I’m trying to figure out how my Docker app can get the Twingate service started since I need to run with sudo:
sudo twingate start
There’s also a couple additions in my compose.yaml file necessary to set the device (which I know is ignored by render):
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
I don’t see support for this if using a render.yaml blueprint, and I can’t run this in my Dockerfile CMD since it doesn’t seem I’m able to use privileged commands.
Is there a workaround for this? I’d planned on having this run in a private service, but I’m using a web service now for testing.
1 Like
Hi Pljspahn,
Have you tried deploying it using the image directly: https://docs.render.com/deploy-an-image, you should be able to use twingate/connector:latest
Regards,
Matt
That’s not the client. That’s a connector, which is a different component.
I do see someone has a client image so I’ll take a look at that and see how they’re doing it.
My image is not only twingate. It’s an application that I previously would only host on-prem because it uses an ODBC connection to a server on our network and was behind a VPN.
E: The other image I see for twingate client still needs compose.yaml to add the tunnel device - I don’t see anything in render.yaml that would provide the same feature unless I’m missing something.
Hi Pljspahn,
Ahh sorry, my mistake. Yes, if you can deploy the client as an image, that would probably be the simplest approach
Regards,
Matt
Maybe you missed my edit, but here is an example of the compose.yaml that the client uses.
The tunnel device needs to be added here but since render ignores compose.yaml, I don’t see a way around this.
version: "3"
services:
twingate_client:
image: rifqisah/twingate_client:latest
container_name: twingate_client
stdin_open: true
tty: true
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
network_mode: host
volumes:
- ./service.key.json:/twingate/service.key.json:ro
Hi Pljspahn,
Some of this may not be possible to replicate on Render since we do not offer privileged access to the containers. However, it looks like the important part is mounting the volume with a key
volumes: - ./service.key.json:/twingate/service.key.json:ro
You should be able to replicate this functionality by uploading that file as a secret file Render, then use a COPY command in your Dockerfile to copy it to the image. See https://docs.render.com/docker-secrets#building-images-with-secrets-locally for more information on this.
Regards,
Matt