Setting Up Multi-Cloud Kubernetes with Talos, KubeSpan, and Tailscale: Need Advice!

0
25
Asked By CuriousCat123 On

Hey folks! I'm trying to create a multi-cloud Kubernetes cluster for some personal projects and learning, and I could really use your advice to ensure I'm on the right track. Here's what I'm planning:

- 1 VM in Hetzner (with a public IP) acting as the control plane running Talos.
- 1 worker VM located in my Proxmox homelab.
- 1 worker VM in another Proxmox setup at a remote location.

I'm thinking of utilizing Talos alongside KubeSpan and Tailscale to connect all of these nodes across different locations. From my research, this seems like a solid option for distributed Talos nodes, but I'm open to corrections if I'm mistaken.

What I'm specifically looking for help with:

- I want to be able to access services exposed from any device connected through Tailscale using DNS (such as media.example.dev).
- I'm uncertain how to handle DNS resolution within the Tailscale network since my control plane has both a public IP and a Tailscale IP.
- Is it advisable to run a DNS server inside a Talos VM?

If you think I'm headed in the wrong direction or have suggestions for a more effective setup, I'd love to hear them! Thanks a bunch!

1 Answer

Answered By TechNinja42 On

I recently set up something similar. I've got two clusters on Proxmox with Talos, situated in different locations and linked through Tailscale. I used the Tailscale operator, along with Traefik and a custom CoreDNS deployment (though Kubernetes does provide one by default).

Make sure to add Tailscale annotations to the Traefik and CoreDNS services to integrate them into the mesh. Also, in Tailscale's Admin Console, configure the split DNS IPs to point to the CoreDNS mesh IP for both clusters. Update the CoreDNS configmap on each cluster with the routes you want accessible over the mesh, like cluster-a.mydomain.com & cluster-b.mydomain.com. This way, any device on the mesh can access services exposed by Traefik on either cluster. For cross-cluster communication without having to assign a mesh VPN to everything, utilize ExternalName Services with Traefik and route through the local Traefik instance that connects you anywhere.

EnvoyMaster99 -

Or just consider using Envoy instead! I've heard it's much more seamless for this type of setup.

NetworkingNerd88 -

I have a slightly related question—how do you manage to connect directly to the Traefik sidecar? I’ve been in a similar setup and always end up on relay. It’s been three days of searching for answers, and I’m just not getting anywhere.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.