Tailscale
What is Tailscale
Tailscale is a VPN service that allows you to easily create a secure, scalable mesh network using the open source WireGuard protocol. This article will guide you through connecting a Crunchy Bridge cluster to your Tailscale tailnet.
Obtain an authkey from Tailscale
First login to your Tailscale dashboard. Navigate to the Settings tab, Keys section, and choose Generate auth key. This allows you to create a Tailscale auth key so that your Bridge cluster can be connected to your tailnet.
After you add the auth key to your Crunchy Bridge account (see next section) it can be used to register your cluster as a node in your tailnet.
For production environments, we recommend you using a tagged auth key, so that you can configure permissions ahead of time, and these will be used when adding access. Use an ephemeral auth key so that machines are automatically removed when they’re no longer in use - and keep your Tailscale machine list clean. Additionally, make the auth key reusable will help should Crunchy need to retry connection logic - if a connection fails, and you’re not using a reusable auth key, any retry logic will fail.
Add authkey to your Crunchy Bridge cluster
Add using the Dashboard UI
Login to Crunchy Bridge and navigate to your cluster. Click on the arrow next to the Networking tab and choose Tailscale.
From there, enter the authkey that was previously generated and click "Connect
Tailscale". Crunchy Bridge will use the
tailscale up command
with your auth key to register your cluster.
Add using Crunchy Bridge CLI
Tailscale connections can be added through the Crunchy Bridge CLI also, using
the cb tailscale command:
cb tailscale connect --cluster 2w3gipnd3rdg5og3aqicwoin2a --authkey tskey-auth-kwfwzT3CNTRL-9Yh61GnT6xLsMyircfg41MKj56qZqoyB
Cluster will be added to tailscale.
Connecting
Once the Tailscale connection is initialized, it will appear in the Tailscale UI and you will be able to connect through the Tailscale connection, either via IP or its Tailscale name.
Common questions
Will I still be able to connect to my database after my authkey expires?
Yes. Crunchy Bridge uses the auth key to establish connectivity before it expires. Once the connection is established and the cluster has been registered to the tailnet, it gets its own node key that has a default expiration of 180 days. Unless the node key itself expires, you should not expect disruptions.
However, if the node key expires, connections to and from the endpoint will begin to fail. For production servers, it makes sense to disable the node key expiration altogether.
If you see any issues please contact support.
I disconnected my cluster and am having trouble reconnecting
At this time there are currently issues re-using single-use auth keys. If you
had previously established connectivity to Tailscale, have disconnected, and
want to reconnect you can still do this but will need to use a multi-use
authkey.
Please contact support if connection issues persist.