{"id":42364,"date":"2026-01-13T10:00:00","date_gmt":"2026-01-13T09:00:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=42364"},"modified":"2026-01-14T09:35:46","modified_gmt":"2026-01-14T08:35:46","slug":"access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/","title":{"rendered":"Access your Kubernetes pods via Tailscale using a Sidecar container"},"content":{"rendered":"\n<p>Tailscale is a mesh VPN (Virtual Private Network) service that streamlines connecting devices and services securely across different networks. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other. <br>(source: <a href=\"https:\/\/tailscale.com\/kb\/1151\/what-is-tailscale\">https:\/\/tailscale.com\/kb\/1151\/what-is-tailscale<\/a>)<\/p>\n\n\n\n<p>I\u2019ve been using Tailscale to connect my personal devices for a while. I have it installed almost everywhere: on my laptop, my phone, my Synology NAS, etc. It is very convenient as it helps me connect to any device, from anywhere. Tailscale adds a virtual interface to your device and manages its own IP address (you\u2019ll understand why this is important in a minute)<\/p>\n\n\n\n<p>Tailscale automatically assigns a unique IP address to each device in your Tailscale network (known as a tailnet). This IP address is known as a Tailscale IP address and comes from the shared address space defined in RFC6598, known as Carrier-Grade NAT (CGNAT). <br>(source: <a href=\"https:\/\/tailscale.com\/kb\/1015\/100.x-addresses\">https:\/\/tailscale.com\/kb\/1015\/100.x-addresses<\/a>)<\/p>\n\n\n\n<p>Today, I\u2019m taking it to the next level: I\u2019d like to install Tailscale alongside one of my application pod and access the web interface my pod exposes, directly from my Tailscale network (aka Tailnet).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-challenge\"><strong>The challenge:<\/strong><\/h2>\n\n\n\n<p>I\u2019ve installed Tailscale on the VM hosting my Kubernetes cluster (it\u2019s a 1 node cluster, just for playing). Cool, I can access the VM from any other device. However, what about the web app my pod provides? How can I access it from my Tailnet?<br><br>As mentioned before, Tailscale has its own IP addressing, using 100.x.y.z addresses : your devices are assigned an IP from this address space.<\/p>\n\n\n\n<p>Moreover, the network interface Tailscale creates (tailscale0) is not a standard interface and Kubernetes cannot simply expose services through that interface as for any other NodePort. To do so, you need to deploy Tailscale in your Kubernetes cluster.<\/p>\n\n\n\n<p>Let\u2019s do that.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-options\"><strong>The options:<\/strong><\/h2>\n\n\n\n<p id=\"h-the-options-tailscale-offers-several-options-to-connect-your-cluster-to-your-tailnet\">Tailscale offers several options to connect your cluster to your tailnet:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proxy<\/strong>: Tailscale proxies traffic to one of your Kubernetes services. Your tailnet devices can communicate with the service but not with any other Kubernetes resources. Tailscale users can reach the service using the proxy&#8217;s name.<\/li>\n\n\n\n<li><strong>Sidecar<\/strong>: Tailscale runs as a sidecar next to a specific pod in your cluster. It lets you expose that pod on your tailnet without allowing access to any others. Tailscale users can connect to the pod using its name.<\/li>\n\n\n\n<li><strong>Subnet router<\/strong>: A subnet router deployment exposes your entire cluster network in your tailnet. Your Tailscale devices can connect to any pod or service in your cluster, provided that applicable Kubernetes network policies and Tailscale access controls allow it.<\/li>\n<\/ul>\n\n\n\n<p>My use-case is to expose a specific pod to my tailnet (my speedtest-tracker app frontend), the \u201csidecar\u201d option is then enough for my need.<br>Let\u2019s see how to configure that together.<br><br>I invite you to read <a href=\"https:\/\/www.dbi-services.com\/blog\/monitor-your-isps-performance-with-speedtest-tracker\/\">my other blog about speedtest-tracker<\/a>. This is the app we are going to work with today.<br>I\u2019ve been using speedtest-tracker for a while, but the app is only available from within my local network for now. Let\u2019s see how to adapt my app\u2019s deployment definition to add the Tailscale sidecar container.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-we-need\"><strong>What we need:<\/strong><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>An application (that\u2019s my speedtest-tracker app that already exists)<\/li>\n\n\n\n<li>To generate an auth key that will be used by the Tailscale service deployed into the cluster<\/li>\n\n\n\n<li>A secret with this auth key value in my cluster, for my pod to authenticate to my Tailscale account.