ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-31 00:23:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Adam Ierymenko 2015-10-09 10:14:45 -07:00
parent c2bbec2f05
commit 9a25651151
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/docker/README.md
View File

@ -5,4 +5,4 @@ This is a simple Docker example using ZeroTier One in normal tun/tap mode. It us
This is not a very secure way to load an identity secret, but it's useful for testing since it allows you to repeatedly launch Docker containers with the same identity. For production we'd recommend using something like Hashicorp Vault, or modifying main.sh to leave identities unspecified and allow the container to generate a new identity at runtime. Then you could script approval of containers using the controller API, approving them as they launch, etc. (We are working on better ways of doing mass provisioning.)
To use in normal tun/tap mode with Docker, containers must be run with the options "--device=/dev/net/tun --cap-add=NET_ADMIN". The main.sh script supplied here will complain and exit if these options are not present (no /dev/net/tun device).
To use in normal tun/tap mode with Docker, containers must be run with the options "--device=/dev/net/tun --privileged". The main.sh script supplied here will complain and exit if these options are not present (no /dev/net/tun device).