Tailscale also allows you to issue valid TLS certificates (`tailscale cert`), which is crazy useful for certain local development tasks, EG developing SSO for a mobile application where the SSO provider mandates TLS and the mobile devices dont easily allow you to bypass self-signed certificates. They keep piling on awesome features, big fan.
I use these certificates for almost any management UI of internal services that would go unencrypted for convenience otherwise, even for Postgres servers. It’s really versatile.
The Tailscale k8s operator is also great.