tailscale/Dockerfile.base

# Copyright (c) Tailscale Inc & AUTHORS
# SPDX-License-Identifier: BSD-3-Clause

FROM alpine:3.22
RUN apk add --no-cache ca-certificates iptables iptables-legacy iproute2 ip6tables iputils
# Alpine 3.19 replaced legacy iptables with nftables based implementation.  We
# can't be certain that all hosts that run Tailscale containers currently
# suppport nftables, so link back to legacy for backwards compatibility reasons.
# TODO(irbekrm): add some way how to determine if we still run on nodes that
# don't support nftables, so that we can eventually remove these symlinks.
RUN ln -s /sbin/iptables-legacy /sbin/iptables
RUN ln -s /sbin/ip6tables-legacy /sbin/ip6tables
all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com> 2023-01-27 13:37:20 -08:00			`# Copyright (c) Tailscale Inc & AUTHORS`
			`# SPDX-License-Identifier: BSD-3-Clause`
build_docker.sh: use github.com/tailscale/mkctr instead of docker Signed-off-by: Maisem Ali <maisem@tailscale.com> 2021-11-21 20:52:19 -08:00
docker: bump alpine v3.19 -> 3.22 (#17155) Updates #15328 Change-Id: Ib33baf8756b648176dce461b25169e079cbd5533 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com> 2025-09-17 20:22:24 +01:00			`FROM alpine:3.22`
Bump Alpine, link iptables back to legacy (#15428) Bumps Alpine 3.18 -> 3.19. Alpine 3.19 links iptables to nftables-based implementation that can break hosts that don't support nftables. Link iptables back to the legacy implementation till we have some certainty that changing to nftables based implementation will not break existing setups. Updates tailscale/tailscale#15328 Signed-off-by: Irbe Krumina <irbe@tailscale.com> 2025-03-26 01:48:01 +00:00			`RUN apk add --no-cache ca-certificates iptables iptables-legacy iproute2 ip6tables iputils`
docker: bump alpine v3.19 -> 3.22 (#17155) Updates #15328 Change-Id: Ib33baf8756b648176dce461b25169e079cbd5533 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com> 2025-09-17 20:22:24 +01:00			`# Alpine 3.19 replaced legacy iptables with nftables based implementation. We`
Bump Alpine, link iptables back to legacy (#15428) Bumps Alpine 3.18 -> 3.19. Alpine 3.19 links iptables to nftables-based implementation that can break hosts that don't support nftables. Link iptables back to the legacy implementation till we have some certainty that changing to nftables based implementation will not break existing setups. Updates tailscale/tailscale#15328 Signed-off-by: Irbe Krumina <irbe@tailscale.com> 2025-03-26 01:48:01 +00:00			`# can't be certain that all hosts that run Tailscale containers currently`
			`# suppport nftables, so link back to legacy for backwards compatibility reasons.`
			`# TODO(irbekrm): add some way how to determine if we still run on nodes that`
			`# don't support nftables, so that we can eventually remove these symlinks.`
docker: bump alpine v3.19 -> 3.22 (#17155) Updates #15328 Change-Id: Ib33baf8756b648176dce461b25169e079cbd5533 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com> 2025-09-17 20:22:24 +01:00			`RUN ln -s /sbin/iptables-legacy /sbin/iptables`
			`RUN ln -s /sbin/ip6tables-legacy /sbin/ip6tables`