Commit Graph

330 Commits

Author SHA1 Message Date
leonnicolas
086b2e1ddd
cmd/kg/*: sub command peer validation webhook
This commit adds a sub command `webhook` to Kilo.
It will start a https web server that answeres request from a Kubernetes
API server to validate updates and creations of Kilo peers.

It also updates the "Peer Validation" docs to enable users to
install the web hook server and generate the self signed certificates in
the cluster by only applying a manifest.

Signed-off-by: leonnicolas <leonloechner@gmx.de>

Apply suggestions from code review

Co-authored-by: Lucas Servén Marín <lserven@gmail.com>
2021-09-06 21:14:44 +02:00
leonnicolas
2b4487ba9a
cmd/kg/main.go: use cobra
This commit uses cobra instead of pflags in kg to handle flags in preparation  to add a new subcommand
for the webhook server.

Signed-off-by: leonnicolas <leonloechner@gmx.de>
2021-08-30 16:59:26 +02:00
Lucas Servén Marín
cad15d9961
Merge pull request #230 from sbaildon/mesh-local-ip
filter local IP addresses when scanning for ips resolved by hostname
2021-08-22 15:49:06 +02:00
Sean Baildon
9ec155b843 pkg/mesh: filter local IP addresses when scanning for ips resolved by hostname 2021-08-22 12:40:55 +01:00
leonnicolas
e886f5d24e
Merge pull request #228 from squat/release-0.3
Merge Release 0.3 into Main
2021-08-20 09:50:03 +03:00
Lucas Servén Marín
acc3696057
Merge pull request #225 from squat/fix_scope
pkg/k8s: fix resource scope of Kilo CRD
2021-08-19 23:43:28 +02:00
Lucas Servén Marín
288bb824aa
pkg/k8s: fix resource scope of Kilo CRD
When updating Kilo to the latest version of the CustomResourceDefinition
API, the Kilo Peer CRD was incorrectly scoped as a namespaced resource
due to differences in the ergonomics of the tooling.

This commit fixes the scoping of the Peer CRD to be cluster-wide.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-08-19 22:58:42 +02:00
leonnicolas
6fe0beabcd
Merge pull request #224 from squat/e2e-fix
e2e/lib.sh: fix namespace of adjacency
2021-08-19 09:38:32 +03:00
leonnicolas
0fbd33788e
e2e/lib.sh: fix namespace of adjacency
adjacency is running in the default namespace.
Prior to this commit the block_until_ready function
received the adjacency namespace instead of the default
namespace as a parameter.

Signed-off-by: leonnicolas <leonloechner@gmx.de>
2021-08-18 22:51:51 +02:00
Steffen Vogel
1b5ad035d9
kg: add new handler for rendering the topology graph
docker: add missing fonts for rasterized graphviz  output formats

add missing license header

kg: do not export handlers

use http package for status codes

keep checks for errors in a single line

simplify error message about failed invocation of dot

pass node hostname and subnet to graph handler

use SVG as default format for graph handler

register health handler with HandleFunc

add option for selecting layout to graph handler and using circo as new default

e2e: add tests for HTTP handlers

e2e: fix and simplify handler tests

add should comments to assertions

e2s: use assert_fail instead of assert _not

add missing mime-type header for graph handler

use switch/case statements for validating formats / layouts

e2e: fix handlers tests

Co-authored-by: leonnicolas <60091705+leonnicolas@users.noreply.github.com>

graph-handler: add missing font to Dockerfile

Dockerfile: remove unnecessary font

This commit leaves Noto as the only font package, as one font package is
sufficient for the container.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-08-18 14:04:44 +02:00
Lucas Servén Marín
ee5300db4c
docs: regenerate (#220)
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-08-07 12:42:36 +02:00
dependabot[bot]
6309529a3f
build(deps): bump prismjs from 1.23.0 to 1.24.1 in /website (#207)
Bumps [prismjs](https://github.com/PrismJS/prism) from 1.23.0 to 1.24.1.
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PrismJS/prism/compare/v1.23.0...v1.24.1)

