Define WireGuard PersistentKeepAlive via Annotation (#31)

* Add WireGuardPersistentKeepAlive to mesh.Node * Connect to configuration * Shorten keepalive key * Fix casing on keepalive * Add annotated keepalive value to peer functions
2020-02-13 02:16:55 -07:00 · 2020-02-13 02:16:55 -07:00 · 6de0f9805a
commit 6de0f9805a
parent a6afc3247d
5 changed files with 127 additions and 86 deletions
--- a/pkg/k8s/backend.go
+++ b/pkg/k8s/backend.go
@ -56,6 +56,7 @@ const (
 	lastSeenAnnotationKey        = "kilo.squat.ai/last-seen"
 	leaderAnnotationKey          = "kilo.squat.ai/leader"
 	locationAnnotationKey        = "kilo.squat.ai/location"
+	persistentKeepaliveKey       = "kilo.squat.ai/persistent-keepalive"
 	wireGuardIPAnnotationKey     = "kilo.squat.ai/wireguard-ip"

 	regionLabelKey  = "topology.kubernetes.io/region"
@ -262,6 +263,15 @@ func translateNode(node *v1.Node) *mesh.Node {
 	if !ok {
 		internalIP = node.ObjectMeta.Annotations[internalIPAnnotationKey]
 	}
+	// Set Wireguard PersistentKeepalive setting for the node.
+	var persistentKeepalive int64
+	if keepAlive, ok := node.ObjectMeta.Annotations[persistentKeepaliveKey]; !ok {
+		persistentKeepalive = 0
+	} else {
+		if persistentKeepalive, err = strconv.ParseInt(keepAlive, 10, 64); err != nil {
+			persistentKeepalive = 0
+		}
+	}
 	var lastSeen int64
 	if ls, ok := node.ObjectMeta.Annotations[lastSeenAnnotationKey]; !ok {
 		lastSeen = 0
@ -282,6 +292,7 @@ func translateNode(node *v1.Node) *mesh.Node {
 		Leader:              leader,
 		Location:            location,
 		Name:                node.Name,
+		PersistentKeepalive: int(persistentKeepalive),
 		Subnet:              subnet,
 		// WireGuardIP can fail to parse if the node is not a leader or if
 		// the node's agent has not yet reconciled. In either case, the IP
--- a/pkg/k8s/backend_test.go
+++ b/pkg/k8s/backend_test.go
@ -111,6 +111,15 @@ func TestTranslateNode(t *testing.T) {
 				ExternalIP: &net.IPNet{IP: net.ParseIP("10.0.0.2"), Mask: net.CIDRMask(24, 32)},
 			},
 		},
+		{
+			name: "wireguard persistent keepalive override",
+			annotations: map[string]string{
+				persistentKeepaliveKey: "25",
+			},
+			out: &mesh.Node{
+				PersistentKeepalive: 25,
+			},
+		},
 		{
 			name: "internal IP override",
 			annotations: map[string]string{
@ -139,6 +148,7 @@ func TestTranslateNode(t *testing.T) {
 				lastSeenAnnotationKey:        "1000000000",
 				leaderAnnotationKey:          "",
 				locationAnnotationKey:        "b",
+				persistentKeepaliveKey:       "25",
 				wireGuardIPAnnotationKey:     "10.4.0.1/16",
 			},
 			labels: map[string]string{
@ -151,6 +161,7 @@ func TestTranslateNode(t *testing.T) {
 				LastSeen:            1000000000,
 				Leader:              true,
 				Location:            "b",
+				PersistentKeepalive: 25,
 				Subnet:              &net.IPNet{IP: net.ParseIP("10.2.1.0"), Mask: net.CIDRMask(24, 32)},
 				WireGuardIP:         &net.IPNet{IP: net.ParseIP("10.4.0.1"), Mask: net.CIDRMask(16, 32)},
 			},
--- a/pkg/mesh/mesh.go
+++ b/pkg/mesh/mesh.go
@ -82,6 +82,7 @@ type Node struct {
 	Leader              bool
 	Location            string
 	Name                string
+	PersistentKeepalive int
 	Subnet              *net.IPNet
 	WireGuardIP         *net.IPNet
 }
--- a/pkg/mesh/topology.go
+++ b/pkg/mesh/topology.go
@ -64,6 +64,9 @@ type segment struct {
 	hostnames []string
 	// leader is the index of the leader of the segment.
 	leader int
+	// persistentKeepalive is the interval in seconds of the emission
+	// of keepalive packets to the peer.
+	persistentKeepalive int
 	// privateIPs is a slice of private IPs of all peers in the segment.
 	privateIPs []net.IP
 	// wireGuardIP is the allocated IP address of the WireGuard
@ -125,6 +128,7 @@ func NewTopology(nodes map[string]*Node, peers map[string]*Peer, granularity Gra
 			hostnames:           hostnames,
 			leader:              leader,
 			privateIPs:          privateIPs,
+			persistentKeepalive: topoMap[location][leader].PersistentKeepalive,
