Commit Graph

407 Commits

Author SHA1 Message Date
leonnicolas
6491d7b87f
Bump go and container base image
- bump golang 1.17 -> 1.18
 - bump alpine 3.14 -> 3.15
 - revendor

 We need to use golang instead of golang:alpine because it does not
 contain git anymore. This should be fine as we are not enabling CGO,
 thus not linking against musl instead of libc.

Signed-off-by: leonnicolas <leonloechner@gmx.de>
2022-04-21 21:35:54 +02:00
Lucas Servén Marín
fc741bf444
Merge pull request #301 from squat/check_docs_in_ci
.github: ensure docs are up to date in CI
2022-04-21 20:40:50 +02:00
Lucas Servén Marín
8afe1bea53
Merge pull request #300 from squat/use_cni_0.4.0
manifests: use CNI 0.4.0
2022-04-21 08:26:42 +02:00
Lucas Servén Marín
112772d02d
docs: regenerate
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-20 16:15:56 +02:00
Lucas Servén Marín
a385f1ac82
.github: ensure docs are up to date in CI
This commit updates the CI configuration for Kilo to ensure that the
documentation, specifically the generated docs, are up-to-date.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-20 16:11:07 +02:00
Lucas Servén Marín
1f19133ea8
manifests: use CNI 0.4.0
As mentioned in the Kilo Slack [0], Kubernetes supports CNI 0.4.0 and
does not yet support 1.0.0. Correspondingly, this commit downgrades the
declared CNI version in the configuration to 0.4.0 and crucially updates
the configuration used in the e2e tests to exercise this new CNI
version.

[0] https://kubernetes.slack.com/archives/C022EB4R7TK/p1650455432970199?thread_ts=1650368553.132859&cid=C022EB4R7TK

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-20 14:57:21 +02:00
Lucas Servén Marín
7985ed5091
Merge pull request #299 from READ10/main
bump CNI plugins version and fix spec version
2022-04-19 14:49:47 +02:00
Dave Allan
19c13b7401 reduce cniVersion from 1.0.1 to 1.0.0 to match spec version 2022-04-19 08:28:31 -04:00
Dave Allan
3e6818d0b3 bump CNI plugins version to 1.1.1 2022-04-19 08:27:35 -04:00
Lucas Servén Marín
8cadff2b79
CNI: bump to 1.0.1 (#297)
* CNI: bump to 1.0.1

This commit bumps the declared version of CNI in the Kilo manifests to
1.0.1. This is possible with no changes to the configuration lists
because our simple configuration is not affected by any of the
deprecations, and there was effectively no change between 0.4.0 and
1.0.0, other than the declaration of a stable API. Similarly, this
commit also bumps the version of the CNI library and the plugins
package.

Bumping to CNI 1.0.0 will help ensure that Kilo stays compatible with
container runtimes in the future.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>

* vendor: revendor

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-18 19:00:37 +02:00
Lucas Servén Marín
6862274e8e
Merge pull request #298 from squat/dependabot/npm_and_yarn/website/async-2.6.4
build(deps): bump async from 2.6.3 to 2.6.4 in /website
2022-04-17 00:43:23 +02:00
dependabot[bot]
a02542b529
build(deps): bump async from 2.6.3 to 2.6.4 in /website
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: async
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-16 22:24:04 +00:00
Lucas Servén Marín
7dbbf52e1c
Merge pull request #295 from squat/release-0.4
Release 0.4
2022-04-17 00:23:27 +02:00
dependabot[bot]
9a9131d965
build(deps): bump github.com/containernetworking/cni from 0.6.0 to 0.8.1 (#293) 2022-04-14 09:20:22 +00:00
Lucas Servén Marín
a6d50a8046
.github/workflows/release.yaml: clarify job name (#296)
Currently,the job to build kgctl binaries is named `linux`, which
suggests to the reader that the job is only building binaries for Linux,
when it is in fact building binaries for Linux, Darwin, and Windows.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-13 20:23:13 +02:00
Lucas Servén Marín
d47bb4f587
Merge pull request #292 from clive-jevons/bump-referenced-image-tag-to-0.4.1
bump referenced image version to 0.4.1 in preparation for release 0.4.1
2022-04-13 12:52:20 +02:00
Lucas Servén Marín
206b078c5f
CI: run for all PRs (#294)
Currently, CI only runs for PRs to the main branch. This commit modifies
the configuration so that it runs for PRs to any branch.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-13 12:02:07 +02:00
Clive Jevons
7c5f9ecc40 bump referenced image version to 0.4.1 in preparation for release 0.4.1 2022-04-11 18:18:26 +02:00
Lucas Servén Marín
69fb81bcd3
Merge pull request #291 from clive-jevons/pin-image-in-manifests-to-release-0.4
pin release-0.4 image version to tag 0.4.0
2022-04-11 16:07:12 +02:00
Clive Jevons
c00cf69b55 pin release-0.4 image version to tag 0.4.0 2022-04-11 15:46:27 +02:00
leonnicolas
0dfb744630
kgctl connect (#269)
* kgctl connect

