mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-01 17:34:50 +08:00
change version of ubuntu
This commit is contained in:
afeiszli
parent
8a2971bef6
commit
fb4d2d1272
29 changed files with 497 additions and 1100 deletions
14
.github/workflows/test.yml
vendored
14
.github/workflows/test.yml
vendored
|
|
@ -6,14 +6,8 @@ on:
|
|||
jobs:
|
||||
tests:
|
||||
env:
|
||||
DATABASE: rqlite
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
rqlite:
|
||||
image: rqlite/rqlite
|
||||
ports:
|
||||
- 4001:4001
|
||||
- 4002:4002
|
||||
DATABASE: sqlite
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
|
@ -21,5 +15,5 @@ jobs:
|
|||
run: |
|
||||
go test -p 1 ./... -v
|
||||
env:
|
||||
DATABASE: rqlite
|
||||
CLIENT_MODE: "off"
|
||||
DATABASE: sqlite
|
||||
CLIENT_MODE: "off"
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ func TestSetNetworkNodesLastModified(t *testing.T) {
|
|||
}
|
||||
|
||||
func createTestNode() models.Node {
|
||||
createnode := models.Node{PublicKey: "DM5qhLAE20PG9BbfBCger+Ac9D2NDOwCtY1rbYDLf34=", Endpoint: "10.0.0.1", MacAddress: "01:02:03:04:05:06", Password: "password", Network: "skynet"}
|
||||
createnode := models.Node{PublicKey: "DM5qhLAE20PG9BbfBCger+Ac9D2NDOwCtY1rbYDLf34=", Name: "testnode", Endpoint: "10.0.0.1", MacAddress: "01:02:03:04:05:06", Password: "password", Network: "skynet"}
|
||||
node, _ := logic.CreateNode(createnode, "skynet")
|
||||
return node
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,100 +1,309 @@
|
|||
package controller
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/gravitl/netmaker/database"
|
||||
"github.com/gravitl/netmaker/dnslogic"
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestGetAllDNS(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
t.Run("NoEntries", func(t *testing.T) {
|
||||
entries, err := GetAllDNS()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, []models.DNSEntry(nil), entries)
|
||||
})
|
||||
t.Run("OneEntry", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.3", "newhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
entries, err := GetAllDNS()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, len(entries))
|
||||
})
|
||||
t.Run("MultipleEntry", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.7", "anotherhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
entries, err := GetAllDNS()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 2, len(entries))
|
||||
})
|
||||
}
|
||||
|
||||
func TestGetNodeDNS(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
createTestNode()
|
||||
dns, err := GetNodeDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
t.Log(dns)
|
||||
t.Run("NoNodes", func(t *testing.T) {
|
||||
dns, err := GetNodeDNS("skynet")
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, []models.DNSEntry(nil), dns)
|
||||
})
|
||||
t.Run("NodeExists", func(t *testing.T) {
|
||||
createTestNode()
|
||||
dns, err := GetNodeDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, "10.0.0.1", dns[0].Address)
|
||||
})
|
||||
t.Run("MultipleNodes", func(t *testing.T) {
|
||||
createnode := models.Node{PublicKey: "DM5qhLAE20PG9BbfBCger+Ac9D2NDOwCtY1rbYDLf34=", Endpoint: "10.100.100.3", MacAddress: "01:02:03:04:05:07", Password: "password", Network: "skynet"}
|
||||
_, err := logic.CreateNode(createnode, "skynet")
|
||||
assert.Nil(t, err)
|
||||
dns, err := GetNodeDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 2, len(dns))
|
||||
})
|
||||
}
|
||||
func TestGetCustomDNS(t *testing.T) {
|
||||
t.Skip()
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
createTestNode()
|
||||
dns, err := dnslogic.GetCustomDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
t.Log(dns)
|
||||
t.Run("NoNetworks", func(t *testing.T) {
|
||||
dns, err := dnslogic.GetCustomDNS("skynet")
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, []models.DNSEntry(nil), dns)
|
||||
})
|
||||
t.Run("NoNodes", func(t *testing.T) {
|
||||
createNet()
|
||||
dns, err := dnslogic.GetCustomDNS("skynet")
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, []models.DNSEntry(nil), dns)
|
||||
})
|
||||
t.Run("NodeExists", func(t *testing.T) {
|
||||
createTestNode()
|
||||
dns, err := dnslogic.GetCustomDNS("skynet")
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, 0, len(dns))
|
||||
})
|
||||
t.Run("EntryExist", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.3", "newhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
dns, err := dnslogic.GetCustomDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, len(dns))
|
||||
})
|
||||
t.Run("MultipleEntries", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.4", "host4", "skynet"}
|
||||
CreateDNS(entry)
|
||||
dns, err := dnslogic.GetCustomDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 2, len(dns))
|
||||
})
|
||||
}
|
||||
|
||||
func TestGetDNSEntryNum(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
createTestNode()
|
||||
num, err := GetDNSEntryNum("myhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
t.Log(num)
|
||||
t.Run("NoNodes", func(t *testing.T) {
|
||||
num, err := GetDNSEntryNum("myhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 0, num)
|
||||
})
|
||||
t.Run("NodeExists", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
_, err := CreateDNS(entry)
|
||||
assert.Nil(t, err)
|
||||
num, err := GetDNSEntryNum("newhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, num)
|
||||
})
|
||||
}
|
||||
func TestGetDNS(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
dns, err := dnslogic.GetDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
t.Log(dns)
|
||||
createNet()
|
||||
t.Run("NoEntries", func(t *testing.T) {
|
||||
dns, err := dnslogic.GetDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Nil(t, dns)
|
||||
})
|
||||
t.Run("CustomDNSExists", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
_, err := CreateDNS(entry)
|
||||
assert.Nil(t, err)
|
||||
dns, err := dnslogic.GetDNS("skynet")
|
||||
t.Log(dns)
|
||||
assert.Nil(t, err)
|
||||
assert.NotNil(t, dns)
|
||||
assert.Equal(t, "skynet", dns[0].Network)
|
||||
assert.Equal(t, 1, len(dns))
|
||||
})
|
||||
t.Run("NodeExists", func(t *testing.T) {
|
||||
deleteAllDNS(t)
|
||||
createTestNode()
|
||||
dns, err := dnslogic.GetDNS("skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.NotNil(t, dns)
|
||||
assert.Equal(t, "skynet", dns[0].Network)
|
||||
assert.Equal(t, 1, len(dns))
|
||||
})
|
||||
t.Run("NodeAndCustomDNS", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
_, err := CreateDNS(entry)
|
||||
dns, err := dnslogic.GetDNS("skynet")
|
||||
t.Log(dns)
|
||||
assert.Nil(t, err)
|
||||
assert.NotNil(t, dns)
|
||||
assert.Equal(t, "skynet", dns[0].Network)
|
||||
assert.Equal(t, "skynet", dns[1].Network)
|
||||
assert.Equal(t, 2, len(dns))
|
||||
})
|
||||
}
|
||||
|
||||
