Closed nierob closed 1 year ago
nierob
commented
2 years ago Actually it is now possible to specify tailscale socket file in tailscale container (https://github.com/tailscale/tailscale/commit/021bedfb89d99e13d889e3f847d70cb33870fa57). So the only missing part to implement code less sidecar pattern is this request.
amontalban
commented
1 year ago I'm having the same issue, I'm tryin to setup Traefik to use Tailscale for the certificate which uses tscert. However, tscert does not support changing the path of the socket (TS_SOCKET in the container image).
I will try to do a PR soon to have tscert support TS_SOCKET and TS_STATE_DIR env variables as tailscale.
Caddy + Tailscale creates a nice pattern for internal services proxing, but currently it is hard to make it clean, at least code wise. In a managed setup, like for example nomad based, tailscale connection would need to be exposed from somewhere. That are 3 options:
The last option seems as the most sensible. It separates code and logs. It does not involve additional code, so one can use vanilla containers. Sadly it is just an theory, as at the moment it is annoying to implement it. Caddy needs tailscale socket to connect to it, the socket is a file, that means it has to be exposed somehow form the sidecar. That can be done through shared volume, but then it not convenient to mount such volume under /var/run (the default socket path).
At the moment the official tailscale container does not have ability to change the socket path either, but that is an easy change.
Expectation:
It should be possible to declare an environment variable telling Caddy where the tailscale socket lives.