I have a Kubernetes cluster running a web server, an Istio ingress gateway, and some microservicea that I've installed on a bare metal tailscale node at home (and only on my tailnet, not publicly accessible).
I've got things running and can reach the website from my tailnet, now I'm trying to get things servings over https. I'm using the Tailscale MagicDNS feature.
I know that tailscale cert <domain> delivers .crt and .key files, and I know I can add these as a secret to my cluster, but it's not clear to my yet how to fully wire this up (maybe something with cert-manager?) nor how I can keep the certs fresh. Any help is appreciated!
