mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-25 01:07:52 +00:00
Merge pull request #214 from ItalyPaleAle/docker-distroless
This commit is contained in:
commit
49f835d8cf
44
.github/workflows/release.yml
vendored
44
.github/workflows/release.yml
vendored
@ -72,3 +72,47 @@ jobs:
|
|||||||
context: .
|
context: .
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
|
||||||
|
docker-debug-release:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
- name: Docker meta
|
||||||
|
id: meta-debug
|
||||||
|
uses: docker/metadata-action@v3
|
||||||
|
with:
|
||||||
|
# list of Docker images to use as base name for tags
|
||||||
|
images: |
|
||||||
|
${{ secrets.DOCKERHUB_USERNAME }}/headscale
|
||||||
|
ghcr.io/${{ github.repository_owner }}/headscale
|
||||||
|
flavor: |
|
||||||
|
latest=false
|
||||||
|
tags: |
|
||||||
|
type=semver,pattern={{version}}-debug
|
||||||
|
type=semver,pattern={{major}}.{{minor}}-debug
|
||||||
|
type=semver,pattern={{major}}-debug
|
||||||
|
type=raw,value=latest-debug
|
||||||
|
type=sha,suffix=-debug
|
||||||
|
- name: Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
- name: Login to GHCR
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.repository_owner }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- name: Build and push
|
||||||
|
id: docker_build
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
push: true
|
||||||
|
context: .
|
||||||
|
file: Dockerfile.debug
|
||||||
|
tags: ${{ steps.meta-debug.outputs.tags }}
|
||||||
|
labels: ${{ steps.meta-debug.outputs.labels }}
|
||||||
|
13
Dockerfile
13
Dockerfile
@ -1,5 +1,4 @@
|
|||||||
FROM bufbuild/buf:1.0.0-rc6 as buf
|
# Builder image
|
||||||
|
|
||||||
FROM golang:1.17.1-bullseye AS build
|
FROM golang:1.17.1-bullseye AS build
|
||||||
ENV GOPATH /go
|
ENV GOPATH /go
|
||||||
WORKDIR /go/src/headscale
|
WORKDIR /go/src/headscale
|
||||||
@ -12,14 +11,10 @@ COPY . .
|
|||||||
RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale
|
RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale
|
||||||
RUN test -e /go/bin/headscale
|
RUN test -e /go/bin/headscale
|
||||||
|
|
||||||
FROM ubuntu:20.04
|
# Production image
|
||||||
|
FROM gcr.io/distroless/base-debian11
|
||||||
|
|
||||||
RUN apt-get update \
|
COPY --from=build /go/bin/headscale /bin/headscale
|
||||||
&& apt-get install -y ca-certificates \
|
|
||||||
&& update-ca-certificates \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
COPY --from=build /go/bin/headscale /usr/local/bin/headscale
|
|
||||||
ENV TZ UTC
|
ENV TZ UTC
|
||||||
|
|
||||||
EXPOSE 8080/tcp
|
EXPOSE 8080/tcp
|
||||||
|
23
Dockerfile.debug
Normal file
23
Dockerfile.debug
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Builder image
|
||||||
|
FROM golang:1.17.1-bullseye AS build
|
||||||
|
ENV GOPATH /go
|
||||||
|
WORKDIR /go/src/headscale
|
||||||
|
|
||||||
|
COPY go.mod go.sum /go/src/headscale/
|
||||||
|
RUN go mod download
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
|
||||||
|
RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale
|
||||||
|
RUN test -e /go/bin/headscale
|
||||||
|
|
||||||
|
# Debug image
|
||||||
|
FROM gcr.io/distroless/base-debian11:debug
|
||||||
|
|
||||||
|
COPY --from=build /go/bin/headscale /bin/headscale
|
||||||
|
ENV TZ UTC
|
||||||
|
|
||||||
|
# Need to reset the entrypoint or everything will run as a busybox script
|
||||||
|
ENTRYPOINT []
|
||||||
|
EXPOSE 8080/tcp
|
||||||
|
CMD ["headscale"]
|
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
3. Get yourself a DB
|
3. Get yourself a DB
|
||||||
|
|
||||||
a) Get a Postgres DB running in docker
|
a) Get a Postgres DB running in Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run --name headscale \
|
docker run --name headscale \
|
||||||
@ -33,7 +33,7 @@
|
|||||||
-d postgres
|
-d postgres
|
||||||
```
|
```
|
||||||
|
|
||||||
or b) Prepare a SQLite DB file
|
or b) Prepare a SQLite DB file:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch config/db.sqlite
|
touch config/db.sqlite
|
||||||
@ -55,20 +55,21 @@
|
|||||||
headscale namespaces create myfirstnamespace
|
headscale namespaces create myfirstnamespace
|
||||||
```
|
```
|
||||||
|
|
||||||
or docker:
|
or Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run \
|
docker run \
|
||||||
-v $(pwd)/config:/etc/headscale/ \
|
-v $(pwd)/config:/etc/headscale/ \
|
||||||
-p 127.0.0.1:8080:8080 \
|
-p 127.0.0.1:8080:8080 \
|
||||||
headscale/headscale:x.x.x \
|
headscale/headscale:x.x.x \
|
||||||
headscale namespaces create myfirstnamespace
|
headscale namespaces create myfirstnamespace
|
||||||
```
|
```
|
||||||
|
|
||||||
or if your server is already running in docker:
|
or if your server is already running in Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker exec <container_name> headscale namespaces create myfirstnamespace
|
docker exec <container_name> \
|
||||||
|
headscale namespaces create myfirstnamespace
|
||||||
```
|
```
|
||||||
|
|
||||||
6. Run the server
|
6. Run the server
|
||||||
@ -77,13 +78,14 @@
|
|||||||
headscale serve
|
headscale serve
|
||||||
```
|
```
|
||||||
|
|
||||||
or docker:
|
or Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run \
|
docker run \
|
||||||
-v $(pwd)/config:/etc/headscale/ \
|
-v $(pwd)/config:/etc/headscale/ \
|
||||||
-p 127.0.0.1:8080:8080 \
|
-p 127.0.0.1:8080:8080 \
|
||||||
headscale/headscale:x.x.x headscale serve
|
headscale/headscale:x.x.x \
|
||||||
|
headscale serve
|
||||||
```
|
```
|
||||||
|
|
||||||
## Nodes configuration
|
## Nodes configuration
|
||||||
@ -107,19 +109,25 @@ systemctl start tailscaled
|
|||||||
2. Navigate to the URL returned by `tailscale up`, where you'll find your machine key.
|
2. Navigate to the URL returned by `tailscale up`, where you'll find your machine key.
|
||||||
|
|
||||||
3. In the server, register your machine to a namespace with the CLI
|
3. In the server, register your machine to a namespace with the CLI
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
|
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
|
||||||
```
|
```
|
||||||
or docker:
|
|
||||||
|
or Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run \
|
docker run \
|
||||||
-v $(pwd)/config:/etc/headscale/ \
|
-v $(pwd)/config:/etc/headscale/ \
|
||||||
headscale/headscale:x.x.x \
|
headscale/headscale:x.x.x \
|
||||||
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
|
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
|
||||||
```
|
```
|
||||||
or if your server is already running in docker:
|
|
||||||
|
or if your server is already running in Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker exec <container_name> headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
|
docker exec <container_name> \
|
||||||
|
headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
|
||||||
```
|
```
|
||||||
|
|
||||||
### Alternative: adding node with AUTHKEY
|
### Alternative: adding node with AUTHKEY
|
||||||
@ -130,7 +138,7 @@ systemctl start tailscaled
|
|||||||
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
|
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
|
||||||
```
|
```
|
||||||
|
|
||||||
or docker:
|
or Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run \
|
docker run \
|
||||||
@ -139,13 +147,15 @@ systemctl start tailscaled
|
|||||||
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
|
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
|
||||||
```
|
```
|
||||||
|
|
||||||
or if your server is already running in docker:
|
or if your server is already running in Docker:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker exec <container_name> headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
|
docker exec <container_name> \
|
||||||
|
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Use the authkey on your node to register it
|
2. Use the authkey on your node to register it:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
tailscale up --login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY
|
tailscale up --login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY
|
||||||
```
|
```
|
||||||
@ -153,3 +163,31 @@ systemctl start tailscaled
|
|||||||
If you create an authkey with the `--ephemeral` flag, that key will create ephemeral nodes. This implies that `--reusable` is true.
|
If you create an authkey with the `--ephemeral` flag, that key will create ephemeral nodes. This implies that `--reusable` is true.
|
||||||
|
|
||||||
Please bear in mind that all headscale commands support adding `-o json` or `-o json-line` to get nicely JSON-formatted output.
|
Please bear in mind that all headscale commands support adding `-o json` or `-o json-line` to get nicely JSON-formatted output.
|
||||||
|
|
||||||
|
## Debugging headscale running in Docker
|
||||||
|
|
||||||
|
The `headscale/headscale` Docker container is based on a "distroless" image that does not contain a shell or any other debug tools. If you need to debug your application running in the Docker container, you can use the `-debug` variant, for example `headscale/headscale:x.x.x-debug`.
|
||||||
|
|
||||||
|
### Running the debug Docker container
|
||||||
|
|
||||||
|
To run the debug Docker container, use the exact same commands as above, but replace `headscale/headscale:x.x.x` with `headscale/headscale:x.x.x-debug` (`x.x.x` is the version of headscale). The two containers are compatible with each other, so you can alternate between them.
|
||||||
|
|
||||||
|
### Executing commands in the debug container
|
||||||
|
|
||||||
|
The default command in the debug container is to run `headscale`, which is located at `/bin/headscale` inside the container.
|
||||||
|
|
||||||
|
Additionally, the debug container includes a minimalist Busybox shell.
|
||||||
|
|
||||||
|
To launch a shell in the container, use:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker run -it headscale/headscale:x.x.x-debug sh
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also execute commands directly, such as `ls /bin` in this example:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker run headscale/headscale:x.x.x-debug ls /bin
|
||||||
|
```
|
||||||
|
|
||||||
|
Using `docker exec` allows you to run commands in an existing container.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user