From 5262c59665fdd5b864806e4f2fe3b79481e4d6bb Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sun, 3 May 2026 04:47:59 +0000
Subject: [PATCH] fix: restart unhealthy tailscale proxies before health scan

---
 .gitea/workflows/deploy.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index e9f74bb..5ccd1b6 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1052,6 +1052,18 @@ jobs:
           kubectl annotate storageclass flash-nfs storageclass.kubernetes.io/is-default-class=true --overwrite
           kubectl get storageclass | grep -E "^flash-nfs.*\\(default\\)"
           ! kubectl get storageclass | grep -E "^local-path.*\\(default\\)"
+          tailscale_unhealthy_pods=$(mktemp)
+          kubectl -n tailscale-system get pods -l tailscale.com/managed=true --no-headers \
+            | grep -Ev "[[:space:]](Running|Completed)[[:space:]]" \
+            | awk '{print $1}' >"${tailscale_unhealthy_pods}" || true
+          if [ -s "${tailscale_unhealthy_pods}" ]; then
+            echo "Restarting unhealthy Tailscale-managed proxy pods before final health scan"
+            while read -r pod; do
+              kubectl -n tailscale-system delete pod "${pod}" --wait=false
+            done <"${tailscale_unhealthy_pods}"
+            sleep 30
+            kubectl -n tailscale-system wait --for=condition=Ready pod -l tailscale.com/managed=true --timeout=600s
+          fi
           unhealthy_pods=$(mktemp)
           kubectl get pods -A --no-headers \
             | grep -Ev "[[:space:]](Running|Completed)[[:space:]]" \