func TestCreateDNS(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllNetworks()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
//dns, err := GetDNS("skynet")
|
||||
//assert.Nil(t, err)
|
||||
//for _, entry := range dns {
|
||||
// _, _ = DeleteDNS(entry.Name, "skynet")
|
||||
//}
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
err := ValidateDNSCreate(entry)
|
||||
assert.Nil(t, err)
|
||||
if err != nil {
|
||||
t.Log(err)
|
||||
}
|
||||
dns, err := CreateDNS(entry)
|
||||
assert.Nil(t, err)
|
||||
t.Log(dns)
|
||||
assert.Equal(t, "newhost", dns.Name)
|
||||
}
|
||||
|
||||
func TestSetDNS(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
t.Run("NoNetworks", func(t *testing.T) {
|
||||
err := dnslogic.SetDNS()
|
||||
assert.Nil(t, err)
|
||||
info, err := os.Stat("./config/dnsconfig/netmaker.hosts")
|
||||
assert.Nil(t, err)
|
||||
assert.False(t, info.IsDir())
|
||||
assert.Equal(t, int64(0), info.Size())
|
||||
})
|
||||
t.Run("NoEntries", func(t *testing.T) {
|
||||
createNet()
|
||||
err := dnslogic.SetDNS()
|
||||
assert.Nil(t, err)
|
||||
info, err := os.Stat("./config/dnsconfig/netmaker.hosts")
|
||||
assert.Nil(t, err)
|
||||
assert.False(t, info.IsDir())
|
||||
assert.Equal(t, int64(0), info.Size())
|
||||
})
|
||||
t.Run("NodeExists", func(t *testing.T) {
|
||||
createTestNode()
|
||||
err := dnslogic.SetDNS()
|
||||
assert.Nil(t, err)
|
||||
info, err := os.Stat("./config/dnsconfig/netmaker.hosts")
|
||||
assert.Nil(t, err)
|
||||
assert.False(t, info.IsDir())
|
||||
content, err := ioutil.ReadFile("./config/dnsconfig/netmaker.hosts")
|
||||
assert.Nil(t, err)
|
||||
assert.Contains(t, string(content), "testnode.skynet")
|
||||
})
|
||||
t.Run("EntryExists", func(t *testing.T) {
|
||||
entry := models.DNSEntry{"10.0.0.3", "newhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
err := dnslogic.SetDNS()
|
||||
assert.Nil(t, err)
|
||||
info, err := os.Stat("./config/dnsconfig/netmaker.hosts")
|
||||
assert.Nil(t, err)
|
||||
assert.False(t, info.IsDir())
|
||||
content, err := ioutil.ReadFile("./config/dnsconfig/netmaker.hosts")
|
||||
assert.Nil(t, err)
|
||||
assert.Contains(t, string(content), "newhost.skynet")
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
func TestGetDNSEntry(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
createTestNode()
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
entry, err := GetDNSEntry("newhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
t.Log(entry)
|
||||
t.Run("wrong net", func(t *testing.T) {
|
||||
entry, err := GetDNSEntry("newhost", "w286 Toronto Street South, Uxbridge, ONirecat")
|
||||
assert.EqualError(t, err, "no result found")
|
||||
assert.Equal(t, models.DNSEntry{}, entry)
|
||||
})
|
||||
t.Run("wrong host", func(t *testing.T) {
|
||||
entry, err := GetDNSEntry("badhost", "skynet")
|
||||
assert.EqualError(t, err, "no result found")
|
||||
assert.Equal(t, models.DNSEntry{}, entry)
|
||||
})
|
||||
t.Run("good host", func(t *testing.T) {
|
||||
entry, err := GetDNSEntry("newhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, "newhost", entry.Name)
|
||||
})
|
||||
t.Run("node", func(t *testing.T) {
|
||||
entry, err := GetDNSEntry("testnode", "skynet")
|
||||
assert.EqualError(t, err, "no result found")
|
||||
assert.Equal(t, models.DNSEntry{}, entry)
|
||||
})
|
||||
}
|
||||
func TestUpdateDNS(t *testing.T) {
|
||||
var newentry models.DNSEntry
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
t.Run("change address", func(t *testing.T) {
|
||||
newentry.Address = "10.0.0.75"
|
||||
updated, err := UpdateDNS(newentry, entry)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, newentry.Address, updated.Address)
|
||||
})
|
||||
t.Run("change name", func(t *testing.T) {
|
||||
newentry.Name = "newname"
|
||||
updated, err := UpdateDNS(newentry, entry)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, newentry.Name, updated.Name)
|
||||
})
|
||||
t.Run("change network", func(t *testing.T) {
|
||||
newentry.Network = "wirecat"
|
||||
updated, err := UpdateDNS(newentry, entry)
|
||||
assert.Nil(t, err)
|
||||
assert.NotEqual(t, newentry.Network, updated.Network)
|
||||
})
|
||||
}
|
||||
func TestDeleteDNS(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
entry := models.DNSEntry{"10.0.0.2", "newhost", "skynet"}
|
||||
CreateDNS(entry)
|
||||
t.Run("EntryExists", func(t *testing.T) {
|
||||
err := DeleteDNS("myhost", "skynet")
|
||||
err := DeleteDNS("newhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
t.Run("NoEntry", func(t *testing.T) {
|
||||
t.Run("NodeExists", func(t *testing.T) {
|
||||
err := DeleteDNS("myhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
|
||||
t.Run("NoEntries", func(t *testing.T) {
|
||||
err := DeleteDNS("myhost", "skynet")
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
}
|
||||
|
||||
func TestValidateDNSUpdate(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllDNS(t)
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
entry := models.DNSEntry{"10.0.0.2", "myhost", "skynet"}
|
||||
_ = DeleteDNS("mynode", "skynet")
|
||||
t.Run("BadNetwork", func(t *testing.T) {
|
||||
change := models.DNSEntry{"10.0.0.2", "myhost", "badnet"}
|
||||
err := ValidateDNSUpdate(change, entry)
|
||||
|
|
@ -140,11 +349,14 @@ func TestValidateDNSUpdate(t *testing.T) {
|
|||
})
|
||||
t.Run("NameUnique", func(t *testing.T) {
|
||||
change := models.DNSEntry{"10.0.0.2", "myhost", "wirecat"}
|
||||
_, _ = CreateDNS(entry)
|
||||
_, _ = CreateDNS(change)
|
||||
CreateDNS(entry)
|
||||
CreateDNS(change)
|
||||
err := ValidateDNSUpdate(change, entry)
|
||||
assert.NotNil(t, err)
|
||||
assert.Contains(t, err.Error(), "Field validation for 'Name' failed on the 'name_unique' tag")
|
||||
//cleanup
|
||||
err = DeleteDNS("myhost", "wirecat")
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
|
||||
}
|
||||
|
|
@ -196,11 +408,9 @@ func TestValidateDNSCreate(t *testing.T) {
|
|||
|
||||
func deleteAllDNS(t *testing.T) {
|
||||
dns, err := GetAllDNS()
|
||||
t.Log(err)
|
||||
t.Log(dns)
|
||||
assert.Nil(t, err)
|
||||
for _, record := range dns {
|
||||
t.Log(dns)
|
||||
err := DeleteDNS(record.Name, record.Network)
|
||||
t.Log(err)
|
||||
assert.Nil(t, err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -348,8 +348,8 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
|
|||
var admin models.User
|
||||
// get node from body of request
|
||||
_ = json.NewDecoder(r.Body).Decode(&admin)
|
||||
admin.IsAdmin = true
|
||||
admin, err := CreateUser(admin)
|
||||
|
||||
admin, err := CreateAdmin(admin)
|
||||
|
||||
if err != nil {
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
|
|
@ -359,6 +359,18 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
|
|||
json.NewEncoder(w).Encode(admin)
|
||||
}
|
||||
|
||||
func CreateAdmin(admin models.User) (models.User, error) {
|
||||
hasadmin, err := HasAdmin()
|
||||
if err != nil {
|
||||
