possible using the operator and updating

/oem

configs

rapid-dawn-36553

06/17/2025, 3:39 AM

by operator, do you mean the operator that manages the cloudinit crd?

rapid-dawn-36553

06/17/2025, 3:40 AM

I was going to try modifying

/oem

on a disk image directly, but if I can create a CR for it, that'd be even better

thousands-advantage-10804

06/17/2025, 12:32 PM

Tailscale operator.

rapid-dawn-36553

06/17/2025, 5:49 PM

Oh got it, I might test with it but I'm actually using headscale as the controller instead of tailscale itself. It doesn't support the tailscale operator yet because it's missing some of the apis

Open in Slack

Previous Next