Dockerfile

FROM alpine:3.11 AS build

ARG CHANNEL=unstable
ARG VERSION=0.99.1-127
ARG ARCH=amd64

RUN mkdir /build
WORKDIR /build
RUN apk add --no-cache curl tar

RUN curl -vsLo tailscale.tar.gz "https://pkgs.tailscale.com/${CHANNEL}/tailscale_${VERSION}_${ARCH}.tgz" && \
    tar xvf tailscale.tar.gz && \
    mv "tailscale_${VERSION}_${ARCH}/tailscaled" . && \
    mv "tailscale_${VERSION}_${ARCH}/tailscale" .

FROM alpine:3.11

# Tailscaled depends on iptables (for now)
RUN apk add --no-cache iptables

COPY --from=build /build/tailscale /usr/bin/
COPY --from=build /build/tailscaled /usr/bin/

COPY entrypoint.sh /entrypoint.sh

ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]

entrypoint.sh

# Create the tun device path if required
if [ ! -d /dev/net ]; then mkdir /dev/net; fi
if [ ! -e /dev/net/tun ]; then  mknod /dev/net/tun c 10 200; fi

# Wait 5s for the daemon to start and then run tailscale up to configure
/bin/sh -c "sleep 5; tailscale up --authkey=${TAILSCALE_AUTH} -advertise-tags=${TAILSCALE_TAGS}" &
exec /usr/bin/tailscaled --state=/tailscale/tailscaled.state

nginx-ingress-values.yaml

controller:
  extraVolumes:
    - name: tailscale-state
      persistentVolumeClaim:
        claimName: tailscale-nginx-ingress-state
  extraContainers:
    - name: nginx-ingress-tailscaled
      image: **********.dkr.ecr.eu-west-1.amazonaws.com/tailscale
      imagePullPolicy: Always
      volumeMounts:
        - name: tailscale-state
          mountPath: /tailscale
      env:
        - name: TAILSCALE_AUTH
          valueFrom:
            secretKeyRef:
              name: tailscale
              key: auth_key
        - name: TAILSCALE_TAGS
          value: "tag:dev"
      securityContext:
        capabilities:
          add:
            - NET_ADMIN