<\/li>\n\n\n\n<li>A service account, role and role binding to configure RBAC for my deployment ( my pod will use this service account and RBAC permissions to interact with the cluster)<\/li>\n\n\n\n<li>Finally, I will add the sidecar container running Tailscale alongside my speedtest-tracker app container<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-generate-an-auth-key\">Generate an auth key<\/h2>\n\n\n\n<p>First, let\u2019s generate the auth key from my Tailscale account web interface. <br>This is done under Settings &#8211;&gt; Keys &#8211;&gt; Generate auth key\u2026<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"645\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1024x645.png\" alt=\"\" class=\"wp-image-42368\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1024x645.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-300x189.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-768x483.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1536x967.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-2048x1289.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Fill out the form, and make the key reusable. Then configure the device this key applies to as ephemeral (so is your pod).<br>Copy the key value somewhere as we are going to need it in a moment.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"508\" height=\"708\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky2.png\" alt=\"\" class=\"wp-image-42369\" style=\"width:418px;height:auto\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky2.png 508w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky2-215x300.png 215w\" sizes=\"auto, (max-width: 508px) 100vw, 508px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-create-a-secret\">Create a secret<\/h2>\n\n\n\n<p>I create my secret, here is my tailscale-secret.yaml file:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: yaml; title: ; notranslate\" title=\"\">\napiVersion: v1\nkind: Secret\nmetadata:\n  name: tailscale-auth\nstringData:\n  TS_AUTHKEY: &lt;my key value from previous step&gt;\n<\/pre><\/div>\n\n\n<p>I apply the configuration to my speedtest namespace:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f tailscale-secret.yaml -n speedtest<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Service account, role and role binding<\/h2>\n\n\n\n<p>Next step is to configure RBAC for my Tailscale deployment. I need a service account, a role and role binding. Lucky me, Tailscale doc is well written, all I need is to follow their instructions.<\/p>\n\n\n\n<p>I create a manifest called tailscale-rbac.yaml:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: yaml; title: ; notranslate\" title=\"\">\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: tailscale\n\n---\n\napiVersion: rbac.authorization.k8s.io\/v1\nkind: Role\nmetadata:\n  name: tailscale\nrules:\n  - apiGroups: &#x5B;&quot;&quot;]\n    resourceNames: &#x5B;&quot;tailscale-auth&quot;]\n    resources: &#x5B;&quot;secrets&quot;]\n    verbs: &#x5B;&quot;get&quot;, &quot;update&quot;, &quot;patch&quot;]\n\n---\n\napiVersion: rbac.authorization.k8s.io\/v1\nkind: RoleBinding\nmetadata:\n  name: tailscale\nsubjects:\n  - kind: ServiceAccount\n    name: tailscale\nroleRef:\n  kind: Role\n  name: tailscale\n  apiGroup: rbac.authorization.k8s.io\n<\/pre><\/div>\n\n\n<p>I apply the configuration to my speedtest namespace:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f tailscale-rbac.yaml -n speedtest<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-add-the-sidecar-container-to-my-deployment\">Add the sidecar container to my deployment<\/h2>\n\n\n\n<p>Last step is to adapt my existing deployment to add the tailscale sidecar container.<\/p>\n\n\n\n<p>Under the spec section, we need to assign the serviceAccount created previously, to the pod:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>serviceAccountName: tailscale<\/code><\/pre>\n\n\n\n<p>Then I create the sidecar container as per the tailscale documentation<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: yaml; title: ; notranslate\" title=\"\">\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: speedtest-tracker\nspec:\n  replicas: 1\n  revisionHistoryLimit: 0\n  selector:\n    matchLabels:\n      app: speedtest-tracker\n  template:\n    metadata:\n      labels:\n        app: speedtest-tracker\n    spec:\n      serviceAccountName: tailscale  ## &lt;-- Add the Service Account Name\n      containers:\n        ##### Tailscal sidecar container definition#######\n        - name: tailscale-sidecar\n          image: ghcr.io\/tailscale\/tailscale:latest\n          env:\n            - name: TS_KUBE_SECRET\n              value: tailscale-auth\n            - name: TS_AUTHKEY\n              valueFrom:\n                secretKeyRef:\n                  name: tailscale-auth\n                  key: TS_AUTHKEY\n            - name: TS_USERSPACE\n              value: &quot;false&quot;\n          securityContext:\n            capabilities:\n              add:\n               - NET_ADMIN\n        ######################\n\n        - name: speedtest-tracker\n          image: lscr.io\/linuxserver\/speedtest-tracker:latest\n          ports:\n            - containerPort: 80\n          env:\n            - name: PUID\n              value: &quot;1000&quot;\n            - name: PGID\n              value: &quot;1000&quot;\n            - name: DB_CONNECTION\n              value: pgsql\n            - name: DB_HOST\n              value: postgres\n            - name: DB_PORT\n              value: &quot;5432&quot;\n            - name: DB_DATABASE\n              value: speedtest_tracker\n            - name: DB_USERNAME\n              value: speedy\n            - name: DB_PASSWORD\n              value: password\n\n          volumeMounts:\n            - mountPath: \/config\n              name: speedtest-tracker\n      volumes:\n        - name: speedtest-tracker\n          persistentVolumeClaim:\n            claimName: speedtest-tracker\n\n<\/pre><\/div>\n\n\n<p>I apply the configuration to my speedtest namespace:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f speedtest-tracker.yaml -n speedtest<\/code><\/pre>\n\n\n\n<p>Quick check, my speedtest-tracker pod is now running with 2 containers inside:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Rancher:~\/syno\/speedtest # kubectl get pods -n speedtest\nNAME                                READY   STATUS    RESTARTS   AGE\npostgres-7958dd877c-f4d2l           1\/1     Running   0          22h\nspeedtest-tracker-8975967cd-s2fmc   2\/2     Running   0          105m\n<\/code><\/pre>\n\n\n\n<p>And that\u2019s it!<\/p>\n\n\n\n<p>I can now access my app from both networks : my local network and my tailnet.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"499\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-1-1024x499.png\" alt=\"\" class=\"wp-image-42377\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-1-1024x499.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-1-300x146.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-1-768x375.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-1.png 1384w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>My pod is now seen as a device in my Tailscale network and can communicate with my other machines.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"904\" height=\"534\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-2.png\" alt=\"\" class=\"wp-image-42378\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-2.png 904w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-2-300x177.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/Picture-2-768x454.png 768w\" sizes=\"auto, (max-width: 904px) 100vw, 904px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p>What we&#8217;ve done is to turn our Pod into a Tailscale node by injecting a WireGuard interface into the Pod\u2019s shared network namespace, with the help of a tailscale sidecar container. This allows encrypted traffic to flow directly to the app container without Kubernetes Services or Ingress.<\/p>\n\n\n\n<p>This is it, I hope you enjoyed reading this blog and that you learned something new.<\/p>\n\n\n\n<p> If so, drop a like, it&#8217;s always appreciated \ud83d\ude09<\/p>\n\n\n\n<p>To go further, please visit the Tailscale official documentation that will take you through all the steps and options to configure your tailnet on Kubernetes:<br><a href=\"https:\/\/tailscale.com\/learn\/managing-access-to-kubernetes-with-tailscale#sidecar-deployments\">https:\/\/tailscale.com\/learn\/managing-access-to-kubernetes-with-tailscale#sidecar-deployments<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tailscale is a mesh VPN (Virtual Private Network) service that streamlines connecting devices and services securely across different networks. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other. (source: https:\/\/tailscale.com\/kb\/1151\/what-is-tailscale) I\u2019ve been using Tailscale to connect my personal devices for [&hellip;]<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1320,1522],"tags":[2667,2634,3803,3802],"type_dbi":[],"class_list":["post-42364","post","type-post","status-publish","format-standard","hentry","category-devops","category-kubernetes","tag-devops-2","tag-kubernetes-2","tag-speedtest-tracker","tag-tailscale"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Access your Kubernetes pods via Tailscale using a Sidecar container - dbi Blog<\/title>\n<meta name=\"description\" content=\"Access your Kubernetes pods within your Tailscale network\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Access your Kubernetes pods via Tailscale using a Sidecar container\" \/>\n<meta property=\"og:description\" content=\"Access your Kubernetes pods within your Tailscale network\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-13T09:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-14T08:35:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2548\" \/>\n\t<meta property=\"og:image:height\" content=\"1604\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"R\u00e9my Gaudey\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R\u00e9my Gaudey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\"},\"author\":{\"name\":\"R\u00e9my Gaudey\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/fcee587f8949b463b8deef8a03f1a4e1\"},\"headline\":\"Access your Kubernetes pods via Tailscale using a Sidecar