return models.User{}, err
|
||||
}
|
||||
if hasadmin {
|
||||
return models.User{}, errors.New("admin user already exists")
|
||||
}
|
||||
admin.IsAdmin = true
|
||||
return CreateUser(admin)
|
||||
}
|
||||
|
||||
func createUser(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
|
|
|||
|
|
@ -71,6 +71,26 @@ func TestCreateUser(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestCreateAdmin(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
var user models.User
|
||||
t.Run("NoAdmin", func(t *testing.T) {
|
||||
user.UserName = "admin"
|
||||
user.Password = "password"
|
||||
admin, err := CreateAdmin(user)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admin.UserName)
|
||||
})
|
||||
t.Run("AdminExists", func(t *testing.T) {
|
||||
user.UserName = "admin2"
|
||||
user.Password = "password1"
|
||||
admin, err := CreateAdmin(user)
|
||||
assert.EqualError(t, err, "admin user already exists")
|
||||
assert.Equal(t, admin, models.User{})
|
||||
})
|
||||
}
|
||||
|
||||
func TestDeleteUser(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
|
|
@ -153,6 +173,49 @@ func TestGetUser(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestGetUserInternal(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
t.Run("NonExistantUser", func(t *testing.T) {
|
||||
admin, err := GetUserInternal("admin")
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, "", admin.UserName)
|
||||
})
|
||||
t.Run("UserExisits", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
CreateUser(user)
|
||||
admin, err := GetUserInternal("admin")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admin.UserName)
|
||||
})
|
||||
}
|
||||
|
||||
func TestGetUsers(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
t.Run("NonExistantUser", func(t *testing.T) {
|
||||
admin, err := GetUsers()
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, []models.ReturnUser(nil), admin)
|
||||
})
|
||||
t.Run("UserExisits", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
CreateUser(user)
|
||||
admins, err := GetUsers()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admins[0].UserName)
|
||||
})
|
||||
t.Run("MulipleUsers", func(t *testing.T) {
|
||||
user := models.User{"user", "password", nil, true}
|
||||
CreateUser(user)
|
||||
admins, err := GetUsers()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, "admin", admins[0].UserName)
|
||||
assert.Equal(t, user.UserName, admins[1].UserName)
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
func TestUpdateUser(t *testing.T) {
|
||||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
|
|
|
|||
2
go.mod
2
go.mod
|
|
@ -8,7 +8,7 @@ require (
|
|||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/gorilla/handlers v1.5.1
|
||||
github.com/gorilla/mux v1.8.0
|
||||
github.com/lib/pq v1.10.3 // indirect
|
||||
github.com/lib/pq v1.10.3
|
||||
github.com/mattn/go-sqlite3 v1.14.8
|
||||
github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f
|
||||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
|
||||
|
|
|
|||
17
go.sum
17
go.sum
|
|
@ -1,8 +1,12 @@
|
|||
cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ=
|
||||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403 h1:cqQfy1jclcSy/FwLjemeg3SR1yaINm74aQyupQ0Bl8M=
|
||||
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
|
||||
|
|
@ -16,7 +20,9 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
|||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad h1:EmNYJhPYy0pOFjCx2PrgtaBXmee0iUX9hLlxE1xHOJE=
|
||||
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
|
||||
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
|
|
@ -31,6 +37,7 @@ github.com/go-playground/validator/v10 v10.5.0 h1:X9rflw/KmpACwT8zdrm1upefpvdy6u
|
|||
github.com/go-playground/validator/v10 v10.5.0/go.mod h1:xm76BBt941f7yWdGnI2DVPFFg1UK3YY04qifoXU3lOk=
|
||||
github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
|
||||
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
|
|
@ -54,12 +61,14 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
|
|||
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
|
||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
|
||||
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
|
||||
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
|
||||
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
|
||||
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=
|
||||
github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
|
||||
|
|
@ -112,10 +121,13 @@ github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1
|
|||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
|
||||
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
|
||||
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
|
||||
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
|
||||
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
|
||||
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
|
||||
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
|
||||
github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
|
|
@ -156,6 +168,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
|
|||
golang.org/x/net v0.0.0-20210504132125-bbd867fde50d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 h1:4CSI6oo7cOjJKajidEljs9h+uP0rRZBPPPhcCbj5mw8=
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
|
@ -187,6 +200,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e h1:XMgFehsDnnLGtjvjOfqWSUzt0alpTR1RSEuznObga2c=
|
||||
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
|
|
@ -198,6 +212,7 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
|
|||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135 h1:5Beo0mZN8dRzgrMMkDp0jc8YXQKx9DiJ2k1dkvGsn5A=
|
||||
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
|
||||
|
|
@ -208,6 +223,7 @@ golang.zx2c4.com/wireguard v0.0.0-20210805125648-3957e9b9dd19/go.mod h1:laHzsbfM
|
|||
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210913210325-91d1988e44de h1:M9Jc92kgqmVmidpnOeegP2VgO2DfHEcsUWtWMmBwNFQ=
|
||||
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210913210325-91d1988e44de/go.mod h1:+1XihzyZUBJcSc5WO9SwNA7v26puQwOEDwanaxfNXPQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
|
||||
|
|
@ -236,6 +252,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
|
|||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI=
|
||||
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
|
|
|||
|
|
@ -1,130 +0,0 @@
|
|||
# Netmaker Helm
|
||||
|
||||
  
|
||||
|
||||
A Helm chart to run Netmaker with High Availability on Kubernetes:
|
||||
|
||||
```
|
||||
helm repo add netmaker https://gravitl.github.io/netmaker-helm/
|
||||
helm repo update
|
||||
```
|
||||
|
||||
## Requirements
|
||||
|
||||
To run HA Netmaker on Kubernetes, your cluster must have the following:
|
||||
- RWO and RWX Storage Classes (RWX is only required if running Netmaker with DNS Management enabled).
