This commit ensures that the WireGuard private key is re-used between
container restarts. The result of this is that external peers can keep
using their configuration and don't need to be re-configured just
because the Kilo container restarted.
We need to defensively deduplicate peer allowed IPs.
If two peers claim the same IP, the WireGuard configuration
could flap, causing the interface to churn.
This commit adds several output options to the `showconf` command of the
`kgctl` binary:
* `--as-peer`: this can be used to generate a peer configuration, which
can be used to configure the selected resource as a peer of another
WireGuard interface
* `--output`: this can be used to select the desired output format of
the peer resource, available options are: WireGuard, YAML, and JSON.
When interfaces on the host churn, the kernel will remove routes
associated with those interfaces. This could cause the Kilo route
controller to become out of sync with the routes that really exist. This
commit fixes this behavior.
This commit enables Kilo to work as an independent networking provider.
This is done by leveraging CNI. Kilo brings the necessary CNI plugins to
operate and takes care of all networking.
Add-on compatibility for Calico, Flannel, etc, will be re-introduced
shortly.
This commit exposes a new Prometheus to track the number of
reconciliation attempts. This is important, as without this, the number
of errors it not too helpful. A more valuable statistic is the
proportion of reconciliations that result in an error.
This commit introduces liveness checks to Kilo. This allows the Kilo
daemons to take nodes with inactive or dead Kilo deamons out of the
topology until they are alive again.
Lucas Servén Marín