build_docker.sh: add run.sh as an entrypoint to the docker image

Fixes #4071 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-12-03 02:21:58 +00:00 · 2022-06-06 12:43:23 -07:00
parent bf2fa7b184
commit 3b55bf9306
11 changed files with 75 additions and 87 deletions
--- a/docs/k8s/run.sh
+++ b/docs/k8s/run.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+# Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.

@@ -6,19 +6,29 @@

 export PATH=$PATH:/tailscale/bin

-AUTH_KEY="${AUTH_KEY:-}"
-ROUTES="${ROUTES:-}"
-DEST_IP="${DEST_IP:-}"
-EXTRA_ARGS="${EXTRA_ARGS:-}"
-USERSPACE="${USERSPACE:-true}"
-KUBE_SECRET="${KUBE_SECRET:-tailscale}"
+TS_AUTH_KEY="${TS_AUTH_KEY:-}"
+TS_ROUTES="${TS_ROUTES:-}"
+TS_DEST_IP="${TS_DEST_IP:-}"
+TS_EXTRA_ARGS="${TS_EXTRA_ARGS:-}"
+TS_USERSPACE="${TS_USERSPACE:-true}"
+TS_STATE_DIR="${TS_STATE_DIR:-}"
+TS_ACCEPT_DNS="${TS_ACCEPT_DNS:-false}"
+TS_KUBE_SECRET="${TS_KUBE_SECRET:-tailscale}"

 set -e

-TAILSCALED_ARGS="--state=kube:${KUBE_SECRET} --socket=/tmp/tailscaled.sock"
+TAILSCALED_ARGS="--socket=/tmp/tailscaled.sock"

-if [[ "${USERSPACE}" == "true" ]]; then
-  if [[ ! -z "${DEST_IP}" ]]; then
+if [[ ! -z "${KUBERNETES_SERVICE_HOST}" ]]; then
+  TAILSCALED_ARGS="${TAILSCALED_ARGS} --state=kube:${TS_KUBE_SECRET}"
+elif [[ ! -z "${TS_STATE_DIR}" ]]; then
+  TAILSCALED_ARGS="${TAILSCALED_ARGS} --statedir=${TS_STATE_DIR}"
+else
+  TAILSCALED_ARGS="${TAILSCALED_ARGS} --state=mem:"
+fi
+
+if [[ "${TS_USERSPACE}" == "true" ]]; then
+  if [[ ! -z "${TS_DEST_IP}" ]]; then
    echo "IP forwarding is not supported in userspace mode"
    exit 1
  fi
@@ -37,23 +47,23 @@ echo "Starting tailscaled"
 tailscaled ${TAILSCALED_ARGS} &
 PID=$!

-UP_ARGS="--accept-dns=false"
-if [[ ! -z "${ROUTES}" ]]; then
-  UP_ARGS="--advertise-routes=${ROUTES} ${UP_ARGS}"
+UP_ARGS="--accept-dns=${TS_ACCEPT_DNS}"
+if [[ ! -z "${TS_ROUTES}" ]]; then
+  UP_ARGS="--advertise-routes=${TS_ROUTES} ${UP_ARGS}"
 fi
-if [[ ! -z "${AUTH_KEY}" ]]; then
-  UP_ARGS="--authkey=${AUTH_KEY} ${UP_ARGS}"
+if [[ ! -z "${TS_AUTH_KEY}" ]]; then
+  UP_ARGS="--authkey=${TS_AUTH_KEY} ${UP_ARGS}"
 fi
-if [[ ! -z "${EXTRA_ARGS}" ]]; then
-  UP_ARGS="${UP_ARGS} ${EXTRA_ARGS:-}"
+if [[ ! -z "${TS_EXTRA_ARGS}" ]]; then
+  UP_ARGS="${UP_ARGS} ${TS_EXTRA_ARGS:-}"
 fi

 echo "Running tailscale up"
 tailscale --socket=/tmp/tailscaled.sock up ${UP_ARGS}

-if [[ ! -z "${DEST_IP}" ]]; then
+if [[ ! -z "${TS_DEST_IP}" ]]; then
  echo "Adding iptables rule for DNAT"
-  iptables -t nat -I PREROUTING -d "$(tailscale --socket=/tmp/tailscaled.sock ip -4)" -j DNAT --to-destination "${DEST_IP}"
+  iptables -t nat -I PREROUTING -d "$(tailscale --socket=/tmp/tailscaled.sock ip -4)" -j DNAT --to-destination "${TS_DEST_IP}"
 fi

 wait ${PID}