|
||||
- An Ingress Controller and valid TLS certificates
|
||||
- This chart can currently generate ingress for:
|
||||
- Nginx Ingress + LetsEncrypt/Cert-Manager
|
||||
- Traefik Ingress + LetsEncrypt/Cert-Manager
|
||||
- to generate automatically, make sure one of the two is configured for your cluster
|
||||
|
||||
Furthermore, the chart will by default install and use a postgresql cluster as its datastore:
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://charts.bitnami.com/bitnami | postgresql-ha | 7.11.0 |
|
||||
|
||||
### Example Install
|
||||
|
||||
```
|
||||
helm install netmaker/netmaker --generate-name \ # generate a random id for the deploy
|
||||
--set baseDomain=nm.example.com \ # the base wildcard domain to use for the netmaker api/dashboard/grpc ingress
|
||||
--set replicas=3 \ # number of server replicas to deploy (3 by default)
|
||||
--set ingress.enabled=true \ # deploy ingress automatically (requires nginx or traefik and cert-manager + letsencrypt)
|
||||
--set ingress.className=nginx \ # ingress class to use
|
||||
--set ingress.tls.issuerName=letsencrypt-prod \ # LetsEncrypt certificate issuer to use
|
||||
--set dns.enabled=true \ # deploy and enable private DNS management with CoreDNS
|
||||
--set dns.clusterIP=10.245.75.75 --set dns.RWX.storageClassName=nfs \ # required fields for DNS
|
||||
--set postgresql-ha.postgresql.replicaCount=2 \ # number of DB replicas to deploy (default 2)
|
||||
```
|
||||
|
||||
### Recommended Settings:
|
||||
A minimal HA install of Netmaker can be run with the following command:
|
||||
`helm install netmaker --generate-name --set baseDomain=nm.example.com`
|
||||
This install has some notable exceptions:
|
||||
- Ingress **must** be manually configured post-install (need to create valid Ingress with TLS)
|
||||
- Server will use "userspace" WireGuard, which is slower than kernel WG
|
||||
- DNS will be disabled
|
||||
|
||||
Below, we discuss the considerations for Ingress, Kernel WireGuard, and DNS.
|
||||
|
||||
#### Ingress
|
||||
To run HA Netmaker, you must have ingress installed and enabled on your cluster with valid TLS certificates (not self-signed). If you are running Nginx or Traefik as your Ingress Controller and LetsEncrypt for TLS certificate management, you can run the helm install with the following settings:
|
||||
`--set ingress.enabled=true`
|
||||
`--set ingress.className=<nginx|traefik>`
|
||||
`--set ingress.annotations.cert-manager.io/cluster-issuer=<your LE issuer name>`
|
||||
|
||||
If you are not using Nginx or Traefik and LetsEncrypt, we recommend leaving ingress.enabled=false (default), and then manually creating the ingress objects post-install. You will need three ingress objects with TLS:
|
||||
`dashboard.<baseDomain>`
|
||||
`api.<baseDomain>`
|
||||
`grpc.<baseDomain>`
|
||||
|
||||
The gRPC ingress object must include annotations to use the gRPC protocol, which is supported by most ingress controllers. For instance, on Traefik, the annotation is:
|
||||
`ingress.kubernetes.io/protocol: h2c`
|
||||
|
||||
You can find example ingress objects in the kube/example folder.
|
||||
|
||||
#### Kernel WireGuard
|
||||
If you have control of the Kubernetes worker node servers, we recommend **first** installing WireGuard on the hosts, and then installing HA Netmaker in Kernel mode. By default, Netmaker will install with userspace WireGuard (wireguard-go) for maximum compatibility, and to avoid needing permissions at the host level. If you have installed WireGuard on your hosts, you should install Netmaker's helm chart with the following option:
|
||||
`--set wireguard.kernel=true`
|
||||
|
||||
#### DNS
|
||||
By Default, the helm chart will deploy without DNS enabled. To enable DNS, specify with:
|
||||
`--set dns.enabled=true`
|
||||
This will require specifying a RWX storage class, e.g.:
|
||||
`--set dns.RWX.storageClassName=nfs`
|
||||
This will also require specifying a service address for DNS. Choose a valid ipv4 address from the service IP CIDR for your cluster, e.g.:
|
||||
`--set dns.clusterIP=10.245.69.69`
|
||||
|
||||
**This address will only be reachable from hosts that have access to the cluster service CIDR.** It is only designed for use cases related to k8s. If you want a more general-use Netmaker server on Kubernetes for use cases outside of k8s, you will need to do one of the following:
|
||||
- bind the CoreDNS service to port 53 on one of your worker nodes and set the COREDNS_ADDRESS equal to the public IP of the worker node
|
||||
- Create a private Network with Netmaker and set the COREDNS_ADDRESS equal to the private address of the host running CoreDNS. For this, CoreDNS will need a node selector and will ideally run on the same host as one of the Netmaker server instances.
|
||||
|
||||
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| dns.enabled | bool | `false` | whether or not to run with DNS (CoreDNS) |
|
||||
| dns.storageSize | string | `"128Mi"` | volume size for DNS (only needs to hold one file) |
|
||||
| fullnameOverride | string | `""` | override the full name for netmaker objects |
|
||||
| image.pullPolicy | string | `"Always"` | Pull Policy for images |
|
||||
| image.repository | string | `"gravitl/netmaker"` | The image repo to pull Netmaker image from |
|
||||
| image.tag | string | `"v0.8.4"` | Override the image tag to pull |
|
||||
| ingress.annotations.base."kubernetes.io/ingress.allow-http" | string | `"false"` | annotation to generate ACME certs if available |
|
||||
| ingress.annotations.grpc.nginx."nginx.ingress.kubernetes.io/backend-protocol" | string | `"GRPC"` | annotation to use grpc protocol on grpc domain |
|
||||
| ingress.annotations.grpc.traefik."ingress.kubernetes.io/protocol" | string | `"h2c"` | annotation to use grpc protocol on grpc domain |
|
||||
| ingress.annotations.nginx."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/"` | destination addr for route |
|
||||
| ingress.annotations.nginx."nginx.ingress.kubernetes.io/ssl-redirect" | string | `"true"` | Redirect http to https |
|
||||
| ingress.annotations.tls."kubernetes.io/tls-acme" | string | `"true"` | use acme cert if available |
|
||||
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-entry-point" | string | `"https"` | Redirect to https |
|
||||
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-permanent" | string | `"true"` | Redirect to https permanently |
|
||||
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/rule-type" | string | `"PathPrefixStrip"` | rule type |
|
||||
| ingress.enabled | bool | `false` | attempts to configure ingress if true |
|
||||
| ingress.hostPrefix.grpc | string | `"grpc."` | grpc route subdomain |
|
||||
| ingress.hostPrefix.rest | string | `"api."` | api (REST) route subdomain |
|
||||
| ingress.hostPrefix.ui | string | `"dashboard."` | ui route subdomain |
|
||||
| ingress.tls.enabled | bool | `true` | |
|
||||
| ingress.tls.issuerName | string | `"letsencrypt-prod"` | |
|
||||
| nameOverride | string | `""` | override the name for netmaker objects |
|
||||
| podAnnotations | object | `{}` | pod annotations to add |
|
||||
| podSecurityContext | object | `{}` | pod security contect to add |
|
||||
| postgresql-ha.persistence.size | string | `"3Gi"` | size of postgres DB |
|
||||
| postgresql-ha.postgresql.database | string | `"netmaker"` | postgress db to generate |
|
||||
| postgresql-ha.postgresql.password | string | `"netmaker"` | postgres pass to generate |
|
||||
| postgresql-ha.postgresql.username | string | `"netmaker"` | postgres user to generate |
|
||||
| replicas | int | `3` | number of netmaker server replicas to create |
|
||||
| service.grpcPort | int | `443` | port for GRPC service |
|
||||
| service.restPort | int | `8081` | port for API service |
|
||||