---
updated-dependencies:
- dependency-name: prismjs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-16 14:59:11 +02:00
Lucas Servén Marín
2c74a560c4
pkg/wireguard: allow configuring MTU (#215)
This commit makes it possible to configure the MTU for the WireGuard
interface created by Kilo.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-16 14:23:11 +02:00
leonnicolas
daecc2a0bc
Merge pull request #212 from stv0g/k3s-kubeconfig
k3s: Dynamically generate kubeconfig
2021-07-15 16:18:18 +02:00
Steffen Vogel
7c8905f10d k3s: add missing ServiceAccountName to nkml DaemonSet 2021-07-15 15:24:00 +02:00
leonnicolas
3a7e0908bd
Merge pull request #213 from squat/update_docusaurus
website: update docusaurus
2021-07-15 15:01:19 +02:00
Steffen Vogel
d1f7c32760 k3s: generate kubeconfig based on token from ServiceAccount and master address & cacert from kubelet kubeconfig (closes #49) 2021-07-15 14:01:38 +02:00
Lucas Servén Marín
8306d92c79
website: update docusaurus
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-14 16:33:45 +02:00
Lucas Servén Marín
abecadf707
manifests,e2e: reduce cluster role permissions (#211)
Since Kilo now uses the `kilo.squat.ai/discovered-endpoints` annotation
for Peer discovery, Kilo no longer needs to update Peer resources, so we
can remove this permission from the ClusterRole. Note, the RBAC in the
manifests is not used today, but we eventually want to migrate to this.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-14 13:20:05 +02:00
Lucas Servén Marín
e9d1ba88a8 e2e: update adjacency tool
This commit updates the reference to the adjacency tool used in the e2e
tests.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-13 13:16:34 +02:00
Lucas Servén Marín
ad62f90e54
Merge pull request #205 from squat/test_multi_cluster
Test multi cluster
2021-07-08 14:41:02 +02:00
leonnicolas
6de6b37406
Merge pull request #206 from squat/consistent_notes
docs: use consistent notes
2021-07-08 12:44:31 +02:00
Lucas Servén Marín
7756b5ce04
docs: use consistent notes
This commit standardizes how we display a `note` in our docs.
Previously, we used a mix of `_Note_:`, `__Note:__`, `> Note`, and `>
**Note**:` among others. Now, all notes appear as `> **Note**:`.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-08 12:15:17 +02:00
Lucas Servén Marín
19b0797ae2
e2e: test multi-cluster connectivity
This commit adds a new test suite to the e2e tests that validates
multi-cluster connectivity in Kilo. This is really just an extension of
the testing of the Peers CRD and related tooling that also exercises the
`--allowed-ips` flag of the `kgctl` tool.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-08 11:59:32 +02:00
Lucas Servén Marín
8c7e58a231
Makefile: allow filtering e2e tests
This commit enables the filtering of e2e tests that should be run when
using the Makefile's `e2e` target through the specification of the
`BASH_UNIT_FLAGS` environment variable. The value of this variable will
be passed as arguments to the `bash_unit` command, enabling filtering of
tests.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-08 11:50:49 +02:00
leonnicolas
6b5001bf0e
Merge pull request #202 from squat/e2e_improvements
e2e test suite improvements
2021-07-07 11:11:31 +02:00
Julien Viard de Galbert
e12b5029d7
Use LatestHandshake to validate endpoint (#149)
* wireguard: `wg show iface dump` reader and parser

* mesh: use LatestHandshake to validate NAT Endpoints

* add skip on error

* switch to loop parsing

So the stop on error pattern can be used

* Add error handling to ParseDump
2021-07-06 14:14:59 +02:00
leonnicolas
86eea326db
e2e/lib.sh: print to stderr in retry
This way callers of retry can check against the returned value and not
the logged strings.

