enable IP forwarding via entrypoint (fixes IPv6 subnet routes)
ci/woodpecker/pr/pr-build Pipeline was successful
ci/woodpecker/pr/pr-build Pipeline was successful
tailscaled does not reliably enable IPv6 forwarding inside a container
network namespace ('IPv6 forwarding is disabled'), so advertised IPv6
subnet routes silently fail. Add a tiny entrypoint.sh that sets
net.ipv4.ip_forward and net.ipv6.conf.all.forwarding (writable inside a
RouterOS container netns), then exec's tailscaled. Built in the builder
stage so it stays in the single /usr/local/bin COPY layer.
Verified: privileged run flips v6 forwarding 0->1 and exec's tailscaled
with CMD args intact.
This commit is contained in:
+2
-1
@@ -95,7 +95,8 @@ The daemon is now running but **not yet authenticated**.
|
||||
|
||||
### 5. Authenticate
|
||||
|
||||
> This image runs `tailscaled` directly and does **not** bundle Tailscale's
|
||||
> This image runs `tailscaled` via a tiny entrypoint (which enables IP
|
||||
forwarding, then `exec`s the daemon) and does **not** bundle Tailscale's
|
||||
`containerboot` wrapper, so the `TS_AUTHKEY` environment variable is **not**
|
||||
read automatically. You authenticate with `tailscale up --authkey=...` after the
|
||||
container starts.
|
||||
|
||||
Reference in New Issue
Block a user