| service.type | string | `"ClusterIP"` | type for netmaker server services |
|
||||
| service.uiPort | int | `80` | port for UI service |
|
||||
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
|
||||
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
|
||||
| serviceAccount.name | string | `""` | Name of SA to use. If not set and create is true, a name is generated using the fullname template |
|
||||
| ui.replicas | int | `2` | how many UI replicas to create |
|
||||
| wireguard.enabled | bool | `true` | whether or not to use WireGuard on server |
|
||||
| wireguard.kernel | bool | `false` | whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts). |
|
||||
| wireguard.networkLimit | int | `10` | max number of networks that Netmaker will support if running with WireGuard enabled |
|
||||
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: postgresql-ha
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 7.11.0
|
||||
digest: sha256:849759b9fd9d89bf0d47a271334889601010d1d11dd5c00562c18feafd93356d
|
||||
generated: "2021-10-13T14:02:45.428151972-04:00"
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
apiVersion: v2
|
||||
name: netmaker
|
||||
description: A Helm chart to run HA Netmaker on Kubernetes
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.9.0"
|
||||
|
||||
dependencies:
|
||||
- name: "postgresql-ha"
|
||||
version: "7.11.0"
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
# netmaker
|
||||
|
||||
  
|
||||
|
||||
A Helm chart to run HA Netmaker on Kubernetes
|
||||
|
||||
## Requirements
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://charts.bitnami.com/bitnami | postgresql-ha | 7.11.0 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| dns.enabled | bool | `false` | whether or not to run with DNS (CoreDNS) |
|
||||
| dns.storageSize | string | `"128Mi"` | volume size for DNS (only needs to hold one file) |
|
||||
| fullnameOverride | string | `""` | override the full name for netmaker objects |
|
||||
| image.pullPolicy | string | `"Always"` | Pull Policy for images |
|
||||
| image.repository | string | `"gravitl/netmaker"` | The image repo to pull Netmaker image from |
|
||||
| image.tag | string | `"v0.8.4"` | Override the image tag to pull |
|
||||
| ingress.annotations.base."kubernetes.io/ingress.allow-http" | string | `"false"` | annotation to generate ACME certs if available |
|
||||
| ingress.annotations.grpc.nginx."nginx.ingress.kubernetes.io/backend-protocol" | string | `"GRPC"` | annotation to use grpc protocol on grpc domain |
|
||||
| ingress.annotations.grpc.traefik."ingress.kubernetes.io/protocol" | string | `"h2c"` | annotation to use grpc protocol on grpc domain |
|
||||
| ingress.annotations.nginx."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/"` | destination addr for route |
|
||||
| ingress.annotations.nginx."nginx.ingress.kubernetes.io/ssl-redirect" | string | `"true"` | Redirect http to https |
|
||||
| ingress.annotations.tls."kubernetes.io/tls-acme" | string | `"true"` | use acme cert if available |
|
||||
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-entry-point" | string | `"https"` | Redirect to https |
|
||||
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-permanent" | string | `"true"` | Redirect to https permanently |
|
||||
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/rule-type" | string | `"PathPrefixStrip"` | rule type |
|
||||
| ingress.enabled | bool | `false` | attempts to configure ingress if true |
|
||||
| ingress.hostPrefix.grpc | string | `"grpc."` | grpc route subdomain |
|
||||
| ingress.hostPrefix.rest | string | `"api."` | api (REST) route subdomain |
|
||||
| ingress.hostPrefix.ui | string | `"dashboard."` | ui route subdomain |
|
||||
| ingress.tls.enabled | bool | `true` | |
|
||||
| ingress.tls.issuerName | string | `"letsencrypt-prod"` | |
|
||||
| nameOverride | string | `""` | override the name for netmaker objects |
|
||||
| podAnnotations | object | `{}` | pod annotations to add |
|
||||
| podSecurityContext | object | `{}` | pod security contect to add |
|
||||
| postgresql-ha.persistence.size | string | `"3Gi"` | size of postgres DB |
|
||||
| postgresql-ha.postgresql.database | string | `"netmaker"` | postgress db to generate |
|
||||
| postgresql-ha.postgresql.password | string | `"netmaker"` | postgres pass to generate |
|
||||
| postgresql-ha.postgresql.username | string | `"netmaker"` | postgres user to generate |
|
||||
| replicas | int | `3` | number of netmaker server replicas to create |
|
||||
| service.grpcPort | int | `443` | port for GRPC service |
|
||||
| service.restPort | int | `8081` | port for API service |
|
||||
| service.type | string | `"ClusterIP"` | type for netmaker server services |
|
||||
| service.uiPort | int | `80` | port for UI service |
|
||||
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
|
||||
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
|
||||
| serviceAccount.name | string | `""` | Name of SA to use. If not set and create is true, a name is generated using the fullname template |
|
||||
| ui.replicas | int | `2` | how many UI replicas to create |
|
||||
| wireguard.enabled | bool | `true` | whether or not to use WireGuard on server |
|
||||
| wireguard.kernel | bool | `false` | whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts). |
|
||||
| wireguard.networkLimit | int | `10` | max number of networks that Netmaker will support if running with WireGuard enabled |
|
||||
|
||||
Binary file not shown.
|
|
@ -1,22 +0,0 @@
|
|||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "netmaker.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netmaker.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "netmaker.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "netmaker.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
|
||||
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
|
||||
{{- end }}
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "netmaker.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "netmaker.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "netmaker.masterKey" -}}
|
||||
{{- randAlphaNum 12 | nospace -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "netmaker.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "netmaker.labels" -}}
|
||||
helm.sh/chart: {{ include "netmaker.chart" . }}
|
||||
{{ include "netmaker.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "netmaker.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "netmaker.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "netmaker.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "netmaker.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,85 +0,0 @@
|
|||
{{- if .Values.dns.enabled -}}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "netmaker.fullname" . }}-coredns
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}-coredns
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ include "netmaker.fullname" . }}-coredns
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}-coredns
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- -conf
|
||||
- /root/dnsconfig/Corefile
|
||||
image: coredns/coredns
|
||||
imagePullPolicy: Always
|
||||
name: netmaker-dns
|
||||
ports:
|
||||
- containerPort: 53
|
||||
name: dns
|
||||
protocol: UDP
|
||||
- containerPort: 53
|
||||
name: dns-tcp
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /root/dnsconfig
|
||||
name: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
readOnly: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
drop:
|
||||
- all
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 127.0.0.1
|
||||
volumes:
|
||||
- name: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}-coredns
|
||||
name: {{ include "netmaker.fullname" . }}-coredns
|
||||
spec:
