DEV Community

Cover image for Part 2 Networking the proper way!
Robert Scott
Robert Scott

Posted on

Part 2 Networking the proper way!

#tailscale #kubernetes #linux #microsoft

From Networking Nightmare to Instant Success: Setting up Kubernetes with Tailscale

Part 2 of my Kubernetes learning journey - sometimes the solution is simpler than you think

Yesterday, I shared my troubleshooting marathon trying to set up a two-node Kubernetes cluster between my home lab and an Azure VM. After hours of debugging network connectivity, container runtimes, and firewall rules, I made a decision that changed everything: start over with proper networking from day one.

The Problem Recap

My initial setup looked like this:

  • Control Plane: Home tower at 192.168.1.244
  • Worker Node: Azure VM at 172.16.0.4
  • Result: Complete network isolation - they couldn't even ping each other

The fundamental issue wasn't Kubernetes configuration - it was trying to bridge two completely different network environments:

  • My home network (192.168.1.x subnet)
  • Azure's virtual network (172.16.0.x subnet)

Even after opening firewall ports, configuring security groups, and debugging routing tables, the basic connectivity just wasn't there.

The Lightbulb Moment: Tailscale

Instead of continuing to fight network routing, I decided to embrace an overlay network solution. Tailscale had been running on my home tower already, but I'd been trying to work around it rather than leverage it.

The plan became simple:

  1. Install Tailscale on the Azure VM
  2. Use Tailscale IPs for all Kubernetes communication
  3. Let Tailscale handle the networking complexity

Setting up Tailscale on Azure VM

Step 1: Configure Network Security Group for Tailscale

This is crucial for Azure VMs - Tailscale needs specific UDP ports open to establish connections. Before creating the VM, I added a Network Security Group rule:

  • Rule: Allow Tailscale UDP
  • Port: 41641 (Tailscale's default UDP port)
  • Protocol: UDP
  • Source: Any
  • Destination: Any
  • Action: Allow

Without this security group rule, Tailscale can install but won't be able to establish connections through Azure's firewall.

Step 2: Create the VM with Proper Storage

Next, I set up the Azure VM with:

  • Ubuntu 24.04 LTS
  • Additional SSD for container storage (temporary storage is fine for learning)
  • Default virtual network settings (since Tailscale overlays on top)
  • Applied the Tailscale security group from Step 1 
# Format the additional storage
sudo fdisk /dev/sdb  # Create partition
sudo mkfs.ext4 /dev/sdb1  # Format
sudo mkdir /mnt/data  # Mount point
sudo mount /dev/sdb1 /mnt/data
echo '/dev/sdb1 /mnt/data ext4 defaults 0 0' | sudo tee -a /etc/fstab
Enter fullscreen mode Exit fullscreen mode

Step 3: Install Tailscale with Pre-Auth

Instead of the generic Tailscale installation, I used the pre-configured script from my Tailscale admin dashboard:

# SSH into the Azure VM
ssh username@vm-public-ip

# Run the account-specific install script (from Tailscale dashboard)
curl -fsSL https://tailscale.com/install.sh | sh -s -- --authkey=tskey-auth-xxxxx
Enter fullscreen mode Exit fullscreen mode

The beauty of this approach:

  • No manual authentication - the VM automatically joins my network
  • Immediate connectivity - shows up in the dashboard instantly
  • Pre-configured - includes any device tags or policies I've set

The Magic Moment

After the installation completed, I ran the test that had been failing for hours the day before:

# From Azure VM, ping my home tower's Tailscale IP
ping 100.64.x.x  # My tower's Tailscale IP
Enter fullscreen mode Exit fullscreen mode

INSTANTLY - ping responses started flooding in:

64 bytes from 100.64.x.x: icmp_seq=1 ttl=64 time=12.3 ms
64 bytes from 100.64.x.x: icmp_seq=2 ttl=64 time=11.8 ms
64 bytes from 100.64.x.x: icmp_seq=3 ttl=64 time=12.1 ms
Enter fullscreen mode Exit fullscreen mode

After a day of network timeouts and connection failures, seeing those ping responses was absolutely magical.

Why This Approach Works So Well

Tailscale eliminates network complexity:

  • No subnet routing - both machines appear on the same virtual network
  • No firewall configuration - Tailscale handles NAT traversal automatically
  • No port forwarding - direct machine-to-machine communication
  • Encrypted by default - secure communication across the internet
  • Works anywhere - home networks, cloud providers, mobile devices

For Kubernetes specifically:

  • Control plane and worker nodes can communicate directly
  • No need to expose API server ports to the internet
  • Pod-to-pod networking works seamlessly across locations
  • Can easily add more nodes from anywhere

The Difference is Night and Day

Before Tailscale (Local networking):

# From Azure VM
ping 192.168.1.244
# Result: Network unreachable

telnet 192.168.1.244 6443
# Result: Connection timed out
Enter fullscreen mode Exit fullscreen mode

After Tailscale:

# From Azure VM  
ping 100.64.x.x
# Result: Instant responses

telnet 100.64.x.x 6443  
# Result: Connected immediately
Enter fullscreen mode Exit fullscreen mode

Key Takeaways for Hybrid Kubernetes Clusters

  1. Don't fight the network - use overlay solutions for cross-environment setups
  2. Tailscale is perfect for hybrid clouds - seamlessly connects on-premises and cloud resources
  3. Start with networking first - get connectivity working before diving into Kubernetes configuration
  4. Pre-authenticated installation - use account-specific scripts for automated setups
  5. Sometimes starting over is fastest - don't be afraid to rebuild with lessons learned

What's Next

Now that I have rock-solid networking between my home lab and Azure VM, I can focus on what I actually wanted to learn: Kubernetes cluster management. Tomorrow I'll:

  1. Run kubeadm init on my home tower using Tailscale IPs
  2. Join the Azure VM as a worker node (which should actually work this time!)
  3. Deploy some test applications across both nodes
  4. Explore pod scheduling, persistent volumes, and service discovery

The best part? All of this will happen over secure, encrypted Tailscale connections without any additional network configuration.

The Bottom Line

Sometimes the solution isn't debugging the existing approach - it's stepping back and choosing a better tool for the job. Tailscale transformed my networking nightmare into a 5-minute setup with instant connectivity.

If you're building hybrid Kubernetes clusters or just need to connect resources across different networks, don't fight with subnets and firewalls. Use Tailscale and focus on the problems you actually want to solve.

Next up: Actually setting up that Kubernetes cluster now that the machines can talk to each other! Stay tuned for Part 3 where we finally get to run those kubectl commands.

Tags

kubernetes #networking #tailscale #azure #hybridcloud #devops #infrastructure

Top comments (0)