mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 13:05:46 +00:00
76904b82e7
This implements the same functionality as the former run.sh, but in Go and with a little better awareness of tailscaled's lifecycle. Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had where it would unconditionally try to reauth every time if you gave it an authkey, rather than try to use it only if auth is actually needed. This makes it a bit nicer to deploy these containers in automation, since you don't have to run the container once, then go and edit its definition to remove authkeys. Signed-off-by: David Anderson <danderson@tailscale.com>
78 lines
2.4 KiB
Docker
78 lines
2.4 KiB
Docker
# Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
# Use of this source code is governed by a BSD-style
|
|
# license that can be found in the LICENSE file.
|
|
|
|
############################################################################
|
|
#
|
|
# WARNING: Tailscale is not yet officially supported in container
|
|
# environments, such as Docker and Kubernetes. Though it should work, we
|
|
# don't regularly test it, and we know there are some feature limitations.
|
|
#
|
|
# See current bugs tagged "containers":
|
|
# https://github.com/tailscale/tailscale/labels/containers
|
|
#
|
|
############################################################################
|
|
|
|
# This Dockerfile includes all the tailscale binaries.
|
|
#
|
|
# To build the Dockerfile:
|
|
#
|
|
# $ docker build -t tailscale/tailscale .
|
|
#
|
|
# To run the tailscaled agent:
|
|
#
|
|
# $ docker run -d --name=tailscaled -v /var/lib:/var/lib -v /dev/net/tun:/dev/net/tun --network=host --privileged tailscale/tailscale tailscaled
|
|
#
|
|
# To then log in:
|
|
#
|
|
# $ docker exec tailscaled tailscale up
|
|
#
|
|
# To see status:
|
|
#
|
|
# $ docker exec tailscaled tailscale status
|
|
|
|
|
|
FROM golang:1.19-alpine AS build-env
|
|
|
|
WORKDIR /go/src/tailscale
|
|
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Pre-build some stuff before the following COPY line invalidates the Docker cache.
|
|
RUN go install \
|
|
github.com/aws/aws-sdk-go-v2/aws \
|
|
github.com/aws/aws-sdk-go-v2/config \
|
|
gvisor.dev/gvisor/pkg/tcpip/adapters/gonet \
|
|
gvisor.dev/gvisor/pkg/tcpip/stack \
|
|
golang.org/x/crypto/ssh \
|
|
golang.org/x/crypto/acme \
|
|
nhooyr.io/websocket \
|
|
github.com/mdlayher/netlink \
|
|
golang.zx2c4.com/wireguard/device
|
|
|
|
COPY . .
|
|
|
|
# see build_docker.sh
|
|
ARG VERSION_LONG=""
|
|
ENV VERSION_LONG=$VERSION_LONG
|
|
ARG VERSION_SHORT=""
|
|
ENV VERSION_SHORT=$VERSION_SHORT
|
|
ARG VERSION_GIT_HASH=""
|
|
ENV VERSION_GIT_HASH=$VERSION_GIT_HASH
|
|
ARG TARGETARCH
|
|
|
|
RUN GOARCH=$TARGETARCH go install -ldflags="\
|
|
-X tailscale.com/version.Long=$VERSION_LONG \
|
|
-X tailscale.com/version.Short=$VERSION_SHORT \
|
|
-X tailscale.com/version.GitCommit=$VERSION_GIT_HASH" \
|
|
-v ./cmd/tailscale ./cmd/tailscaled ./cmd/containerboot
|
|
|
|
FROM alpine:3.16
|
|
RUN apk add --no-cache ca-certificates iptables iproute2 ip6tables
|
|
|
|
COPY --from=build-env /go/bin/* /usr/local/bin/
|
|
# For compat with the previous run.sh, although ideally you should be
|
|
# using build_docker.sh which sets an entrypoint for the image.
|
|
RUN ln -s /usr/local/bin/containerboot /tailscale/run.sh
|