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
targetPort: 53
|
||||
name: udp
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
targetPort: 53
|
||||
name: tcp
|
||||
selector:
|
||||
app: {{ include "netmaker.fullname" . }}-coredns
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
||||
clusterIP: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
spec:
|
||||
storageClassName: {{ required "A valid .Values.dns.RWX.storageClassName entry required! Specify an available RWX storage class." .Values.dns.RWX.storageClassName}}
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.dns.storageSize }}
|
||||
{{- end }}
|
||||
|
|
@ -1,236 +0,0 @@
|
|||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "netmaker.fullname" . -}}
|
||||
{{- $fullUIName := printf "%s-%s" $fullName "ui" -}}
|
||||
{{- $fullRESTName := printf "%s-%s" $fullName "rest" -}}
|
||||
{{- $fullGRPCName := printf "%s-%s" $fullName "grpc" -}}
|
||||
{{- $uiSvcPort := .Values.service.uiPort -}}
|
||||
{{- $restSvcPort := .Values.service.restPort -}}
|
||||
{{- $grpcSvcPort := .Values.service.grpcPort -}}
|
||||
{{- $classname := required "A valid .Values.ingress.className entry required! Please set this to your ingress class (nginx, traefik)" .Values.ingress.className}}
|
||||
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
|
||||
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullUIName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress }}
|
||||
annotations:
|
||||
{{- toYaml .annotations.base | nindent 4 }}
|
||||
{{- if or (eq .className "nginx") (eq .className "public") }}
|
||||
{{- toYaml .annotations.nginx | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .className "traefik" }}
|
||||
{{- toYaml .annotations.traefik | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .tls.enabled (eq .tls.issuerName "" )}}
|
||||
{{- toYaml .annotations.tls | nindent 4 }}
|
||||
{{- else if .tls.enabled}}
|
||||
cert-manager.io/cluster-issuer: {{ .tls.issuerName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (not (eq .Values.ingress.className "traefik")) }}
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }}
|
||||
secretName: {{ $fullUIName }}-tls-secret
|
||||
{{- end}}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||
service:
|
||||
name: {{ $fullUIName }}
|
||||
port:
|
||||
number: {{ $uiSvcPort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullUIName }}
|
||||
servicePort: {{ $uiSvcPort }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullRESTName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress }}
|
||||
annotations:
|
||||
{{- toYaml .annotations.base | nindent 4 }}
|
||||
{{- if or (eq .className "nginx") (eq .className "public") }}
|
||||
{{- toYaml .annotations.nginx | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .className "traefik" }}
|
||||
{{- toYaml .annotations.traefik | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .tls.enabled (eq .tls.issuerName "" )}}
|
||||
{{- toYaml .annotations.tls | nindent 4 }}
|
||||
{{- else if .tls.enabled}}
|
||||
cert-manager.io/cluster-issuer: {{ .tls.issuerName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (not (eq .Values.ingress.className "traefik")) }}
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }}
|
||||
secretName: {{ $fullRESTName }}-tls-secret
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||
service:
|
||||
name: {{ $fullRESTName }}
|
||||
port:
|
||||
number: {{ $restSvcPort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullRESTName }}
|
||||
servicePort: {{ $restSvcPort }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if not (eq .Values.ingress.className "traefik") }}
|
||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullGRPCName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress }}
|
||||
annotations:
|
||||
{{- toYaml .annotations.base | nindent 4 }}
|
||||
{{- if or (eq .className "nginx") (eq .className "public") }}
|
||||
{{- toYaml .annotations.nginx | nindent 4 }}
|
||||
{{- toYaml .annotations.grpc.nginx | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .className "traefik" }}
|
||||
{{- toYaml .annotations.traefik | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .tls.enabled (eq .tls.issuerName "" )}}
|
||||
{{- toYaml .annotations.tls | nindent 4 }}
|
||||
{{- else if .tls.enabled}}
|
||||
cert-manager.io/cluster-issuer: {{ .tls.issuerName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (not (eq .Values.ingress.className "traefik")) }}
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
|
||||
secretName: {{ $fullGRPCName }}-tls-secret
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||
service:
|
||||
name: {{ $fullGRPCName }}
|
||||
port:
|
||||
number: {{ $grpcSvcPort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullGRPCName }}
|
||||
servicePort: {{ $grpcSvcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.ingress.className "traefik" }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ $fullGRPCName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: HostSNI(`{{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}`)
|
||||
services:
|
||||
- name: {{ $fullGRPCName }}
|
||||
port: {{ $grpcSvcPort }}
|
||||
passthrough: true
|
||||
scheme: https
|
||||
tls:
|
||||
secretName: {{ $fullGRPCName }}-tls-secret
|
||||
domains:
|
||||
- main: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
|
||||
{{- if and .Values.ingress.tls.enabled (not (eq .Values.ingress.tls.issuerName "" ))}}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
annotations:
|
||||
acme.cert-manager.io/http01-override-ingress-name: {{ $fullRESTName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
name: {{ $fullGRPCName }}-tls-secret
|
||||
spec:
|
||||
dnsNames:
|
||||
- {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: {{ .Values.ingress.tls.issuerName }}
|
||||
secretName: {{ $fullGRPCName }}-tls-secret
|
||||
usages:
|
||||
- digital signature
|
||||
- key encipherment
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,133 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}
|
||||
name: {{ include "netmaker.fullname" . }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
serviceName: {{ include "netmaker.fullname" . }}-headless
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ include "netmaker.fullname" . }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}
|
||||
spec:
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
{{- if .Values.setIpForwarding.enabled }}
|
||||
initContainers:
|
||||
- name: init-sysctl
|
||||
image: busybox
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["sysctl", "-w", "net.ipv4.ip_forward=1"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
{{- end }}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- {{ include "netmaker.fullname" . }}
|
||||
topologyKey: "kubernetes.io/hostname"
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: SERVER_API_CONN_STRING
|
||||
value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443
|
||||
- name: SERVER_GRPC_CONN_STRING
|
||||
value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443
|
||||
- name: GRPC_SSL
|
||||
value: "on"
|
||||
- name: SERVER_HTTP_HOST
|
||||
value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
|
||||
- name: SERVER_GRPC_HOST
|
||||
value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
|
||||
- name: API_PORT
|
||||
value: "8081"
|
||||
{{- if not .Values.wireguard.kernel }}
|
||||
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
|
||||
value: wireguard-go
|
||||
{{- end }}
|
||||
- name: GRPC_PORT
|
||||
value: "443"
|
||||
{{- if .Values.dns.enabled }}
|
||||
- name: DNS_MODE
|
||||
value: "on"
|
||||
- name: COREDNS_ADDR
|
||||
value: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP }}
|
||||
{{- else }}
|
||||
- name: DNS_MODE
|
||||
