Trying to have a docker container route all of it's traffic through an exit node. Eventually this will be made part of a docker compose stack where all the containers use the tailscale container for their networking.

I'm starting the tailscale container with the following command:

sudo docker run --name=tailscale -v /var/lib:/var/lib -v /lib/modules:/lib/modules -v /dev/net/tun:/dev/net/tun -v ./ts-state:/client/data --cap-add=NET_ADMIN --cap-add=NET_RAW -e TS_HOSTNAME=den-test-b -e TS_STATE_DIR=/client/data -e TS_AUTHKEY=tskey-auth-redacted -e TS_EXTRA_ARGS="--exit-node=[exit-node-ip]" --privileged=true --rm tailscale/tailscale:latest

When I run sudo docker exec -it tailscale tailscale --socket /tmp/tailscaled.sock exit-node list I see my specified exit node but with a status of 'selected but offline'. Additionally, from inside the tailscale container (docker exec -it tailscale sh), wget -q -O /tmp/ipconfig 'https://ifconfig.me/ip' && cat /tmp/ipconfig shows the IP not going through the exit node.

This is on Ubuntu Bullseye with the official Docker installed. tailscale docker version 1.48.1. What am I missing?