That's really neat. Cloudflare tunnel for external customer egress, and Tailscale for internal tool egress. No more costly cloud specific load balancers !
My only issue with Tailscale was that it can't seem to stay logged in longer than something like 45 or 90 days.. making it a fun toy, but not for enterprise use.
As someone who travels a lot with machines all over the world, if a node goes offline I can ask someone to reboot a machine .. but there is no way I am giving random people credentials to my machines and network to fix issues.
There is an option to disable key expiry in the machine settings, unless you're talking about a different issue / bug. In my case, simply turning off key expiry is enough to keep the machine online for months inside tailscale network so far.
Hey ! I see Tailscale Funnels as maybe a good replacement for Ngrok, but not for Cloudflare Tunnels.
Your Funnels are in Beta, MUST use your tailnet’s domain name, have bandwitdh limits, no failover and no load balancing. If my website goes down, I close shop. Cloudflare Tunnels are just way more mature for production loads. CF Tunnels technically don't have load balancing, but if you set multiple Tunnels with the same ID, you get some sort of load balancing AND failovers if a tunnel goes down. And after that, they have a paid Load Balancer option.
Even for internal admin portals, the mention that "Traffic over Funnel is subject to bandwidth limits." with absolutely no defined numbers is just a turn off. If you added a number to that, like a limit of MBPS or GB/Month of transfer, it would be something I can bring to my colleagues, something we can discuss and weight on. For now, with no number, it's just a threat.
Everything else about Tailscale is chefskiss tho ;)