value: "off"
|
||||
{{- end }}
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
- name: CLIENT_MODE
|
||||
value: "on"
|
||||
{{- else }}
|
||||
- name: CLIENT_MODE
|
||||
value: "off"
|
||||
{{- end }}
|
||||
- name: MASTER_KEY
|
||||
value: {{ include "netmaker.masterKey" . }}
|
||||
- name: PLATFORM
|
||||
value: Kubernetes
|
||||
- name: CORS_ALLOWED_ORIGIN
|
||||
value: '*'
|
||||
- name: NODE_ID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.name
|
||||
- name: SQL_HOST
|
||||
value: '{{ .Release.Name }}-postgresql-ha-pgpool.{{ .Release.Namespace }}.svc.cluster.local'
|
||||
- name: SQL_PORT
|
||||
value: "5432"
|
||||
- name: SQL_DB
|
||||
value: {{ index .Values "postgresql-ha" "postgresql" "database" }}
|
||||
- name: SQL_USER
|
||||
value: {{ index .Values "postgresql-ha" "postgresql" "username" }}
|
||||
- name: SQL_PASS
|
||||
value: {{ index .Values "postgresql-ha" "postgresql" "password" }}
|
||||
- name: DATABASE
|
||||
value: postgres
|
||||
{{- if or (not .Values.wireguard.enabled) (.Values.wireguard.kernel) }}
|
||||
image: gravitl/netmaker:v0.8.4
|
||||
{{- else }}
|
||||
image: gravitl/netmaker:v0.8.4-userspace
|
||||
{{- end }}
|
||||
imagePullPolicy: Always
|
||||
name: {{ include "netmaker.fullname" . }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.service.restPort }}
|
||||
protocol: TCP
|
||||
- containerPort: {{ .Values.service.grpcPort }}
|
||||
protocol: TCP
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
{{ $count := (add .Values.wireguard.networkLimit 1 | int) }}
|
||||
{{- range untilStep 1 $count 1 }}
|
||||
- containerPort: {{ add 31820 . }}
|
||||
protocol: UDP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
resources: {}
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
{{- end }}
|
||||
{{- if .Values.dns.enabled }}
|
||||
volumeMounts:
|
||||
- name: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
mountPath: /root/config/dnsconfig
|
||||
volumes:
|
||||
- name: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "netmaker.fullname" . }}-dns-pvc
|
||||
{{- end }}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}-ui
|
||||
name: {{ include "netmaker.fullname" . }}-ui
|
||||
spec:
|
||||
replicas: {{ .Values.ui.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ include "netmaker.fullname" . }}-ui
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ include "netmaker.fullname" . }}-ui
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ include "netmaker.fullname" . }}-ui
|
||||
image: gravitl/netmaker-ui:v0.8
|
||||
ports:
|
||||
- containerPort: {{ .Values.service.grpcPort }}
|
||||
env:
|
||||
- name: BACKEND_URL
|
||||
value: 'https://{{ .Values.ingress.hostPrefix.rest }}{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}'
|
||||
terminationGracePeriodSeconds: 15
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "netmaker.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,72 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
name: '{{ include "netmaker.fullname" . }}-ui'
|
||||
spec:
|
||||
ports:
|
||||
- port: {{ .Values.service.uiPort }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.uiPort }}
|
||||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}-ui'
|
||||
sessionAffinity: None
|
||||
type: '{{ .Values.service.type }}'
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
name: '{{ include "netmaker.fullname" . }}-rest'
|
||||
spec:
|
||||
ports:
|
||||
- name: rest
|
||||
port: {{ .Values.service.restPort }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.restPort }}
|
||||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}'
|
||||
sessionAffinity: None
|
||||
type: {{ .Values.service.type }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
name: '{{ include "netmaker.fullname" . }}-grpc'
|
||||
spec:
|
||||
ports:
|
||||
- name: rest
|
||||
port: {{ .Values.service.grpcPort }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.grpcPort }}
|
||||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}'
|
||||
sessionAffinity: None
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
name: '{{ include "netmaker.fullname" . }}-wireguard'
|
||||
spec:
|
||||
externalTrafficPolicy: Local
|
||||
type: NodePort
|
||||
ports:
|
||||
{{ $count := (add .Values.wireguard.networkLimit 1 | int) }}
|
||||
{{- range untilStep 1 $count 1 }}
|
||||
- port: {{ add 31820 . }}
|
||||
nodePort: {{ add 31820 . }}
|
||||
protocol: UDP
|
||||
targetPort: {{ add 31820 . }}
|
||||
name: wg-iface-{{ add 31820 . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}'
|
||||
{{- end }}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{ include "netmaker.fullname" . }}-test-connection"
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
spec:
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "netmaker.fullname" . }}:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
||||
|
|
@ -1,124 +0,0 @@
|
|||
# Default values for netmaker.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
# -- number of netmaker server replicas to create
|
||||
replicas: 3
|
||||
|
||||
image:
|
||||
# -- The image repo to pull Netmaker image from
|
||||
repository: gravitl/netmaker
|
||||
# -- Pull Policy for images
|
||||
pullPolicy: Always
|
||||
# -- Override the image tag to pull
|
||||
tag: "v0.8.4"
|
||||
|
||||
# -- override the name for netmaker objects
|
||||
nameOverride: ""
|
||||
|
||||
# -- override the full name for netmaker objects
|
||||
fullnameOverride: ""
|
||||
|
||||
serviceAccount:
|
||||
# -- Specifies whether a service account should be created
|
||||
create: true
|
||||
# -- Annotations to add to the service account
|
||||
annotations: {}
|
||||
# -- Name of SA to use. If not set and create is true, a name is generated using the fullname template
|
||||
name: ""
|
||||
|
||||
# -- pod annotations to add
|
||||
podAnnotations: {}
|
||||
|
||||
# -- pod security contect to add
|
||||
podSecurityContext: {}
|
||||
# fsGroup: 2000
|
||||
|
||||
ui:
|
||||
# -- how many UI replicas to create
|
||||
replicas: 2
|
||||
|
||||
setIpForwarding:
|
||||
enabled: true
|
||||
|
||||
service:
|
||||
# -- type for netmaker server services
|
||||
type: ClusterIP
|
||||
# -- port for API service
|
||||
restPort: 8081
|
||||
# -- port for GRPC service
|
||||
grpcPort: 443
|
||||
# -- port for UI service
|
||||
uiPort: 80
|
||||
|
||||
ingress:
|
||||
# -- attempts to configure ingress if true
|
||||
enabled: false
|
||||
tls:
|
||||
enabled: true
|
||||
issuerName: "letsencrypt-prod"
|
||||
annotations:
|
||||
base:
|
||||
# -- annotation to generate ACME certs if available
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
tls:
|
||||
# -- use acme cert if available
|
||||
kubernetes.io/tls-acme: "true"
|
||||
nginx:
|
||||
# -- Redirect http to https
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
||||
# -- destination addr for route
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
traefik:
|
||||
# -- Redirect to https
|
||||
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
||||
# -- Redirect to https permanently
|
||||
traefik.ingress.kubernetes.io/redirect-permanent: "true"
|
||||
# -- rule type
|
||||
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
|
||||
# -- enforce https
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
# -- enforce tls
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
grpc:
|
||||
nginx:
|
||||
# -- annotation to use grpc protocol on grpc domain
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
||||
traefik:
|
||||
# -- annotation to use grpc protocol on grpc domain
|
||||
ingress.kubernetes.io/protocol: "h2c"
|
||||
hostPrefix:
|
||||
# -- ui route subdomain
|
||||
ui: 'dashboard.'
|
||||
# -- api (REST) route subdomain
|
||||
rest: 'api.'
|
||||
# -- grpc route subdomain
|
||||
grpc: 'grpc.'
