This commit adds a doc for `kg`, the Kilo agent that runs on every node
in the mesh. This includes: the doc itself, files needed for the
website, and tooling to generate the document using `embedmd`.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
If we tag a release for, e.g. 0.1.1, after we've already cut a 0.2.0
tag, then CI would tag the 0.1.1 image as `latest`, which is confusing.
This commit ensures that we only tag the `latest` image when building
from master.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
The current Alpine package CDN is timing out for aarch64. This commit
updates it to another mirror. This commit also changes the channel
Alpine channel from edge to v3.12. Note: the Dockerfile overrides the
Alpine CDN settings to ensure that a mirror with support for TLS is
used.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit introduces a new Prometheus metric to detect if the node is
a leader of its location, from its own point of view.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Previously, when `deleteFromIndex` exited early due to an error, nil
rules would be left in the controller's list of rules, which could
provoke a panic on the next reconciliation. This commit ensures that nil
rules are removed before an early exit.
Fixes: #51
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Previously, when udpdating the persistent keepalive of a node via
annotations, the node's WireGuard configuration was not updated. This
corrects the behavior.
Fixes: #54
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds support for defining preshared keys when declaring a
new Peer CRD. This preshared key will be used whenever the nodes in the
Kilo mesh communicate with that peer.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds a guide for deploying Kubernetes NetworkPolicy support
to a cluster running Kilo.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit enables simultaneously managing IPv4 and IPv6 iptables
rules. This makes it possible to have peers with IPv6 allowed IPs in an
otherwise IPv4 stack and vice versa.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit introduces a the Kilo website. It is generated with
Docusaurus and can be deployed with standard services like Netlify.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit introduces a new document explaining how peers can use the
Kilo cluster VPN as a gateway to the internet.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit enables NAT-ing packets outgoing to the WAN from both the
Pod subnet as well as from peers. This means that Pods can access the
Internet and that peers can use the Kilo mesh as a gateway to the
Internet.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit better organizes the location of iptables rules. This is
made possible by exposing two new funcs, `NewRule` and `NewChain`.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit re-enables old functionality, which permitted the generation
of the configuration for a cluster without any peers.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit changes how Kilo allows nodes and peers behind NAT to roam.
Rather that ignore changes to endpoints when comparing WireGuard
configurations, Kilo now incorporates changes to endpoints for peers
behind NAT into its configuration first and later compares the
configurations.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>