I'm working on setting up AWS ECS Fargate to pull Docker images from a GitLab Container Registry hosted on my local machine.
The registry is only accessible via a Tailscale network, and I have an EC2 instance configured as a bastion within the same VPC as the Fargate tasks. Here's the setup:
GitLab Registry: Running on my local machine, accessible through Tailscale (gitlab.tailxxxxxx.ts.net).
EC2 Instance: Acts as a bastion, is connected to the Tailscale network, and can access the GitLab registry. This instance is in a public subnet of the same VPC as my ECS tasks.
ECS Fargate: Deployed in a private subnet, but it fails to resolve or reach the GitLab registry via Tailscale.
Question: What is the best way to configure ECS Fargate to pull images from a GitLab registry that's accessible via Tailscale? Should I be routing DNS traffic differently, or is there another solution that can help Fargate reach the Tailscale network? Thanks!
What I did : Configured the EC2 instance as a DNS server for the ECS tasks, but ECS Fargate cannot resolve the Tailscale domain. Set up Squid on the EC2 instance as an HTTP proxy and pointed ECS tasks to use this, but it impacts SSM Execute Command and still doesn't resolve the registry issue.
