Open PrzemekSkw opened 1 year ago
Hi,
I personally don't know Tailscale network but wud
can connect to multiple Docker hosts using TCP.
https://fmartinou.github.io/whats-up-docker/#/configuration/watchers/?id=variables
So if the remote hosts are reachable via TCP, it should work.
Hi, thanks for answer. Can You help me how to add another host?
Hi @fmartinou I add variable in Portainer like that:
I still see only my local host containers. But see my remote hosts in Watchers section:
Can You tell me what is wrong?
Hi @PrzemekSkw ,
For the remote host to watch, you cannot use the socket
configuration, which is by design intended for local use.
You need to:
Following on this as I'm having the same use case, trying to connect different machines through tailscale and docker socket proxy. I see on their github that dsp runs with a lot of stuff secured by default, which would stop wud from doing it's job. https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections there's the list of stuff you can configure, what should I change in order for wud to work??
Really would love to make this one work. Thank you!
i'd like to second the request for a list of permissions required for a socket proxy
Adding the IMAGES permission to my proxy (in addition to the already enabled CONTAINERS) allows WUD to startup and monitor. Presumably you'd need more permissions to enable triggers to actually pull new images/recreate containers
I'm using this for the local daemon socket in a readonly use-case (no triggers for auto-updates) and it works flawlessly as far as I can tell. I think CONTAINERS and EVENTS should be necessary if you don't want to monitor stopped containers (WUD_WATCHER_{watcher_name}_WATCHALL
, default false
) and if you want WUD to update on container changes (WUD_WATCHER_{watcher_name}_WATCHEVENTS
, default true
). Or does that work for you without those two permissions?
docker-socket-proxy:
image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
restart: unless-stopped
environment:
CONTAINERS: 1 # Allow access to viewing containers
IMAGES: 1 # Allow access to viewing images
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
expose:
- 2375
That being said, the author of docker-socket-proxy explicitly discourages exposing docker socket with his container to the outside, so you have been warned. Creating TLS-certs like @fmartinou mentioned is still the best approach right now.
Hello, it's possible to add remote hosts from Tailscale network? Do I have to install WUD on every host? Regards.