Tailscale's April 2026 monthly update covers changes across clients, Kubernetes operator, containers, and the Aperture AI gateway product. Key additions include custom guardrails (pre-LLM-call hooks) for PII stripping and agent tool restrictions in Aperture, configurable log retention with S3 export, API-only tailnet access via OAuth clients, and automatic service advertisement in container images. The Kubernetes operator gains multi-tailnet support via a new Tailnet custom resource, ProxyGroupPolicy for namespace-level controls, and improved authkey handling. Several bug fixes address Linux fork compatibility, MIPS segfaults, iOS memory issues, and Android deadlocks.
Table of contents
Aperture updatesAPI-only tailnets and Oauth clientsClient updatesContainer, Kubernetes, and tsrecorder updatesSort: