manifests: keep private key between restarts

This commit ensures that the WireGuard private key is re-used between
container restarts. The result of this is that external peers can keep
using their configuration and don't need to be re-configured just
because the Kilo container restarted.

manifests/kilo-bootkube.yaml

@@ -100,14 +100,13 @@ spec:
         securityContext:
           privileged: true
         volumeMounts:
+        - name: cni-conf-dir
+          mountPath: /etc/cni/net.d
+        - name: kilo-dir
+          mountPath: /var/lib/kilo
         - name: kubeconfig
           mountPath: /etc/kubernetes/kubeconfig
           readOnly: true
-      tolerations:
-      - effect: NoSchedule
-        operator: Exists
-      - effect: NoExecute
-        operator: Exists
       initContainers:
       - name: install-cni
         image: squat/kilo
@@ -139,12 +138,15 @@ spec:
       - effect: NoExecute
         operator: Exists
       volumes:
-      - name: kubeconfig
-        hostPath:
-          path: /etc/kubernetes/kubeconfig
       - name: cni-bin-dir
         hostPath:
           path: /opt/cni/bin
       - name: cni-conf-dir
         hostPath:
           path: /etc/kubernetes/cni/net.d
+      - name: kilo-dir
+        hostPath:
+          path: /var/lib/kilo
+      - name: kubeconfig
+        hostPath:
+          path: /etc/kubernetes/kubeconfig

manifests/kilo-kubeadm.yaml

@@ -102,6 +102,8 @@ spec:
         volumeMounts:
         - name: cni-conf-dir
           mountPath: /etc/cni/net.d
+        - name: kilo-dir
+          mountPath: /var/lib/kilo
         - name: kubeconfig
           mountPath: /etc/kubernetes
           readOnly: true
@@ -136,15 +138,18 @@ spec:
       - effect: NoExecute
         operator: Exists
       volumes:
-      - name: kubeconfig
-        configMap:
-          name: kube-proxy
-          items:
-          - key: kubeconfig.conf
-            path: kubeconfig
       - name: cni-bin-dir
         hostPath:
           path: /opt/cni/bin
       - name: cni-conf-dir
         hostPath:
           path: /etc/kubernetes/cni/net.d
+      - name: kilo-dir
+        hostPath:
+          path: /var/lib/kilo
+      - name: kubeconfig
+        configMap:
+          name: kube-proxy
+          items:
+          - key: kubeconfig.conf
+            path: kubeconfig

manifests/kilo-typhoon.yaml

@@ -102,6 +102,8 @@ spec:
         volumeMounts:
         - name: cni-conf-dir
           mountPath: /etc/cni/net.d
+        - name: kilo-dir
+          mountPath: /var/lib/kilo
         - name: kubeconfig
           mountPath: /etc/kubernetes
           readOnly: true
@@ -136,12 +138,15 @@ spec:
       - effect: NoExecute
         operator: Exists
       volumes:
-      - name: kubeconfig
-        configMap:
-          name: kubeconfig-in-cluster
       - name: cni-bin-dir
         hostPath:
           path: /opt/cni/bin
       - name: cni-conf-dir
         hostPath:
           path: /etc/kubernetes/cni/net.d
+      - name: kilo-dir
+        hostPath:
+          path: /var/lib/kilo
+      - name: kubeconfig
+        configMap:
+          name: kubeconfig-in-cluster

pkg/mesh/mesh.go

@@ -713,10 +713,6 @@ func (m *Mesh) cleanUp() {
 		level.Error(m.logger).Log("error", fmt.Sprintf("failed to clean up routes: %v", err))
 		m.errorCounter.WithLabelValues("cleanUp").Inc()
 	}
-	if err := os.Remove(PrivateKeyPath); err != nil {
-		level.Error(m.logger).Log("error", fmt.Sprintf("failed to delete private key: %v", err))
-		m.errorCounter.WithLabelValues("cleanUp").Inc()
-	}
 	if err := os.Remove(ConfPath); err != nil {
 		level.Error(m.logger).Log("error", fmt.Sprintf("failed to delete configuration file: %v", err))
 		m.errorCounter.WithLabelValues("cleanUp").Inc()