1. Answers
  2. What Is The Recommended Method To Enable Tailscale Integration With Amazon EKS In TypeScript

What Is the Recommended Method to Enable Tailscale Integration With Amazon EKS in TypeScript

Introduction

This guide will walk you through the process of integrating Tailscale with Amazon EKS using Pulumi in TypeScript. Tailscale is a mesh VPN that makes it easy to connect your Kubernetes clusters securely. Amazon EKS (Elastic Kubernetes Service) is a managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or nodes.

Step-by-Step Guide

Prerequisites

  1. Pulumi CLI: Ensure you have the Pulumi CLI installed. You can download it from Pulumi’s installation page.
  2. AWS CLI: Make sure you have the AWS CLI installed and configured with the necessary permissions.
  3. Node.js: Ensure you have Node.js installed. You can download it from nodejs.org.
  4. Tailscale Account: Sign up for a Tailscale account if you don’t already have one.

Steps

  1. Create a New Pulumi Project

    pulumi new aws-typescript

  2. Install Required Packages

    Install the Pulumi AWS package and the Kubernetes package:

    npm install @pulumi/aws @pulumi/eks @pulumi/kubernetes

  3. Define Your EKS Cluster

    In your index.ts file, define your EKS cluster:

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";

const vpc = new aws.ec2.Vpc("vpc", {
    cidrBlock: "10.0.0.0/16",
});

const subnet = new aws.ec2.Subnet("subnet", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
});

const cluster = new eks.Cluster("eksCluster", {
    vpcId: vpc.id,
    subnetIds: [subnet.id],
    instanceType: "t3.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
});

  4. Install Tailscale on EKS Nodes

    To install Tailscale on your EKS nodes, you can use a DaemonSet. Create a Kubernetes YAML file for the DaemonSet:

    apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: tailscale
spec:
  selector:
    matchLabels:
      app: tailscale
  template:
    metadata:
      labels:
        app: tailscale
    spec:
      containers:
      - name: tailscale
        image: tailscale/tailscale:latest
        args: ["up", "--authkey=${TAILSCALE_AUTH_KEY}"]
        env:
        - name: TAILSCALE_AUTH_KEY
          valueFrom:
            secretKeyRef:
              name: tailscale-auth
              key: auth-key

    Apply this YAML file using Pulumi:

    import * as k8s from "@pulumi/kubernetes";

const tailscaleAuthKey = new k8s.core.v1.Secret("tailscale-auth", {
    metadata: { name: "tailscale-auth" },
    stringData: { "auth-key": "YOUR_TAILSCALE_AUTH_KEY" },
});

const tailscaleDaemonSet = new k8s.apps.v1.DaemonSet("tailscale", {
    metadata: { name: "tailscale" },
    spec: {
        selector: { matchLabels: { app: "tailscale" } },
        template: {
            metadata: { labels: { app: "tailscale" } },
            spec: {
                containers: [{
                    name: "tailscale",
                    image: "tailscale/tailscale:latest",
                    args: ["up", "--authkey=${TAILSCALE_AUTH_KEY}"],
                    env: [{
                        name: "TAILSCALE_AUTH_KEY",
                        valueFrom: { secretKeyRef: { name: "tailscale-auth", key: "auth-key" } },
                    }],
                }],
            },
        },
    },
}, { provider: cluster.provider });

  5. Deploy the Stack

    Run the following command to deploy your stack:

    pulumi up

    This will create the EKS cluster and deploy the Tailscale DaemonSet to your cluster.

Conclusion

By following these steps, you have successfully integrated Tailscale with Amazon EKS using Pulumi in TypeScript. This setup ensures secure connectivity between your Kubernetes nodes and other resources in your Tailscale network. For more details, refer to the Pulumi AWS documentation and the Tailscale documentation.

Full Code Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

const vpc = new aws.ec2.Vpc("vpc", {
    cidrBlock: "10.0.0.0/16",
});

const subnet = new aws.ec2.Subnet("subnet", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
});

const cluster = new eks.Cluster("eksCluster", {
    vpcId: vpc.id,
    subnetIds: [subnet.id],
    instanceType: "t3.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
});

const tailscaleAuthKey = new k8s.core.v1.Secret("tailscale-auth", {
    metadata: { name: "tailscale-auth" },
    stringData: { "auth-key": "YOUR_TAILSCALE_AUTH_KEY" },
});

const tailscaleDaemonSet = new k8s.apps.v1.DaemonSet("tailscale", {
    metadata: { name: "tailscale" },
    spec: {
        selector: { matchLabels: { app: "tailscale" } },
        template: {
            metadata: { labels: { app: "tailscale" } },
            spec: {
                containers: [{
                    name: "tailscale",
                    image: "tailscale/tailscale:latest",
                    args: ["up", "--authkey=\${TAILSCALE_AUTH_KEY}"],
                    env: [{
                        name: "TAILSCALE_AUTH_KEY",
                        valueFrom: { secretKeyRef: { name: "tailscale-auth", key: "auth-key" } },
                    }],
                }],
            },
        },
    },
}, { provider: cluster.provider });

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up