 		})
 	}
 	// Sort the Topology segments so the result is stable.
@ -335,6 +339,7 @@ func (t *Topology) Conf() *wireguard.Conf {
 				Port: uint32(t.port),
 			},
 			PublicKey:           s.key,
+			PersistentKeepalive: s.persistentKeepalive,
 		}
 		c.Peers = append(c.Peers, peer)
 	}
@ -363,6 +368,7 @@ func (t *Topology) AsPeer() *wireguard.Peer {
 				IP:   s.endpoint,
 				Port: uint32(t.port),
 			},
+			PersistentKeepalive: s.persistentKeepalive,
 			PublicKey:           s.key,
 		}
 	}
@ -379,6 +385,7 @@ func (t *Topology) PeerConf(name string) *wireguard.Conf {
 				IP:   s.endpoint,
 				Port: uint32(t.port),
 			},
+			PersistentKeepalive: s.persistentKeepalive,
 			PublicKey:           s.key,
 		}
 		c.Peers = append(c.Peers, peer)
--- a/pkg/mesh/topology_test.go
+++ b/pkg/mesh/topology_test.go
@ -45,6 +45,7 @@ func setup(t *testing.T) (map[string]*Node, map[string]*Peer, []byte, uint32) {
 			Location:            "1",
 			Subnet:              &net.IPNet{IP: net.ParseIP("10.2.1.0"), Mask: net.CIDRMask(24, 32)},
 			Key:                 []byte("key1"),
+			PersistentKeepalive: 25,
 		},
 		"b": {
 			Name:       "b",
@ -124,6 +125,7 @@ func TestNewTopology(t *testing.T) {
 						cidrs:               []*net.IPNet{nodes["a"].Subnet},
 						hostnames:           []string{"a"},
 						privateIPs:          []net.IP{nodes["a"].InternalIP.IP},
+						persistentKeepalive: nodes["a"].PersistentKeepalive,
 						wireGuardIP:         w1,
 					},
 					{
@ -160,6 +162,7 @@ func TestNewTopology(t *testing.T) {
 						cidrs:               []*net.IPNet{nodes["a"].Subnet},
 						hostnames:           []string{"a"},
 						privateIPs:          []net.IP{nodes["a"].InternalIP.IP},
+						persistentKeepalive: nodes["a"].PersistentKeepalive,
 						wireGuardIP:         w1,
 					},
 					{
@ -196,6 +199,7 @@ func TestNewTopology(t *testing.T) {
 						cidrs:               []*net.IPNet{nodes["a"].Subnet},
 						hostnames:           []string{"a"},
 						privateIPs:          []net.IP{nodes["a"].InternalIP.IP},
+						persistentKeepalive: nodes["a"].PersistentKeepalive,
 						wireGuardIP:         w1,
 					},
 					{
@ -232,6 +236,7 @@ func TestNewTopology(t *testing.T) {
 						cidrs:               []*net.IPNet{nodes["a"].Subnet},
 						hostnames:           []string{"a"},
 						privateIPs:          []net.IP{nodes["a"].InternalIP.IP},
+						persistentKeepalive: nodes["a"].PersistentKeepalive,
 						wireGuardIP:         w1,
 					},
 					{
@ -278,6 +283,7 @@ func TestNewTopology(t *testing.T) {
 						cidrs:               []*net.IPNet{nodes["a"].Subnet},
 						hostnames:           []string{"a"},
 						privateIPs:          []net.IP{nodes["a"].InternalIP.IP},
+						persistentKeepalive: nodes["a"].PersistentKeepalive,
 						wireGuardIP:         w1,
 					},
 					{
@ -324,6 +330,7 @@ func TestNewTopology(t *testing.T) {
 						cidrs:               []*net.IPNet{nodes["a"].Subnet},
 						hostnames:           []string{"a"},
 						privateIPs:          []net.IP{nodes["a"].InternalIP.IP},
+						persistentKeepalive: nodes["a"].PersistentKeepalive,
 						wireGuardIP:         w1,
 					},
 					{
@ -1027,6 +1034,7 @@ AllowedIPs = 10.5.0.3/24
 		[Peer]
 		PublicKey = key1
 		Endpoint = 10.1.0.1:51820
+		PersistentKeepalive = 25
 		AllowedIPs = 10.2.1.0/24, 192.168.0.1/32, 10.4.0.1/32

 		[Peer]
@ -1051,6 +1059,7 @@ AllowedIPs = 10.5.0.3/24
 		[Peer]
 		PublicKey = key1
 		Endpoint = 10.1.0.1:51820
+		PersistentKeepalive = 25
 		AllowedIPs = 10.2.1.0/24, 192.168.0.1/32, 10.4.0.1/32

 		[Peer]
@ -1104,6 +1113,7 @@ AllowedIPs = 10.5.0.3/24
 		[Peer]
 		PublicKey = key1
 		Endpoint = 10.1.0.1:51820
+		PersistentKeepalive = 25
 		AllowedIPs = 10.2.1.0/24, 192.168.0.1/32, 10.4.0.1/32

 		[Peer]
@ -1133,6 +1143,7 @@ AllowedIPs = 10.5.0.3/24
 		[Peer]
 		PublicKey = key1
 		Endpoint = 10.1.0.1:51820
+		PersistentKeepalive = 25
 		AllowedIPs = 10.2.1.0/24, 192.168.0.1/32, 10.4.0.1/32

 		[Peer]