Signed-off-by: leonnicolas <leonloechner@gmx.de>
2021-07-06 10:59:50 +02:00
Lucas Servén Marín
f251ddda98
e2e: simplify check_adjacency helper
This commit simplifies the check_adjacency helper to us the curl_pod
helper rather than a re-written version of it. It also simplifies the
curl_pod helper slightly to avoid the need for an additional shell.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-06 10:59:49 +02:00
Lucas Servén Marín
f81d19e692
e2e: allow parameterizing kind config
This commit allows the kind cluster configuration to be parameterized at
call time. This enables the test suite to build multiple clusters with
different configurations, e.g. different CIDRs, different numbers of
nodes, etc.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-06 10:59:44 +02:00
Lucas Servén Marín
c728870b49
e2e: check_adjacent accept node number
This commit modifies the logic of the check_adjacent helper so that
rather than expecting the argument to be n^2+n it expects simply n. This
makes it easier to update the caller when the number of nodes in the
cluster changes.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-06 10:58:14 +02:00
Lucas Servén Marín
1e1f8819bf
e2e: don't export KUBECONFIG
This commit modifies the e2e shell scripts so that the KUBECONFIG
variable does not need to be exported. This will become important once
we allow the e2e test suite to launch multiple clusters, e.g. to test
multi-cluster connectivity.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-06 10:58:13 +02:00
leonnicolas
0733c83a0a
Merge pull request #201 from squat/reuse_kind_clusters
e2e: reuse kind cluster across suites
2021-07-05 22:03:56 +02:00
Lucas Servén Marín
c9e4786893
e2e: reuse kind cluster across suites
Currently, each test suite spins up its own kind cluster, which results
in longer e2e test times as each test suite needs to wait for the
cluster to be ready and for images to download. This commit creates two
new virtual test suites that are run before and after the actual e2e
tests and are responsible for creating and destroying a kind cluster
respectively. Any test suite that needs a fresh cluster can still spin
up its own using the `create_cluster` helper in the lib.sh file.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-05 19:43:18 +02:00
leonnicolas
8c4cb7238c
Merge pull request #204 from squat/fix_e2e
Makefile: fix e2e tests
2021-07-05 19:35:38 +02:00
Lucas Servén Marín
821180bdf1
Makefile: fix e2e tests
We seem to be running into
https://github.com/kubernetes-sigs/kind/issues/2240: kube-proxy is
crashlooping, which in turn causes CoreDNS to fail to connect to the API
server over the Service CIDR, which in turn cases DNS resolution to fail
in the cluster, which in turn causes the e2e tests to fail.
To address this,
this commit bumps the kind version to 0.11.1.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-07-05 19:16:30 +02:00
Lucas Servén Marín
d2fa4cc0b8
Merge pull request #199 from Ehco1996/ci
ci: add docker push in release ci
2021-06-29 15:00:54 +02:00
ehco1996
046e018c80 ci: add docker push in release ci 2021-06-29 20:29:35 +08:00
Lucas Servén Marín
9f23e39fca
Merge pull request #197 from squat/autodetect_granularity
pkg/ cmd/: kgctl autodetect mesh granularity
2021-06-18 16:45:49 +02:00
leonnicolas
088578b055
pkg/ cmd/: kgctl autodetect mesh granularity
Addes granularity annotation to auto detect the mesh granularity when
using kubectl

Signed-off-by: leonnicolas <leonloechner@gmx.de>
2021-06-18 15:59:25 +02:00
Lucas Servén Marín
0d1d4fa052
Merge pull request #196 from squat/e2e_split
e2e: split e2e tests into different suites
2021-06-17 16:53:52 +02:00
dependabot[bot]
ac0574a377
Merge pull request #185 from squat/dependabot/npm_and_yarn/website/normalize-url-4.5.1 2021-06-17 12:17:56 +00:00
dependabot[bot]
35ce0c5049
build(deps): bump normalize-url from 4.5.0 to 4.5.1 in /website
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-17 09:51:32 +00:00
leonnicolas
489f322514
Merge pull request #184 from squat/dependabot/npm_and_yarn/website/ws-6.2.2
build(deps): bump ws from 6.2.1 to 6.2.2 in /website
2021-06-17 11:49:49 +02:00
Lucas Servén Marín
f3eac80675
e2e: split e2e tests into different suites
This commit splits the e2e tests into different suites that all reuse
helper functions from the lib.sh file. This split ensures that the tests
within a suite can all have the same setup, e.g. all tests depending on
a full-mesh will be set up with a full-mesh, and is resilient against
changes in test ordering.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-06-17 11:48:35 +02:00
dependabot[bot]
f21fd951ef
build(deps): bump ws from 6.2.1 to 6.2.2 in /website
Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/commits)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-17 09:38:25 +00:00
dependabot[bot]
99b3b40342
Merge pull request #180 from squat/dependabot/npm_and_yarn/website/dns-packet-1.3.4 2021-06-17 09:37:15 +00:00
dependabot[bot]
24fcef14ef
build(deps): bump dns-packet from 1.3.1 to 1.3.4 in /website
Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4.
- [Release notes](https://github.com/mafintosh/dns-packet/releases)
- [Changelog](https://github.com/mafintosh/dns-packet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mafintosh/dns-packet/compare/v1.3.1...v1.3.4)

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-17 09:16:52 +00:00
Lucas Servén Marín
f7d4658cf1
Merge pull request #195 from squat/e2e_test_allowed_location_ips
e2e: add test for allowed location IPs
2021-06-16 20:47:29 +02:00
Lucas Servén Marín
6ab338cf58
e2e: add test for allowed location IPs
This commit adds a new e2e test fot the recently introduced
allowed-location-ips annotation. This test annotates the control-plane
node with an allowed IP and then ensures this IPs is reachable from
the curl helper Pod, which is now guaranteed to be scheduled on a
worker node.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-06-16 17:01:58 +02:00