Use kgctl connect to connect your laptop to a cluster.

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* cmd/kgctl: finish connect command

This commit fixes some bugs and finishes the implementation of the
`kgctl connect` command.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>

* e2e: add tests for kgctl connect

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>

* docs: add documentation for `kgctl connect`

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>

* pkg/mesh: move peer route generation to mesh

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>

Co-authored-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-08 13:42:13 +02:00
hhstu
d95e590f5c
add example for kubeadm-userspace,kubeadm-flannel-userspace (#284)
* add example for  kubeadm-userspace,kubeadm-flannel-userspace

* remove configmap of kilo when use flannel
2022-04-03 12:50:41 +02:00
Lucas Servén Marín
d3710399f8
Merge pull request #288 from squat/arkade
docs: document installation with arkade
2022-04-03 12:08:50 +02:00
Lucas Servén Marín
0eb9df178a
docs: document installation with arkade
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-04-01 16:09:08 +02:00
Lucas Servén Marín
e782d1be98
Merge pull request #287 from squat/respect_allowed_location_ips_for_peers
pkg/mesh: respect allowed location IPs in peers
2022-04-01 09:33:21 +02:00
Lucas Servén Marín
fb03520fb5
Merge pull request #286 from squat/fix_pka_peers
backend: fix Peer persistent keepalive
2022-03-31 21:35:10 +02:00
Lucas Servén Marín
ed1e9ea400
Merge pull request #285 from squat/fix_routes_for_nat_nodes
pkg/mesh: fix routes for NATed nodes
2022-03-31 21:34:54 +02:00
Lucas Servén Marín
df8d2cb68f
pkg/mesh: respect allowed location IPs in peers
Currently, when rendering the configuration for a Peer, the allowed
location configs of any segment are erroneously ignored, meaning that an
administrator will have to manually edit the configuration to get the
expected behavior from a Peer. This commit fixes the generation of the
configuration.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-03-31 21:26:53 +02:00
Lucas Servén Marín
38a5dd22e9
backend: fix Peer persistent keepalive
Right now, the persistent keepalive field of the Peer CRD is always
interpretted as nanoseconds and not seconds. This causes a mismatch
between Kilo's expected behavior and the actual interval that is given
to Peers. Because the interval is interpretted as nanoseconds the value
rounds down to 0 seconds.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-03-31 21:24:03 +02:00
Lucas Servén Marín
e598102f04
pkg/mesh: fix routes for NATed nodes
Currently, when a node is behind NAT, it is possible that routes to the
node's private IP address, i.e. routes necessary to communicate with the
Kubelet and any Pods on the host network, will not be created because
the private IP is seen as the same as the location's endpoint and is
thus skipped because trying to encapsulate traffic to the endpoint would
break communiation with the endpoint itself.

