.github/workfkows,Dockerfile,Dockerfile.base: add a test for base image (#18180)
Test that the base image builds and has the right iptables binary linked. Updates #17854 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
This commit is contained in:
Irbe Krumina
GitHub
+5
-5
@@ -3,10 +3,10 @@
|
||||
|
||||
FROM alpine:3.22
|
||||
RUN apk add --no-cache ca-certificates iptables iptables-legacy iproute2 ip6tables iputils
|
||||
# Alpine 3.19 replaced legacy iptables with nftables based implementation. We
|
||||
# can't be certain that all hosts that run Tailscale containers currently
|
||||
# suppport nftables, so link back to legacy for backwards compatibility reasons.
|
||||
# TODO(irbekrm): add some way how to determine if we still run on nodes that
|
||||
# don't support nftables, so that we can eventually remove these symlinks.
|
||||
# Alpine 3.19 replaced legacy iptables with nftables based implementation.
|
||||
# Tailscale is used on some hosts that don't support nftables, such as Synology
|
||||
# NAS, so link iptables back to legacy version. Hosts that don't require legacy
|
||||
# iptables should be able to use Tailscale in nftables mode. See
|
||||
# https://github.com/tailscale/tailscale/issues/17854
|
||||
RUN rm /usr/sbin/iptables && ln -s /usr/sbin/iptables-legacy /usr/sbin/iptables
|
||||
RUN rm /usr/sbin/ip6tables && ln -s /usr/sbin/ip6tables-legacy /usr/sbin/ip6tables
|
||||
|
||||
Reference in New Issue
Block a user