Jumping Through Hoops with Tailscale SSH and Kubernetes in Your Homelab

3-minute read
Nicholas Rivett
tailscale ssh homelab kubernetes

Introduction

Greetings, fellow homelab enthusiasts! Are you tired of juggling SSH keys, dealing with complex firewall configurations, and struggling to remember port numbers? Say no more! Today, we’re taking a deep dive into setting up a Tailscale SSH jump host in your homelab via Kubernetes. Not only will this make your life easier, but it’ll also have you feeling like a homelab ninja in no time!

The Benefits

By setting up a Tailscale SSH jump host, you’ll gain several key advantages:

  • Seamless Connectivity: Access your homelab devices securely from anywhere you have a web browser, without worrying about dynamic IPs, port forwarding, or pesky firewall rules.
  • Kubernetes Superpowers: Deploy and manage your jump host easily, making it highly available and resilient to failures. You can add further extend your jump host into a full fledged bastion with kubectl or store other ssh keys on it to easily jump to the next box in an instant!

Ready to hop on this exciting journey? Let’s jump right in!

The How-To:

Setting up tailscale in kubernetes

For this im going to refer you to my previous tailscale kubernetes post where we got our API keys, setup our manifest and deployed out a subnet router.

Adding ssh functionality

From here we will be modifying our existing subnet router, if you do not wish to do so copy out the deployment file, give it a new name and hostname, remove TS_ROUTES, remove --advertise-exit-node and continue following from here.

Update our TS_EXTRA_ARGS to add --ssh to it so it looks like this

- name: TS_EXTRA_ARGS
  value: "--ssh --advertise-exit-node --hostname=k8s-node"

Once happy with your manifest updates, apply via kubectl apply -f tailscale.yaml. If you encounter any issues with authentication and are sure its all setup correctly, sometimes tailscale can get a little confused as we update our machines quickly, when this happens run a delete wait a few seconds and rerun your apply command. This normally makes tailscale happy again.

Using our jump host

Once we have our updated pod running, we can

  • head over to tailscale machines
  • hover our machine (which should now have a ssh tag on it)
  • click the three dots menu on the right
  • “SSH to machine”
  • Re-Authenticate if prompted (Tailscale by defauly will want you to verify your identity to prevent unauthorized access)

From here we have our own little ssh jump host basef off the default tailscale docker image (they use alpine linux by defaul). Check everything is as it should be by running whoami && hostname && wget -qO - icanhazip.com to see some basic details.

Where to from here?

From here the sky is the limit, but some things to follow up on would be

  • Extending the startup of our pod by installing additional tools (this is a quick and hacky way of adding tools like kubectl to our pod so they are ready on demand and installed at startup)
  • Adding persistent storage to our pods home directory: This would allow us to host and store files like our kubernetes config file, or ssh keys for other machines so we can easily jump to them
  • Creating a custom base image: Doing this can let us have a production ready image ready to deploy in an instant with our own tools already installed and ready to go

Summary

Congratulations! You’ve successfully set up a Tailscale SSH jump host in your homelab via Kubernetes. Now you can effortlessly access your devices from anywhere and enjoy the full power of Kubernetes in your homelab.