Tailscale app: error checking get permission on secret file

[kingp0dd]

TN Scale v.23.10.2

When running Tailscale app, I get the error:

```
2024-03-22 19:44:42.236638+08:00boot: 2024/03/22 11:44:42 error checking update permission on secret tailscale-tailscale-secret: Post "https://kubernetes.default.svc/apis/authorization.k8s.io/v1/selfsubjectaccessreviews": dial tcp: lookup kubernetes.default.svc on 172.17.0.10:53: write udp 192.168.0.199:60342->172.17.0.10:53: write: operation not permitted
2024-03-22 19:44:42.237226+08:00boot: 2024/03/22 11:44:42 error checking patch permission on secret tailscale-tailscale-secret: Post "https://kubernetes.default.svc/apis/authorization.k8s.io/v1/selfsubjectaccessreviews": dial tcp: lookup kubernetes.default.svc on 172.17.0.10:53: write udp 192.168.0.199:36978->172.17.0.10:53: write: operation not permitted
2024-03-22 19:44:42.237650+08:00boot: 2024/03/22 11:44:42 Getting authkey from kube secret: Get "https://kubernetes.default.svc/api/v1/namespaces/ix-tailscale/secrets/tailscale-tailscale-secret": dial tcp: lookup kubernetes.default.svc on 172.17.0.10:53: write udp 192.168.0.199:46061->172.17.0.10:53: write: operation not permitted```
```

• App Options:

Host Networking - enabled
Userspace - unchecked

• I upgraded from TN Core to Scale. Would that matter?
• I tried Deleting it and Installing it again. Also tried Unsetting the Pool and Setting it again.
• using an admin user (non-root). I tried to install it using the root user in the GUI too though, but I get the same error.
• No custom domains in In TrueNAS > Network > Global Configuration
• I tried changing TN nameserver to 1.1.1.1 (in Networks - Global Configuration), but still same error
• Output of the k3s command:

sudo k3s kubectl get role -n ix-tailscale -o jsonpath={'.items'} | jq
```

[
{
"apiVersion": "rbac.authorization.k8s.io/v1",
"kind": "Role",
"metadata": {
"annotations": {
"meta.helm.sh/release-name": "tailscale",
"meta.helm.sh/release-namespace": "ix-tailscale"
},
"creationTimestamp": "2024-03-22T13:04:41Z",
"labels": {
"app": "tailscale-1.0.35",
"app.kubernetes.io/instance": "tailscale",
"app.kubernetes.io/managed-by": "Helm",
"app.kubernetes.io/name": "tailscale",
"app.kubernetes.io/version": "1.62.0",
"helm-revision": "1",
"helm.sh/chart": "tailscale-1.0.35",
"release": "tailscale"
},
"managedFields": [
{
"apiVersion": "rbac.authorization.k8s.io/v1",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:metadata": {
"f:annotations": {
".": {},
"f:meta.helm.sh/release-name": {},
"f:meta.helm.sh/release-namespace": {}
},
"f:labels": {
".": {},
"f:app": {},
"f:app.kubernetes.io/instance": {},
"f:app.kubernetes.io/managed-by": {},
"f:app.kubernetes.io/name": {},
"f:app.kubernetes.io/version": {},
"f:helm-revision": {},
"f:helm.sh/chart": {},
"f:release": {}
}
},
"f:rules": {}
},
"manager": "helm",
"operation": "Update",
"time": "2024-03-22T13:04:41Z"
}
],
"name": "tailscale",
"namespace": "ix-tailscale",
"resourceVersion": "72198",
"uid": "2fc726c1-ad1d-4bfa-8b5e-ddaefa53e53e"
},
"rules": [
{
"apiGroups": [
""
],
"resources": [
"secrets"
],
"verbs": [
"create"
]
},
{
"apiGroups": [
""
],
"resourceNames": [
"tailscale-tailscale-secret"
],
"resources": [
"secrets"
],
"verbs": [
"get",
"update",
"patch"
]
}
]
}
]
```