container\",\"datePublished\":\"2026-01-13T09:00:00+00:00\",\"dateModified\":\"2026-01-14T08:35:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\"},\"wordCount\":989,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1024x645.png\",\"keywords\":[\"devops\",\"kubernetes\",\"speedtest-tracker\",\"tailscale\"],\"articleSection\":[\"DevOps\",\"Kubernetes\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\",\"name\":\"Access your Kubernetes pods via Tailscale using a Sidecar container - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1024x645.png\",\"datePublished\":\"2026-01-13T09:00:00+00:00\",\"dateModified\":\"2026-01-14T08:35:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/fcee587f8949b463b8deef8a03f1a4e1\"},\"description\":\"Access your Kubernetes pods within your Tailscale network\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky.png\",\"width\":2548,\"height\":1604},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Access your Kubernetes pods via Tailscale using a Sidecar container\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/fcee587f8949b463b8deef8a03f1a4e1\",\"name\":\"R\u00e9my Gaudey\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/5306e0ba7080fbbd90f039442ffbef577ef354978cd14eaed1e338a28694e16f?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5306e0ba7080fbbd90f039442ffbef577ef354978cd14eaed1e338a28694e16f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5306e0ba7080fbbd90f039442ffbef577ef354978cd14eaed1e338a28694e16f?s=96&d=mm&r=g\",\"caption\":\"R\u00e9my Gaudey\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/remygaudey\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Access your Kubernetes pods via Tailscale using a Sidecar container - dbi Blog","description":"Access your Kubernetes pods within your Tailscale network","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/","og_locale":"en_US","og_type":"article","og_title":"Access your Kubernetes pods via Tailscale using a Sidecar container","og_description":"Access your Kubernetes pods within your Tailscale network","og_url":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/","og_site_name":"dbi Blog","article_published_time":"2026-01-13T09:00:00+00:00","article_modified_time":"2026-01-14T08:35:46+00:00","og_image":[{"width":2548,"height":1604,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky.png","type":"image\/png"}],"author":"R\u00e9my Gaudey","twitter_card":"summary_large_image","twitter_misc":{"Written by":"R\u00e9my Gaudey","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/"},"author":{"name":"R\u00e9my Gaudey","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/fcee587f8949b463b8deef8a03f1a4e1"},"headline":"Access your Kubernetes pods via Tailscale using a Sidecar container","datePublished":"2026-01-13T09:00:00+00:00","dateModified":"2026-01-14T08:35:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/"},"wordCount":989,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1024x645.png","keywords":["devops","kubernetes","speedtest-tracker","tailscale"],"articleSection":["DevOps","Kubernetes"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/","url":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/","name":"Access your Kubernetes pods via Tailscale using a Sidecar container - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky-1024x645.png","datePublished":"2026-01-13T09:00:00+00:00","dateModified":"2026-01-14T08:35:46+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/fcee587f8949b463b8deef8a03f1a4e1"},"description":"Access your Kubernetes pods within your Tailscale network","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/01\/BLOG-auth-ky.png","width":2548,"height":1604},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/access-your-kubernetes-pods-via-tailscale-using-a-sidecar-container\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Access your Kubernetes pods via Tailscale using a Sidecar container"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/fcee587f8949b463b8deef8a03f1a4e1","name":"R\u00e9my Gaudey","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5306e0ba7080fbbd90f039442ffbef577ef354978cd14eaed1e338a28694e16f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5306e0ba7080fbbd90f039442ffbef577ef354978cd14eaed1e338a28694e16f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5306e0ba7080fbbd90f039442ffbef577ef354978cd14eaed1e338a28694e16f?s=96&d=mm&r=g","caption":"R\u00e9my Gaudey"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/remygaudey\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/42364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=42364"}],"version-history":[{"count":27,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/42364\/revisions"}],"predecessor-version":[{"id":42490,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/42364\/revisions\/42490"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=42364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=42364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=42364"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=42364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}