diff --git a/config/config.go b/config/config.go index e6f370c1..dcf2bec0 100644 --- a/config/config.go +++ b/config/config.go @@ -53,6 +53,7 @@ type ServerConfig struct { GRPCSSL string `yaml:"grpcssl"` Version string `yaml:"version"` SQLConn string `yaml:"sqlconn"` + Platform string `yaml:"platform"` DefaultNodeLimit int32 `yaml:"defaultnodelimit"` Verbosity int32 `yaml:"verbosity"` } diff --git a/controllers/networkHttpController.go b/controllers/networkHttpController.go index d31c6582..dbe173ac 100644 --- a/controllers/networkHttpController.go +++ b/controllers/networkHttpController.go @@ -150,21 +150,6 @@ func getNetworks(w http.ResponseWriter, r *http.Request) { json.NewEncoder(w).Encode(allnetworks) } -func RemoveComms(networks []models.Network) []models.Network { - var index int = 100000001 - for ind, net := range networks { - if net.NetID == "comms" { - index = ind - } - } - if index == 100000001 { - return networks - } - returnable := make([]models.Network, 0) - returnable = append(returnable, networks[:index]...) - return append(returnable, networks[index+1:]...) -} - func ValidateNetworkUpdate(network models.Network) error { v := validator.New() @@ -379,13 +364,15 @@ func createNetwork(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, formatError(err, "badrequest")) return } - success, err := serverctl.AddNetwork(network.NetID) - if err != nil || !success { - if err == nil { - err = errors.New("Failed to add server to network " + network.DisplayName) + if servercfg.IsClientMode() { + success, err := serverctl.AddNetwork(network.NetID) + if err != nil || !success { + if err == nil { + err = errors.New("Failed to add server to network " + network.DisplayName) + } + returnErrorResponse(w, r, formatError(err, "internal")) + return } - returnErrorResponse(w, r, formatError(err, "internal")) - return } functions.PrintUserLog(r.Header.Get("user"), "created network "+network.NetID, 1) w.WriteHeader(http.StatusOK) diff --git a/database/database.go b/database/database.go index c7705e3a..92b60567 100644 --- a/database/database.go +++ b/database/database.go @@ -3,7 +3,6 @@ package database import ( "encoding/json" "errors" - "log" "github.com/gravitl/netmaker/servercfg" "github.com/rqlite/gorqlite" ) diff --git a/functions/helpers.go b/functions/helpers.go index 806f4947..a44e5d44 100644 --- a/functions/helpers.go +++ b/functions/helpers.go @@ -92,11 +92,25 @@ func CreateServerToken(netID string) (string, error) { } var accessToken models.AccessToken - servervals := models.ServerConfig{ - APIConnString: "127.0.0.1:" + servercfg.GetAPIPort(), - GRPCConnString: "127.0.0.1:" + servercfg.GetGRPCPort(), - GRPCSSL: "off", + servervals := models.ServerConfig{} + if servercfg.GetPlatform() == "Kubernetes" { + log.Println("server on kubernetes") + servervals = models.ServerConfig{ + APIConnString: servercfg.GetPodIP() + ":" + servercfg.GetAPIPort(), + GRPCConnString: servercfg.GetPodIP() + ":" + servercfg.GetGRPCPort(), + GRPCSSL: "off", + } + } else { + log.Println("server on linux") + servervals = models.ServerConfig{ + APIConnString: "127.0.0.1:" + servercfg.GetAPIPort(), + GRPCConnString: "127.0.0.1:" + servercfg.GetGRPCPort(), + GRPCSSL: "off", + } } + log.Println("APIConnString:",servervals.APIConnString) + log.Println("GRPCConnString:",servervals.GRPCConnString) + log.Println("GRPCSSL:",servervals.GRPCSSL) accessToken.ServerConfig = servervals accessToken.ClientConfig.Network = netID accessToken.ClientConfig.Key = GenKey() @@ -104,14 +118,12 @@ func CreateServerToken(netID string) (string, error) { accesskey.Name = GenKeyName() accesskey.Value = accessToken.ClientConfig.Key accesskey.Uses = 1 - tokenjson, err := json.Marshal(accessToken) if err != nil { return accesskey.AccessString, err } - accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson)) - + log.Println("accessstring:",accesskey.AccessString) network.AccessKeys = append(network.AccessKeys, accesskey) if data, err := json.Marshal(network); err != nil { return "", err diff --git a/kube/netmaker-template-udp.yaml b/kube/netmaker-template-udp.yaml new file mode 100644 index 00000000..317ef0e0 --- /dev/null +++ b/kube/netmaker-template-udp.yaml @@ -0,0 +1,361 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: rqlite-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netmaker-backend + labels: + app: netmaker-backend +spec: + nodeSelector: + netmaker-server: true + selector: + matchLabels: + app: netmaker-backend + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: netmaker-backend + spec: + containers: + - name: netmaker-backend + image: gravitl/netmaker:0.7.2 + imagePullPolicy: Always + ports: + - containerPort: 8081 + volumeMounts: + - name: nm-pvc + mountPath: /root/config/dnsconfig + - mountPath: /etc/netclient + name: etc-netclient + - mountPath: /usr/bin/wg + name: wg + - mountPath: /var/run/dbus/system_bus_socket + name: systemd-bus-socket + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /run/systemd/system + name: run-systemd + - mountPath: /etc/systemd/system + name: etc-systemd + securityContext: + privileged: true + env: + - name: SERVER_API_CONN_STRING + value: "api.netmaker.goallclouds.com:80" + - name: SERVER_GRPC_CONN_STRING + value: "grpc.netmaker.goallclouds.com:80" + - name: COREDNS_ADDR + value: "10.152.183.53" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: GRPC_SSL + value: "on" + - name: SERVER_HTTP_HOST + value: "api.netmaker.goallclouds.com:443" + - name: SERVER_GRPC_HOST + value: "grpc.netmaker.goallclouds.com:443" + - name: API_PORT + value: "8081" + - name: GRPC_PORT + value: "443" + - name: CLIENT_MODE + value: "off" + - name: MASTER_KEY + value: "Unkn0wn!" + - name: PLATFORM + value: "Kubernetes" + - name: CORS_ALLOWED_ORIGIN + value: "*" + - name: rqlite + image: rqlite/rqlite + ports: + - containerPort: 4001 + - containerPort: 4002 + volumeMounts: + - name: rqlitevol + mountPath: /rqlite/file/data + volumes: + - name: rqlitevol + persistentVolumeClaim: + claimName: rqlite-pvc + - name: nm-pvc + persistentVolumeClaim: + claimName: nm-pvc + - hostPath: + path: /etc/netclient + type: DirectoryOrCreate + name: etc-netclient + - hostPath: + path: /usr/bin/wg + type: File + name: wg + - hostPath: + path: /usr/bin/resolvectl + type: File + name: resolvectl + - hostPath: + path: /var/run/dbus/system_bus_socket + type: "" + name: systemd-bus-socket + - hostPath: + path: /etc/systemd/system + type: "" + name: etc-systemd + - hostPath: + path: /run/systemd/system + type: "" + name: run-systemd + - hostPath: + path: /sys/fs/cgroup + type: "" + name: cgroup +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nm-pvc +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: netmaker-backend + name: netmaker-api +spec: + ports: + - port: 8081 + protocol: TCP + targetPort: 8081 + selector: + app: netmaker-backend + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: netmaker-backend + name: netmaker-grpc +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 443 + selector: + app: netmaker-backend + sessionAffinity: None + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netmaker-dns + labels: + app: netmaker-dns +spec: + selector: + matchLabels: + app: netmaker-dns + replicas: 1 + template: + metadata: + labels: + app: netmaker-dns + spec: + containers: + - args: + - -conf + - /root/dnsconfig/Corefile + image: coredns/coredns + imagePullPolicy: Always + name: netmaker-dns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + volumeMounts: + - mountPath: /root/dnsconfig + name: nm-pvc + readOnly: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + dnsPolicy: "None" + dnsConfig: + nameservers: + - 127.0.0.1 + volumes: + - name: nm-pvc + persistentVolumeClaim: + claimName: nm-pvc +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: netmaker-dns + name: netmaker-dns +spec: + ports: + - port: 53 + protocol: UDP + targetPort: 53 + name: udp + - port: 53 + protocol: TCP + targetPort: 53 + name: tcp + selector: + app: netmaker-dns + sessionAffinity: None + type: ClusterIP + clusterIP: 10.152.183.53 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netmaker-ui + labels: + app: netmaker-ui +spec: + selector: + matchLabels: + app: netmaker-ui + replicas: 1 + template: + metadata: + labels: + app: netmaker-ui + spec: + containers: + - name: netmaker-ui + image: gravitl/netmaker-ui:v0.7 + ports: + - containerPort: 80 + env: + - name: BACKEND_URL + value: "https://api.NETMAKER_BASE_DOMAIN" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: netmaker-ui + name: netmaker-ui +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + app: netmaker-ui + sessionAffinity: None + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nm-api-ingress-nginx + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: 'true' +spec: + ingressClassName: nginx + tls: + - hosts: + - api.NETMAKER_BASE_DOMAIN + secretName: nm-api-tls + rules: + - host: api.NETMAKER_BASE_DOMAIN + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: netmaker-api + port: + number: 8081 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nm-grpc-ingress-nginx + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" +spec: + ingressClassName: nginx + tls: + - hosts: + - grpc.NETMAKER_BASE_DOMAIN + secretName: nm-grpc-tls + rules: + - host: grpc.NETMAKER_BASE_DOMAIN + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: netmaker-grpc + port: + number: 443 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nm-ui-ingress-nginx + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: 'true' +spec: + ingressClassName: nginx + tls: + - hosts: + - dashboard.NETMAKER_BASE_DOMAIN + secretName: nm-ui-tls + rules: + - host: dashboard.NETMAKER_BASE_DOMAIN + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: netmaker-ui + port: + number: 80 diff --git a/kube/netmaker-template.yaml b/kube/netmaker-template.yaml index c30fdd2d..317ef0e0 100644 --- a/kube/netmaker-template.yaml +++ b/kube/netmaker-template.yaml @@ -1,45 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: rqlite - labels: - name: rqlite -spec: - ports: - - port: 4001 - targetPort: 4001 - clusterIP: None - selector: - role: rqlite ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: rqlite -spec: - serviceName: "rqlite" - replicas: 1 - selector: - matchLabels: - role: rqlite - template: - metadata: - labels: - app: rqlite - role: rqlite - spec: - containers: - - name: rqlite - image: rqlite/rqlite - ports: - - containerPort: 4001 - volumeMounts: - - name: rqlitevol - mountPath: /rqlite/file/data - volumes: - - name: rqlitevol - persistentVolumeClaim: - claimName: rqlite-pvc --- apiVersion: v1 kind: PersistentVolumeClaim @@ -59,10 +17,14 @@ metadata: labels: app: netmaker-backend spec: + nodeSelector: + netmaker-server: true selector: matchLabels: app: netmaker-backend replicas: 1 + strategy: + type: Recreate template: metadata: labels: @@ -70,27 +32,44 @@ spec: spec: containers: - name: netmaker-backend - image: gravitl/netmaker:v0.7 + image: gravitl/netmaker:0.7.2 + imagePullPolicy: Always ports: - containerPort: 8081 volumeMounts: - name: nm-pvc mountPath: /root/config/dnsconfig + - mountPath: /etc/netclient + name: etc-netclient + - mountPath: /usr/bin/wg + name: wg + - mountPath: /var/run/dbus/system_bus_socket + name: systemd-bus-socket + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /run/systemd/system + name: run-systemd + - mountPath: /etc/systemd/system + name: etc-systemd + securityContext: + privileged: true env: - name: SERVER_API_CONN_STRING - value: "api.NETMAKER_BASE_DOMAIN:443" + value: "api.netmaker.goallclouds.com:80" - name: SERVER_GRPC_CONN_STRING - value: "grpc.NETMAKER_BASE_DOMAIN:443" + value: "grpc.netmaker.goallclouds.com:80" - name: COREDNS_ADDR value: "10.152.183.53" - - name: SQL_CONN - value: "http://rqlite-0:4001" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: GRPC_SSL value: "on" - name: SERVER_HTTP_HOST - value: "api.NETMAKER_BASE_DOMAIN" + value: "api.netmaker.goallclouds.com:443" - name: SERVER_GRPC_HOST - value: "grpc.NETMAKER_BASE_DOMAIN" + value: "grpc.netmaker.goallclouds.com:443" - name: API_PORT value: "8081" - name: GRPC_PORT @@ -99,14 +78,53 @@ spec: value: "off" - name: MASTER_KEY value: "Unkn0wn!" - - name: MASTER_KEY - value: "secretkey" + - name: PLATFORM + value: "Kubernetes" - name: CORS_ALLOWED_ORIGIN value: "*" + - name: rqlite + image: rqlite/rqlite + ports: + - containerPort: 4001 + - containerPort: 4002 + volumeMounts: + - name: rqlitevol + mountPath: /rqlite/file/data volumes: + - name: rqlitevol + persistentVolumeClaim: + claimName: rqlite-pvc - name: nm-pvc persistentVolumeClaim: claimName: nm-pvc + - hostPath: + path: /etc/netclient + type: DirectoryOrCreate + name: etc-netclient + - hostPath: + path: /usr/bin/wg + type: File + name: wg + - hostPath: + path: /usr/bin/resolvectl + type: File + name: resolvectl + - hostPath: + path: /var/run/dbus/system_bus_socket + type: "" + name: systemd-bus-socket + - hostPath: + path: /etc/systemd/system + type: "" + name: etc-systemd + - hostPath: + path: /run/systemd/system + type: "" + name: run-systemd + - hostPath: + path: /sys/fs/cgroup + type: "" + name: cgroup --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/kube/ubuntu.yaml b/kube/ubuntu.yaml new file mode 100644 index 00000000..17eb9b2a --- /dev/null +++ b/kube/ubuntu.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu + labels: + app: ubuntu +spec: + # Uncomment and specify a specific node you want to debug + # nodeName: + containers: + - image: ubuntu + command: + - "sleep" + - "3600" + imagePullPolicy: IfNotPresent + name: ubuntu + securityContext: + privileged: true + volumeMounts: + - name: rootfolder + mountPath: / + restartPolicy: Never + hostIPC: true + hostNetwork: true + hostPID: true + volumes: + - hostPath: + path: / + type: "" + name: rootfolder diff --git a/models/network.go b/models/network.go index ef2f0ec5..2e8da3fe 100644 --- a/models/network.go +++ b/models/network.go @@ -7,7 +7,7 @@ import ( "reflect" "strings" "time" - + "github.com/gravitl/netmaker/servercfg" "github.com/go-playground/validator/v10" "github.com/gravitl/netmaker/database" ) @@ -215,7 +215,11 @@ func (network *Network) SetNetworkLastModified() { func (network *Network) SetDefaults() { if network.DefaultUDPHolePunch == "" { - network.DefaultUDPHolePunch = "yes" + if servercfg.IsClientMode() { + network.DefaultUDPHolePunch = "yes" + } else { + network.DefaultUDPHolePunch = "no" + } } if network.IsLocal == "" { network.IsLocal = "no" diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 001b41b1..678e5880 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -59,6 +59,7 @@ func GetServerConfig() config.ServerConfig { if DisableDefaultNet() { cfg.DisableRemoteIPCheck = "on" } + cfg.Platform = GetPlatform() cfg.Version = GetVersion() return cfg } @@ -94,6 +95,14 @@ func GetAPIHost() string { } return serverhost } +func GetPodIP() string { + podip := "127.0.0.1" + if os.Getenv("POD_IP") != "" { + podip = os.Getenv("POD_IP") + } + return podip +} + func GetAPIPort() string { apiport := "8081" if os.Getenv("API_PORT") != "" { @@ -309,6 +318,16 @@ func GetVerbose() int32 { return int32(level) } +func GetPlatform() string { + platform := "linux" + if os.Getenv("PLATFORM") != "" { + platform = os.Getenv("PLATFORM") + } else if config.Config.Server.Platform != "" { + platform = config.Config.Server.SQLConn + } + return platform +} + func GetSQLConn() string { sqlconn := "http://" if os.Getenv("SQL_CONN") != "" {