hamishforbes · December 15, 2023 11:34 · Jun 25, 2020 · Jun 24, 2020
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.11 AS build
 
 ARG CHANNEL=unstable
-ARG VERSION=0.99.1-0
+ARG VERSION=0.99.1-127
 ARG ARCH=amd64
 
 RUN mkdir /build

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,4 +1,7 @@
+# Create the tun device path if required
+if [ ! -d /dev/net ]; then mkdir /dev/net; fi
+if [ ! -e /dev/net/tun ]; then  mknod /dev/net/tun c 10 200; fi
+
 # Wait 5s for the daemon to start and then run tailscale up to configure
 /bin/sh -c "sleep 5; tailscale up --authkey=${TAILSCALE_AUTH} -advertise-tags=${TAILSCALE_TAGS}" &
-
 exec /usr/bin/tailscaled --state=/tailscale/tailscaled.state
diff --git a/nginx-ingress-values.yaml b/nginx-ingress-values.yaml
@@ -19,7 +19,6 @@ controller:
         - name: TAILSCALE_TAGS
           value: "tag:dev"
       securityContext:
-        privileged: true
         capabilities:
           add:
             - NET_ADMIN
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,26 @@
+FROM alpine:3.11 AS build
+
+ARG CHANNEL=unstable
+ARG VERSION=0.99.1-0
+ARG ARCH=amd64
+
+RUN mkdir /build
+WORKDIR /build
+RUN apk add --no-cache curl tar
+
+RUN curl -vsLo tailscale.tar.gz "https://pkgs.tailscale.com/${CHANNEL}/tailscale_${VERSION}_${ARCH}.tgz" && \
+    tar xvf tailscale.tar.gz && \
+    mv "tailscale_${VERSION}_${ARCH}/tailscaled" . && \
+    mv "tailscale_${VERSION}_${ARCH}/tailscale" .
+
+FROM alpine:3.11
+
+# Tailscaled depends on iptables (for now)
+RUN apk add --no-cache iptables
+
+COPY --from=build /build/tailscale /usr/bin/
+COPY --from=build /build/tailscaled /usr/bin/
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,4 @@
+# Wait 5s for the daemon to start and then run tailscale up to configure
+/bin/sh -c "sleep 5; tailscale up --authkey=${TAILSCALE_AUTH} -advertise-tags=${TAILSCALE_TAGS}" &
+
+exec /usr/bin/tailscaled --state=/tailscale/tailscaled.state
diff --git a/nginx-ingress-values.yaml b/nginx-ingress-values.yaml
@@ -0,0 +1,25 @@
+controller:
+  extraVolumes:
+    - name: tailscale-state
+      persistentVolumeClaim:
+        claimName: tailscale-nginx-ingress-state
+  extraContainers:
+    - name: nginx-ingress-tailscaled
+      image: **********.dkr.ecr.eu-west-1.amazonaws.com/tailscale
+      imagePullPolicy: Always
+      volumeMounts:
+        - name: tailscale-state
+          mountPath: /tailscale
+      env:
+        - name: TAILSCALE_AUTH
+          valueFrom:
+            secretKeyRef:
+              name: tailscale
+              key: auth_key
+        - name: TAILSCALE_TAGS
+          value: "tag:dev"
+      securityContext:
+        privileged: true
+        capabilities:
+          add:
+            - NET_ADMIN