This logic is not correct for nodes that are behind NAT, because the
endpoin that the node reports may not be the same as the discovered
endpoint for the location. Instead, we should compare the private IP
address to the discovered endpoint.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-03-30 13:58:29 +02:00
dependabot[bot]
5de689ea1f
build(deps): bump prismjs from 1.25.0 to 1.27.0 in /website (#276) 2022-03-26 08:49:07 +00:00
dependabot[bot]
887ea026bb
build(deps): bump url-parse from 1.5.3 to 1.5.10 in /website (#277) 2022-03-26 08:48:31 +00:00
dependabot[bot]
75fb31a947
build(deps): bump minimist from 1.2.5 to 1.2.6 in /website (#283) 2022-03-26 08:47:47 +00:00
Lucas Servén Marín
a1af9790ea
Merge pull request #278 from SerialVelocity/fix-peer-node-equality-checking
Fix peer and node equality checking
2022-03-01 21:09:46 +01:00
Lucas Servén Marín
96029a584f
Merge pull request #279 from SerialVelocity/fix-private-key-generation
Fix private key generation code
2022-03-01 21:04:56 +01:00
Ben Grabham
3bf7eacc7e Fix private key generation code 2022-03-01 18:21:08 +00:00
Ben Grabham
6d6c62ae49 Fix peer and node equality checking 2022-03-01 18:09:25 +00:00
dependabot[bot]
02d49ded39
build(deps): bump follow-redirects from 1.14.7 to 1.14.8 in /website (#274)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-13 19:34:08 +01:00
dependabot[bot]
3e7fe47131
build(deps): bump shelljs from 0.8.4 to 0.8.5 in /website (#265) 2022-01-30 22:59:40 +00:00
dependabot[bot]
038a6d7450
build(deps): bump nanoid from 3.1.23 to 3.2.0 in /website (#266) 2022-01-30 22:49:17 +00:00
dependabot[bot]
c4e3108549
build(deps): bump algoliasearch-helper from 3.4.4 to 3.7.0 in /website (#270) 2022-01-30 22:38:15 +00:00
leonnicolas
6a696e03e7
migrate to golang.zx2c4.com/wireguard/wgctrl (#239)
* migrate to golang.zx2c4.com/wireguard/wgctrl

This commit introduces the usage of wgctrl.
It avoids the usage of exec calls of the wg command
and parsing the output of `wg show`.

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* vendor wgctrl

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* apply suggestions from code review

Remove wireguard.Enpoint struct and use net.UDPAddr for the resolved
endpoint and addr string (dnsanme:port) if a DN was supplied.

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* pkg/*: use wireguard.Enpoint

This commit introduces the wireguard.Enpoint struct.
It encapsulates a DN name with port and a net.UPDAddr.
The fields are private and only accessible over exported Methods
to avoid accidental modification.

Also iptables.GetProtocol is improved to avoid ipv4 rules being applied
by `ip6tables`.

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* pkg/wireguard/conf_test.go: add tests for Endpoint

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* cmd/kg/main.go: validate port range

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* add suggestions from review

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* pkg/mesh/mesh.go: use Equal func

Implement an Equal func for Enpoint and use it instead of comparing
strings.

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* cmd/kgctl/main.go: check port range

Signed-off-by: leonnicolas <leonloechner@gmx.de>

* vendor

Signed-off-by: leonnicolas <leonloechner@gmx.de>
2022-01-30 17:38:45 +01:00
Lucas Servén Marín
797133f272
Merge pull request #264 from squat/dependabot/npm_and_yarn/website/follow-redirects-1.14.7
build(deps): bump follow-redirects from 1.14.4 to 1.14.7 in /website
2022-01-14 09:16:33 +01:00
dependabot[bot]
84da98c2b1
build(deps): bump follow-redirects from 1.14.4 to 1.14.7 in /website
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.7)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-14 05:50:17 +00:00
Lucas Servén Marín
76047fe0af
Merge pull request #261 from squat/update-licenses
pkg/k8s: update generated licenses
2022-01-05 19:08:43 +01:00
Lucas Servén Marín
ee650342d5
pkg/k8s: update generated licenses
After running make, the licenses for the generated go files is updated,
resulting in a diff in the repository. This makes later invocations of
`make container` generate tags with `$ARCH-$SHA-dirty` rather than just
`$ARM-$SHA`, which causes `make manifest` to fail, as some of the
images cannot be found.

A more permanent fix would be to ensure that running `make container`
does not cause the go code to unnecessarily regenerated, but this will
at least fix CI until next year.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-01-04 14:01:29 +01:00
Lucas Servén Marín
1f8c736ba4
Merge pull request #260 from squat/allow_disabling_ipv6
iptables: allow disabling IPv6
2022-01-04 13:17:13 +01:00
Lucas Servén Marín
57a89b49ff
iptables: allow disabling IPv6
This commit enhances the iptables controller to disable reconciliation
of IPv6 rules whenever it detects that IPv6 is disabled in the kernel,
in order to fix #259.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2022-01-04 11:56:29 +01:00
Lucas Servén Marín
6a5643287e
Merge pull request #258 from dajudge/patch-1
Fix cmdline in docs to apply kube-router manifests
2021-12-20 10:11:59 +01:00
Alex Stockinger
e1a6ee9e2c
Fix cmdline in docs to apply kube-router manifests 2021-12-20 08:44:50 +01:00