cmd/containerboot: PID1 for running tailscaled in a container.

This implements the same functionality as the former run.sh, but in Go and with a little better awareness of tailscaled's lifecycle. Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had where it would unconditionally try to reauth every time if you gave it an authkey, rather than try to use it only if auth is actually needed. This makes it a bit nicer to deploy these containers in automation, since you don't have to run the container once, then go and edit its definition to remove authkeys. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-10-25 13:12:54 -07:00
parent 0759d78f12
commit 76904b82e7
8 changed files with 641 additions and 107 deletions
--- a/6
+++ b/6
@@ -66,10 +66,12 @@ RUN GOARCH=$TARGETARCH go install -ldflags="\
      -X tailscale.com/version.Long=$VERSION_LONG \
      -X tailscale.com/version.Short=$VERSION_SHORT \
      -X tailscale.com/version.GitCommit=$VERSION_GIT_HASH" \
-      -v ./cmd/tailscale ./cmd/tailscaled
+      -v ./cmd/tailscale ./cmd/tailscaled ./cmd/containerboot

 FROM alpine:3.16
 RUN apk add --no-cache ca-certificates iptables iproute2 ip6tables

 COPY --from=build-env /go/bin/* /usr/local/bin/
-COPY --from=build-env /go/src/tailscale/docs/k8s/run.sh /usr/local/bin/
+# For compat with the previous run.sh, although ideally you should be
+# using build_docker.sh which sets an entrypoint for the image.
+RUN ln -s /usr/local/bin/containerboot /tailscale/run.sh