manifests: keep private key between restarts
This commit ensures that the WireGuard private key is re-used between container restarts. The result of this is that external peers can keep using their configuration and don't need to be re-configured just because the Kilo container restarted.
This commit is contained in:
Lucas Servén Marín
parent
bbbfc0548f
commit
e4ad7c29ec
@ -100,14 +100,13 @@ spec:
|
|||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: cni-conf-dir
|
||||||
|
mountPath: /etc/cni/net.d
|
||||||
|
- name: kilo-dir
|
||||||
|
mountPath: /var/lib/kilo
|
||||||
- name: kubeconfig
|
- name: kubeconfig
|
||||||
mountPath: /etc/kubernetes/kubeconfig
|
mountPath: /etc/kubernetes/kubeconfig
|
||||||
readOnly: true
|
readOnly: true
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
operator: Exists
|
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: install-cni
|
- name: install-cni
|
||||||
image: squat/kilo
|
image: squat/kilo
|
||||||
@ -139,12 +138,15 @@ spec:
|
|||||||
- effect: NoExecute
|
- effect: NoExecute
|
||||||
operator: Exists
|
operator: Exists
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
|
||||||
hostPath:
|
|
||||||
path: /etc/kubernetes/kubeconfig
|
|
||||||
- name: cni-bin-dir
|
- name: cni-bin-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /opt/cni/bin
|
path: /opt/cni/bin
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/kubernetes/cni/net.d
|
path: /etc/kubernetes/cni/net.d
|
||||||
|
- name: kilo-dir
|
||||||
|
hostPath:
|
||||||
|
path: /var/lib/kilo
|
||||||
|
- name: kubeconfig
|
||||||
|
hostPath:
|
||||||
|
path: /etc/kubernetes/kubeconfig
|
||||||
|
|||||||
@ -102,6 +102,8 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
mountPath: /etc/cni/net.d
|
mountPath: /etc/cni/net.d
|
||||||
|
- name: kilo-dir
|
||||||
|
mountPath: /var/lib/kilo
|
||||||
- name: kubeconfig
|
- name: kubeconfig
|
||||||
mountPath: /etc/kubernetes
|
mountPath: /etc/kubernetes
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -136,15 +138,18 @@ spec:
|
|||||||
- effect: NoExecute
|
- effect: NoExecute
|
||||||
operator: Exists
|
operator: Exists
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
|
||||||
configMap:
|
|
||||||
name: kube-proxy
|
|
||||||
items:
|
|
||||||
- key: kubeconfig.conf
|
|
||||||
path: kubeconfig
|
|
||||||
- name: cni-bin-dir
|
- name: cni-bin-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /opt/cni/bin
|
path: /opt/cni/bin
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/kubernetes/cni/net.d
|
path: /etc/kubernetes/cni/net.d
|
||||||
|
- name: kilo-dir
|
||||||
|
hostPath:
|
||||||
|
path: /var/lib/kilo
|
||||||
|
- name: kubeconfig
|
||||||
|
configMap:
|
||||||
|
name: kube-proxy
|
||||||
|
items:
|
||||||
|
- key: kubeconfig.conf
|
||||||
|
path: kubeconfig
|
||||||
|
|||||||
@ -102,6 +102,8 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
mountPath: /etc/cni/net.d
|
mountPath: /etc/cni/net.d
|
||||||
|
- name: kilo-dir
|
||||||
|
mountPath: /var/lib/kilo
|
||||||
- name: kubeconfig
|
- name: kubeconfig
|
||||||
mountPath: /etc/kubernetes
|
mountPath: /etc/kubernetes
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -136,12 +138,15 @@ spec:
|
|||||||
- effect: NoExecute
|
- effect: NoExecute
|
||||||
operator: Exists
|
operator: Exists
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
|
||||||
configMap:
|
|
||||||
name: kubeconfig-in-cluster
|
|
||||||
- name: cni-bin-dir
|
- name: cni-bin-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /opt/cni/bin
|
path: /opt/cni/bin
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/kubernetes/cni/net.d
|
path: /etc/kubernetes/cni/net.d
|
||||||
|
- name: kilo-dir
|
||||||
|
hostPath:
|
||||||
|
path: /var/lib/kilo
|
||||||
|
- name: kubeconfig
|
||||||
|
configMap:
|
||||||
|
name: kubeconfig-in-cluster
|
||||||
|
|||||||
@ -713,10 +713,6 @@ func (m *Mesh) cleanUp() {
|
|||||||
level.Error(m.logger).Log("error", fmt.Sprintf("failed to clean up routes: %v", err))
|
level.Error(m.logger).Log("error", fmt.Sprintf("failed to clean up routes: %v", err))
|
||||||
m.errorCounter.WithLabelValues("cleanUp").Inc()
|
m.errorCounter.WithLabelValues("cleanUp").Inc()
|
||||||
}
|
}
|
||||||
if err := os.Remove(PrivateKeyPath); err != nil {
|
|
||||||
level.Error(m.logger).Log("error", fmt.Sprintf("failed to delete private key: %v", err))
|
|
||||||
m.errorCounter.WithLabelValues("cleanUp").Inc()
|
|
||||||
}
|
|
||||||
if err := os.Remove(ConfPath); err != nil {
|
if err := os.Remove(ConfPath); err != nil {
|
||||||
level.Error(m.logger).Log("error", fmt.Sprintf("failed to delete configuration file: %v", err))
|
level.Error(m.logger).Log("error", fmt.Sprintf("failed to delete configuration file: %v", err))
|
||||||
m.errorCounter.WithLabelValues("cleanUp").Inc()
|
m.errorCounter.WithLabelValues("cleanUp").Inc()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user