From afacf2e368b2bb6c68069c180f4d72a4a11faf80 Mon Sep 17 00:00:00 2001
From: Claire Wang <clairew@users.noreply.github.com>
Date: Wed, 22 Nov 2023 11:45:44 -0500
Subject: [PATCH] containerboot: Add TS_ACCEPT_ROUTES (#10176)

Fixes tailscale/corp#15596

Signed-off-by: Claire Wang <claire@tailscale.com>
---
 cmd/containerboot/main.go      |  2 +-
 cmd/containerboot/main_test.go | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/cmd/containerboot/main.go b/cmd/containerboot/main.go
index d7a340996..df1b3c3fb 100644
--- a/cmd/containerboot/main.go
+++ b/cmd/containerboot/main.go
@@ -13,7 +13,7 @@
 //
 //   - TS_AUTHKEY: the authkey to use for login.
 //   - TS_HOSTNAME: the hostname to request for the node.
-//   - TS_ROUTES: subnet routes to advertise.
+//   - TS_ROUTES: subnet routes to advertise. To accept routes, use TS_EXTRA_ARGS to pass in --accept-routes.
 //   - TS_DEST_IP: proxy all incoming Tailscale traffic to the given
 //     destination.
 //   - TS_TAILNET_TARGET_IP: proxy all incoming non-Tailscale traffic to the given
diff --git a/cmd/containerboot/main_test.go b/cmd/containerboot/main_test.go
index 88d70b025..cd7edea57 100644
--- a/cmd/containerboot/main_test.go
+++ b/cmd/containerboot/main_test.go
@@ -575,6 +575,22 @@ func TestContainerBoot(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name: "extra_args_accept_routes",
+			Env: map[string]string{
+				"TS_EXTRA_ARGS": "--accept-routes",
+			},
+			Phases: []phase{
+				{
+					WantCmds: []string{
+						"/usr/bin/tailscaled --socket=/tmp/tailscaled.sock --state=mem: --statedir=/tmp --tun=userspace-networking",
+						"/usr/bin/tailscale --socket=/tmp/tailscaled.sock up --accept-dns=false --accept-routes",
+					},
+				}, {
+					Notify: runningNotify,
+				},
+			},
+		},
 		{
 			Name: "hostname",
 			Env: map[string]string{