Here's an example of how to build a simple Alpine Linux container using Apple's containerization CLI. It also demonstrates how to connect to the container through Tailscale SSH using a Tailscale auth key stored in Apple Keychain:
The macOS app manages the host Tailscale service, while this example demonstrates how to connect with a *macOS container* using Tailscale SSH based on the Tailscale service under userspace networking mode. This gives the container its own dedicated Tailnet IP and identity without needing to port-forward through the host.
edit: For example, I can create a container on my MacBook to run an application. A colleague *in my Tailnet* can then connect to this container to interact with that application from a coffeeshop or airliner while not exposing the rest of my MacBook.
https://github.com/highpost/tailscale-macos-container