-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
How to expose my Kubernetes apps through Tailscale?
- Thread starter mehran
- Start date
mehran
Cadet
- Joined
- Apr 24, 2023
- Messages
- 6
It's been a while since I've done it but I believe for the most part, the default values are good when you are installing the app. The only part(s) that you might need to change (other than your credentials of course), is/are the following:
Namely, the "Userspace" should be checked and you need to specify your IP range in the "Routes". You can also check the "Advertise as exit node" box if you would like to use your NAS as an Internet gateway.
Again, I might be mistaken since it's been a while.
Namely, the "Userspace" should be checked and you need to specify your IP range in the "Routes". You can also check the "Advertise as exit node" box if you would like to use your NAS as an Internet gateway.
Again, I might be mistaken since it's been a while.
- Joined
- Dec 31, 2021
- Messages
- 973
Step-by-Step Guide: How To Setup Tailscale on TrueNAS SCALE
https://lawrence.video/truenasTailscale Tutorialhttps://youtu.be/bcRVkoeSN0EHeadscale Videohttps://youtu.be/-9gXP6aaaywConnecting With Us--------------------...
m.youtube.com
Tom Lawrence just posted a good video.
stk
Dabbler
- Joined
- Mar 27, 2023
- Messages
- 16
DO NOT check Userspace when deploying tailscale!!!!!
With userspace unchecked, tailscale runs as root so local routing will work which is what you want. Otherwise, you can advertise routes and it will never work and you'll be frustrated.
The larger issue is that the Web portal for the apps always use the fixed numeric IP of the truenas server so when you hit "Web portal" button, it will redirect to your local LAN address and tailscale will not be able to locate the server.
The best thing is for all the apps to listen on 0.0.0.0 (all interfaces), but you can't seem to configure that easily (documentation hard to find and no clear setting for this).
The simplest alternative is for tailscale to advertise a route to the LAN IP of the truenas server, in my case 192.168.1.115. This will work if you have Userspace unchecked. This is the method I use to make all my apps work.
WARNING: Tailscale sets the METRIC to 5 which is ridiculously low so if you advertise a route to an IP on your LAN and you have other tailscale clients on your LAN, it will route all traffic via the advertiser because it thinks that is the shortest hop to the destination. I can't believe they haven't figured this out; they should pick a metric which is 1 higher than the LANs own metric (which is around 20).
But if you only advertise the local IP of your truenas server, there's no issue.
So that is the simplest solution I'm aware of.
Note: I'm assuming you're asking about Web Portals for the apps which is what I answered.
I also have Host Networking checked.
With userspace unchecked, tailscale runs as root so local routing will work which is what you want. Otherwise, you can advertise routes and it will never work and you'll be frustrated.
The larger issue is that the Web portal for the apps always use the fixed numeric IP of the truenas server so when you hit "Web portal" button, it will redirect to your local LAN address and tailscale will not be able to locate the server.
The best thing is for all the apps to listen on 0.0.0.0 (all interfaces), but you can't seem to configure that easily (documentation hard to find and no clear setting for this).
The simplest alternative is for tailscale to advertise a route to the LAN IP of the truenas server, in my case 192.168.1.115. This will work if you have Userspace unchecked. This is the method I use to make all my apps work.
WARNING: Tailscale sets the METRIC to 5 which is ridiculously low so if you advertise a route to an IP on your LAN and you have other tailscale clients on your LAN, it will route all traffic via the advertiser because it thinks that is the shortest hop to the destination. I can't believe they haven't figured this out; they should pick a metric which is 1 higher than the LANs own metric (which is around 20).
But if you only advertise the local IP of your truenas server, there's no issue.
So that is the simplest solution I'm aware of.
Note: I'm assuming you're asking about Web Portals for the apps which is what I answered.
I also have Host Networking checked.
