- bump golang 1.17 -> 1.18
- bump alpine 3.14 -> 3.15
- revendor
We need to use golang instead of golang:alpine because it does not
contain git anymore. This should be fine as we are not enabling CGO,
thus not linking against musl instead of libc.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* CNI: bump to 1.0.1
This commit bumps the declared version of CNI in the Kilo manifests to
1.0.1. This is possible with no changes to the configuration lists
because our simple configuration is not affected by any of the
deprecations, and there was effectively no change between 0.4.0 and
1.0.0, other than the declaration of a stable API. Similarly, this
commit also bumps the version of the CNI library and the plugins
package.
Bumping to CNI 1.0.0 will help ensure that Kilo stays compatible with
container runtimes in the future.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
* vendor: revendor
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
* migrate to golang.zx2c4.com/wireguard/wgctrl
This commit introduces the usage of wgctrl.
It avoids the usage of exec calls of the wg command
and parsing the output of `wg show`.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* vendor wgctrl
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* apply suggestions from code review
Remove wireguard.Enpoint struct and use net.UDPAddr for the resolved
endpoint and addr string (dnsanme:port) if a DN was supplied.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* pkg/*: use wireguard.Enpoint
This commit introduces the wireguard.Enpoint struct.
It encapsulates a DN name with port and a net.UPDAddr.
The fields are private and only accessible over exported Methods
to avoid accidental modification.
Also iptables.GetProtocol is improved to avoid ipv4 rules being applied
by `ip6tables`.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* pkg/wireguard/conf_test.go: add tests for Endpoint
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* cmd/kg/main.go: validate port range
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* add suggestions from review
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* pkg/mesh/mesh.go: use Equal func
Implement an Equal func for Enpoint and use it instead of comparing
strings.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* cmd/kgctl/main.go: check port range
Signed-off-by: leonnicolas <leonloechner@gmx.de>
* vendor
Signed-off-by: leonnicolas <leonloechner@gmx.de>
This commit adds a sub command `webhook` to Kilo.
It will start a https web server that answeres request from a Kubernetes
API server to validate updates and creations of Kilo peers.
It also updates the "Peer Validation" docs to enable users to
install the web hook server and generate the self signed certificates in
the cluster by only applying a manifest.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
Apply suggestions from code review
Co-authored-by: Lucas Servén Marín <lserven@gmail.com>
- upgrade from apiextension v1beta1 to v1
- generate yaml manifest for crd intead of applying it at runtime
- users will have to apply the manifest with kubectl
- kg and kgctl log an error if the crd is not present
- now validation should actually work
Signed-off-by: leonnicolas <leonloechner@gmx.de>
I had to run `make generate`.
Some API functions got additional parameters `Options` and `Context`.
I used empty options and `context.TODO()` for now.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
This commit introduces a new `--resync-period` flag to control how often
the Kilo controllers should reconcile.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
