This implements the same functionality as the former run.sh, but in Go
and with a little better awareness of tailscaled's lifecycle.
Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had
where it would unconditionally try to reauth every time if you gave it
an authkey, rather than try to use it only if auth is actually needed.
This makes it a bit nicer to deploy these containers in automation, since
you don't have to run the container once, then go and edit its definition
to remove authkeys.
Signed-off-by: David Anderson <danderson@tailscale.com>
This has the benefit of propagating SIGINT to tailscaled, which in turn
can react to the event and logout in case of an ephemeral node.
Also fix missing run.sh in Dockerfile.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
The Dockerfile directions said:
But that failed with:
Step 14/15 : FROM ghcr.io/tailscale/alpine-base:3.14
Head "https://ghcr.io/v2/tailscale/alpine-base/manifests/3.14": denied: denied
So I guess the Dockerfile.base part was undocumented. But it only had
one line anyway, so move it here to avoid the intermediate layer's
published permissions problem entirely.
Also optimize the cachability a bit while here.
Change-Id: I846ad59fe7e88e6126925689fae78bfb80c279f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
The image is pulled using tailscale/tailscale:latest, and can be run using tailscale/tailscale
Signed-off-by: Michael Stapelberg <michael@stapelberg.de>
In prep for using 1.17 features.
Note the go.mod changes are due to:
https://golang.org/doc/go1.17#go-command
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
As documented in the README, tailscale only build with the latest Go
version (Go 1.15). As a result, a handful of undefined errors would pop
up using an older verison.
This patch updates the base image to 1.15, allowing "docker build"
to function correctly once more.
Signed-off-by: Sean Klein <seanmarionklein@gmail.com>
We need iptables to make subnet routing work. Without it,
Tailscale mostly works, but subnet routing mysteriously doesn't.
Signed-off-by: David Anderson <dave@natulte.net>