This commit adds a sub command `webhook` to Kilo.
It will start a https web server that answeres request from a Kubernetes
API server to validate updates and creations of Kilo peers.
It also updates the "Peer Validation" docs to enable users to
install the web hook server and generate the self signed certificates in
the cluster by only applying a manifest.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
Apply suggestions from code review
Co-authored-by: Lucas Servén Marín <lserven@gmail.com>
This commit uses cobra instead of pflags in kg to handle flags in preparation to add a new subcommand
for the webhook server.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
When updating Kilo to the latest version of the CustomResourceDefinition
API, the Kilo Peer CRD was incorrectly scoped as a namespaced resource
due to differences in the ergonomics of the tooling.
This commit fixes the scoping of the Peer CRD to be cluster-wide.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
adjacency is running in the default namespace.
Prior to this commit the block_until_ready function
received the adjacency namespace instead of the default
namespace as a parameter.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
docker: add missing fonts for rasterized graphviz output formats
add missing license header
kg: do not export handlers
use http package for status codes
keep checks for errors in a single line
simplify error message about failed invocation of dot
pass node hostname and subnet to graph handler
use SVG as default format for graph handler
register health handler with HandleFunc
add option for selecting layout to graph handler and using circo as new default
e2e: add tests for HTTP handlers
e2e: fix and simplify handler tests
add should comments to assertions
e2s: use assert_fail instead of assert _not
add missing mime-type header for graph handler
use switch/case statements for validating formats / layouts
e2e: fix handlers tests
Co-authored-by: leonnicolas <60091705+leonnicolas@users.noreply.github.com>
graph-handler: add missing font to Dockerfile
Dockerfile: remove unnecessary font
This commit leaves Noto as the only font package, as one font package is
sufficient for the container.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Since Kilo now uses the `kilo.squat.ai/discovered-endpoints` annotation
for Peer discovery, Kilo no longer needs to update Peer resources, so we
can remove this permission from the ClusterRole. Note, the RBAC in the
manifests is not used today, but we eventually want to migrate to this.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit standardizes how we display a `note` in our docs.
Previously, we used a mix of `_Note_:`, `__Note:__`, `> Note`, and `>
**Note**:` among others. Now, all notes appear as `> **Note**:`.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds a new test suite to the e2e tests that validates
multi-cluster connectivity in Kilo. This is really just an extension of
the testing of the Peers CRD and related tooling that also exercises the
`--allowed-ips` flag of the `kgctl` tool.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit enables the filtering of e2e tests that should be run when
using the Makefile's `e2e` target through the specification of the
`BASH_UNIT_FLAGS` environment variable. The value of this variable will
be passed as arguments to the `bash_unit` command, enabling filtering of
tests.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
* wireguard: `wg show iface dump` reader and parser
* mesh: use LatestHandshake to validate NAT Endpoints
* add skip on error
* switch to loop parsing
So the stop on error pattern can be used
* Add error handling to ParseDump
This commit simplifies the check_adjacency helper to us the curl_pod
helper rather than a re-written version of it. It also simplifies the
curl_pod helper slightly to avoid the need for an additional shell.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit allows the kind cluster configuration to be parameterized at
call time. This enables the test suite to build multiple clusters with
different configurations, e.g. different CIDRs, different numbers of
nodes, etc.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit modifies the logic of the check_adjacent helper so that
rather than expecting the argument to be n^2+n it expects simply n. This
makes it easier to update the caller when the number of nodes in the
cluster changes.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit modifies the e2e shell scripts so that the KUBECONFIG
variable does not need to be exported. This will become important once
we allow the e2e test suite to launch multiple clusters, e.g. to test
multi-cluster connectivity.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Currently, each test suite spins up its own kind cluster, which results
in longer e2e test times as each test suite needs to wait for the
cluster to be ready and for images to download. This commit creates two
new virtual test suites that are run before and after the actual e2e
tests and are responsible for creating and destroying a kind cluster
respectively. Any test suite that needs a fresh cluster can still spin
up its own using the `create_cluster` helper in the lib.sh file.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
We seem to be running into
https://github.com/kubernetes-sigs/kind/issues/2240: kube-proxy is
crashlooping, which in turn causes CoreDNS to fail to connect to the API
server over the Service CIDR, which in turn cases DNS resolution to fail
in the cluster, which in turn causes the e2e tests to fail.
To address this,
this commit bumps the kind version to 0.11.1.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit splits the e2e tests into different suites that all reuse
helper functions from the lib.sh file. This split ensures that the tests
within a suite can all have the same setup, e.g. all tests depending on
a full-mesh will be set up with a full-mesh, and is resilient against
changes in test ordering.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds a new e2e test fot the recently introduced
allowed-location-ips annotation. This test annotates the control-plane
node with an allowed IP and then ensures this IPs is reachable from
the curl helper Pod, which is now guaranteed to be scheduled on a
worker node.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>