Merge pull request #214 from ItalyPaleAle/docker-distroless

This commit is contained in:
Kristoffer Dalby 2021-11-16 07:34:08 +00:00 committed by GitHub
commit 49f835d8cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 124 additions and 24 deletions

View File

@ -72,3 +72,47 @@ jobs:
context: . context: .
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
docker-debug-release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Docker meta
id: meta-debug
uses: docker/metadata-action@v3
with:
# list of Docker images to use as base name for tags
images: |
${{ secrets.DOCKERHUB_USERNAME }}/headscale
ghcr.io/${{ github.repository_owner }}/headscale
flavor: |
latest=false
tags: |
type=semver,pattern={{version}}-debug
type=semver,pattern={{major}}.{{minor}}-debug
type=semver,pattern={{major}}-debug
type=raw,value=latest-debug
type=sha,suffix=-debug
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
context: .
file: Dockerfile.debug
tags: ${{ steps.meta-debug.outputs.tags }}
labels: ${{ steps.meta-debug.outputs.labels }}

View File

@ -1,5 +1,4 @@
FROM bufbuild/buf:1.0.0-rc6 as buf # Builder image
FROM golang:1.17.1-bullseye AS build FROM golang:1.17.1-bullseye AS build
ENV GOPATH /go ENV GOPATH /go
WORKDIR /go/src/headscale WORKDIR /go/src/headscale
@ -12,14 +11,10 @@ COPY . .
RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale
RUN test -e /go/bin/headscale RUN test -e /go/bin/headscale
FROM ubuntu:20.04 # Production image
FROM gcr.io/distroless/base-debian11
RUN apt-get update \ COPY --from=build /go/bin/headscale /bin/headscale
&& apt-get install -y ca-certificates \
&& update-ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build /go/bin/headscale /usr/local/bin/headscale
ENV TZ UTC ENV TZ UTC
EXPOSE 8080/tcp EXPOSE 8080/tcp

23
Dockerfile.debug Normal file
View File

@ -0,0 +1,23 @@
# Builder image
FROM golang:1.17.1-bullseye AS build
ENV GOPATH /go
WORKDIR /go/src/headscale
COPY go.mod go.sum /go/src/headscale/
RUN go mod download
COPY . .
RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale
RUN test -e /go/bin/headscale
# Debug image
FROM gcr.io/distroless/base-debian11:debug
COPY --from=build /go/bin/headscale /bin/headscale
ENV TZ UTC
# Need to reset the entrypoint or everything will run as a busybox script
ENTRYPOINT []
EXPOSE 8080/tcp
CMD ["headscale"]

View File

@ -22,7 +22,7 @@
3. Get yourself a DB 3. Get yourself a DB
a) Get a Postgres DB running in docker a) Get a Postgres DB running in Docker:
```shell ```shell
docker run --name headscale \ docker run --name headscale \
@ -33,7 +33,7 @@
-d postgres -d postgres
``` ```
or b) Prepare a SQLite DB file or b) Prepare a SQLite DB file:
```shell ```shell
touch config/db.sqlite touch config/db.sqlite
@ -55,7 +55,7 @@
headscale namespaces create myfirstnamespace headscale namespaces create myfirstnamespace
``` ```
or docker: or Docker:
```shell ```shell
docker run \ docker run \
@ -65,10 +65,11 @@
headscale namespaces create myfirstnamespace headscale namespaces create myfirstnamespace
``` ```
or if your server is already running in docker: or if your server is already running in Docker:
```shell ```shell
docker exec <container_name> headscale namespaces create myfirstnamespace docker exec <container_name> \
headscale namespaces create myfirstnamespace
``` ```
6. Run the server 6. Run the server
@ -77,13 +78,14 @@
headscale serve headscale serve
``` ```
or docker: or Docker:
```shell ```shell
docker run \ docker run \
-v $(pwd)/config:/etc/headscale/ \ -v $(pwd)/config:/etc/headscale/ \
-p 127.0.0.1:8080:8080 \ -p 127.0.0.1:8080:8080 \
headscale/headscale:x.x.x headscale serve headscale/headscale:x.x.x \
headscale serve
``` ```
## Nodes configuration ## Nodes configuration
@ -107,19 +109,25 @@ systemctl start tailscaled
2. Navigate to the URL returned by `tailscale up`, where you'll find your machine key. 2. Navigate to the URL returned by `tailscale up`, where you'll find your machine key.
3. In the server, register your machine to a namespace with the CLI 3. In the server, register your machine to a namespace with the CLI
```shell ```shell
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
``` ```
or docker:
or Docker:
```shell ```shell
docker run \ docker run \
-v $(pwd)/config:/etc/headscale/ \ -v $(pwd)/config:/etc/headscale/ \
headscale/headscale:x.x.x \ headscale/headscale:x.x.x \
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
``` ```
or if your server is already running in docker:
or if your server is already running in Docker:
```shell ```shell
docker exec <container_name> headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY docker exec <container_name> \
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
``` ```
### Alternative: adding node with AUTHKEY ### Alternative: adding node with AUTHKEY
@ -130,7 +138,7 @@ systemctl start tailscaled
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
``` ```
or docker: or Docker:
```shell ```shell
docker run \ docker run \
@ -139,13 +147,15 @@ systemctl start tailscaled
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
``` ```
or if your server is already running in docker: or if your server is already running in Docker:
```shell ```shell
docker exec <container_name> headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h docker exec <container_name> \
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
``` ```
2. Use the authkey on your node to register it 2. Use the authkey on your node to register it:
```shell ```shell
tailscale up --login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY tailscale up --login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY
``` ```
@ -153,3 +163,31 @@ systemctl start tailscaled
If you create an authkey with the `--ephemeral` flag, that key will create ephemeral nodes. This implies that `--reusable` is true. If you create an authkey with the `--ephemeral` flag, that key will create ephemeral nodes. This implies that `--reusable` is true.
Please bear in mind that all headscale commands support adding `-o json` or `-o json-line` to get nicely JSON-formatted output. Please bear in mind that all headscale commands support adding `-o json` or `-o json-line` to get nicely JSON-formatted output.
## Debugging headscale running in Docker
The `headscale/headscale` Docker container is based on a "distroless" image that does not contain a shell or any other debug tools. If you need to debug your application running in the Docker container, you can use the `-debug` variant, for example `headscale/headscale:x.x.x-debug`.
### Running the debug Docker container
To run the debug Docker container, use the exact same commands as above, but replace `headscale/headscale:x.x.x` with `headscale/headscale:x.x.x-debug` (`x.x.x` is the version of headscale). The two containers are compatible with each other, so you can alternate between them.
### Executing commands in the debug container
The default command in the debug container is to run `headscale`, which is located at `/bin/headscale` inside the container.
Additionally, the debug container includes a minimalist Busybox shell.
To launch a shell in the container, use:
```
docker run -it headscale/headscale:x.x.x-debug sh
```
You can also execute commands directly, such as `ls /bin` in this example:
```
docker run headscale/headscale:x.x.x-debug ls /bin
```
Using `docker exec` allows you to run commands in an existing container.