Tailscale App stuck in Deploying

haven · April 12, 2024, 7:11pm

I was working on a project to deploy a TrueNAS scale server as an offsite backup. With the system at my house, I installed the Tailscale app, disabled Userspace, and enabled Host Network. Everything was running perfectly until I took the “offsite” system to my parents’ house (don’t laugh) and powered it on. The Tailscale app became stuck in a “deploying” state. Here are the only logs from the container:

2024-04-11 15:14:17.575389-05:00boot: 2024/04/11 20:14:17 error checking get permission on secret tailscale-1-tailscale-secret: Post "https://kubernetes.default.svc/apis/authorization.k8s.io/v1/selfsubjectaccessreviews": context deadline exceeded
2024-04-11 15:14:17.575435-05:00boot: 2024/04/11 20:14:17 error checking update permission on secret tailscale-1-tailscale-secret: Post "https://kubernetes.default.svc/apis/authorization.k8s.io/v1/selfsubjectaccessreviews": context deadline exceeded
2024-04-11 15:14:17.575696-05:00boot: 2024/04/11 20:14:17 error checking patch permission on secret tailscale-1-tailscale-secret: Post "https://kubernetes.default.svc/apis/authorization.k8s.io/v1/selfsubjectaccessreviews": context deadline exceeded
2024-04-11 15:14:17.575711-05:00boot: 2024/04/11 20:14:17 Getting authkey from kube secret: Get "https://kubernetes.default.svc/api/v1/namespaces/ix-tailscale-1/secrets/tailscale-1-tailscale-secret": context deadline exceeded

I have the same configuration running on my primary TrueNAS scale box at home with no issue, however I’m nervous to try and re-deploy that container.

I’ve tried deleting the app and reinstalling, deleting and reconfiguring the applications dataset, and a variety of other things. I figured it might be a networking issue, but from the container shell I can ping google.com with no issues. I also have a debian 12 VM also running tailscale and that works just fine. I currently have it set up as a subnet router and can access the TrueNAS UI remotely that way.

The only variables I can think of are:
A. The network change
B. Tailscale v1.64.0 released between initial setup and deploying off-site

The system is running TrueNAS-SCALE-23.10.2 and Tailscale Chart 1.0.36

Dave41 · April 13, 2024, 1:34am

I have the same config running at the same revisions. When you deleted and reinstalled the app did you use a NEW authorization code from Tailscale??? I’m wondering if their sever may be mad at you new locations IP addresses.

haven · April 13, 2024, 3:04am

When re-deploying the app, I used a newly generated auth key each time.

nickspacemonkey · April 13, 2024, 7:04am

Try not using the “apps”. Get the jailmaker script and run Tailscale in a nspawn container, either natively or as a docker app.