|
||||
|
||||
wireguard:
|
||||
# -- whether or not to use WireGuard on server
|
||||
enabled: true
|
||||
# -- whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts).
|
||||
kernel: false
|
||||
# -- max number of networks that Netmaker will support if running with WireGuard enabled
|
||||
networkLimit: 10
|
||||
|
||||
dns:
|
||||
# -- whether or not to run with DNS (CoreDNS)
|
||||
enabled: false
|
||||
# -- volume size for DNS (only needs to hold one file)
|
||||
storageSize: 128Mi
|
||||
|
||||
postgresql-ha:
|
||||
postgresql:
|
||||
# -- postgres user to generate
|
||||
username: netmaker
|
||||
# -- postgres pass to generate
|
||||
password: netmaker
|
||||
# -- postgress db to generate
|
||||
database: netmaker
|
||||
# -- postgress number of replicas to deploy
|
||||
replicaCount: 2
|
||||
persistence:
|
||||
# -- size of postgres DB
|
||||
size: 3Gi
|
||||
|
|
@ -280,6 +280,7 @@ func setPeerInfo(node models.Node) models.Node {
|
|||
peer.IsRelayed = node.IsRelayed
|
||||
peer.PublicKey = node.PublicKey
|
||||
peer.Endpoint = node.Endpoint
|
||||
peer.Name = node.Name
|
||||
peer.LocalAddress = node.LocalAddress
|
||||
peer.ListenPort = node.ListenPort
|
||||
peer.AllowedIPs = node.AllowedIPs
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ func Pull(cfg config.ClientConfig) error {
|
|||
}
|
||||
|
||||
func List(cfg config.ClientConfig) error {
|
||||
err := functions.List()
|
||||
err := functions.List(cfg.Network)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -97,6 +97,13 @@ WantedBy=timers.target
|
|||
return nil
|
||||
}
|
||||
|
||||
func CleanupLinux() {
|
||||
err := os.RemoveAll(ncutils.GetNetclientPath())
|
||||
if err != nil {
|
||||
ncutils.PrintLog("Removing netclient binary: "+err.Error(), 1)
|
||||
}
|
||||
}
|
||||
|
||||
// RemoveSystemDServices - removes the systemd services on a machine
|
||||
func RemoveSystemDServices() error {
|
||||
//sysExec, err := exec.LookPath("systemctl")
|
||||
|
|
|
|||
|
|
@ -158,6 +158,8 @@ func Uninstall() error {
|
|||
daemon.CleanupWindows()
|
||||
} else if ncutils.IsMac() {
|
||||
daemon.CleanupMac()
|
||||
} else if ncutils.IsLinux() {
|
||||
daemon.CleanupLinux()
|
||||
} else if !ncutils.IsKernel() {
|
||||
ncutils.PrintLog("manual cleanup required", 1)
|
||||
}
|
||||
|
|
@ -255,32 +257,6 @@ func DeleteInterface(ifacename string, postdown string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// List - lists all networks on local machine
|
||||
func List() error {
|
||||
|
||||
networks, err := ncutils.GetSystemNetworks()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, network := range networks {
|
||||
cfg, err := config.ReadConfig(network)
|
||||
if err == nil {
|
||||
jsoncfg, _ := json.Marshal(
|
||||
map[string]string{
|
||||
"Name": cfg.Node.Name,
|
||||
"Interface": cfg.Node.Interface,
|
||||
"PrivateIPv4": cfg.Node.Address,
|
||||
"PrivateIPv6": cfg.Node.Address6,
|
||||
"PublicEndpoint": cfg.Node.Endpoint,
|
||||
})
|
||||
fmt.Println(network + ": " + string(jsoncfg))
|
||||
} else {
|
||||
ncutils.PrintLog(network+": Could not retrieve network configuration.", 1)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// WipeLocal - wipes local instance
|
||||
func WipeLocal(network string) error {
|
||||
cfg, err := config.ReadConfig(network)
|
||||
|
|
|
|||
128
netclient/functions/list.go
Normal file
128
netclient/functions/list.go
Normal file
|
|
@ -0,0 +1,128 @@
|
|||
package functions
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
nodepb "github.com/gravitl/netmaker/grpc"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/gravitl/netmaker/netclient/auth"
|
||||
"github.com/gravitl/netmaker/netclient/config"
|
||||
"github.com/gravitl/netmaker/netclient/ncutils"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/metadata"
|
||||
)
|
||||
|
||||
type Peer struct {
|
||||
Name string `json:"name"`
|
||||
Interface string `json:"interface,omitempty"`
|
||||
PrivateIPv4 string `json:"private_ipv4,omitempty"`
|
||||
PrivateIPv6 string `json:"private_ipv6,omitempty"`
|
||||
PublicEndpoint string `json:"public_endoint,omitempty"`
|
||||
}
|
||||
|
||||
type Network struct {
|
||||
Name string `json:"name"`
|
||||
CurrentNode Peer `json:"current_node"`
|
||||
Peers []Peer `json:"peers"`
|
||||
}
|
||||
|
||||
func List(network string) error {
|
||||
nets := []Network{}
|
||||
var err error
|
||||
var networks []string
|
||||
if network == "all" {
|
||||
networks, err = ncutils.GetSystemNetworks()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
networks = append(networks, network)
|
||||
}
|
||||
|
||||
for _, network := range networks {
|
||||
net, err := getNetwork(network)
|
||||
if err != nil {
|
||||
ncutils.PrintLog(network+": Could not retrieve network configuration.", 1)
|
||||
return err
|
||||
}
|
||||
nets = append(nets, net)
|
||||
}
|
||||
|
||||
jsoncfg, _ := json.Marshal(struct {
|
||||
Networks []Network `json:"networks"`
|
||||
}{nets})
|
||||
fmt.Println(string(jsoncfg))
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getNetwork(network string) (Network, error) {
|
||||
cfg, err := config.ReadConfig(network)
|
||||
if err != nil {
|
||||
return Network{}, fmt.Errorf("reading configuration for network %v: %w", network, err)
|
||||
}
|
||||
peers, err := getPeers(network)
|
||||
if err != nil {
|
||||
return Network{}, fmt.Errorf("listing peers for network %v: %w", network, err)
|
||||
}
|
||||
return Network{
|
||||
Name: network,
|
||||
Peers: peers,
|
||||
CurrentNode: Peer{
|
||||
Name: cfg.Node.Name,
|
||||
Interface: cfg.Node.Interface,
|
||||
PrivateIPv4: cfg.Node.Address,
|
||||
PrivateIPv6: cfg.Node.Address6,
|
||||
PublicEndpoint: cfg.Node.Endpoint,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func getPeers(network string) ([]Peer, error) {
|
||||
cfg, err := config.ReadConfig(network)
|
||||
if err != nil {
|
||||
return []Peer{}, err
|
||||
}
|
||||
nodecfg := cfg.Node
|
||||
var nodes []models.Node
|
||||
|
||||
var wcclient nodepb.NodeServiceClient
|
||||
conn, err := grpc.Dial(cfg.Server.GRPCAddress,
|
||||
ncutils.GRPCRequestOpts(cfg.Server.GRPCSSL))
|
||||
|
||||
if err != nil {
|
||||
return []Peer{}, fmt.Errorf("connecting to %v: %w", cfg.Server.GRPCAddress, err)
|
||||
}
|
||||
defer conn.Close()
|
||||
// Instantiate the BlogServiceClient with our client connection to the server
|
||||
wcclient = nodepb.NewNodeServiceClient(conn)
|
||||
|
||||
req := &nodepb.Object{
|
||||
Data: nodecfg.MacAddress + "###" + nodecfg.Network,
|
||||
Type: nodepb.STRING_TYPE,
|
||||
}
|
||||
|
||||
ctx, err := auth.SetJWT(wcclient, network)
|
||||
if err != nil {
|
||||
return []Peer{}, fmt.Errorf("authenticating: %w", err)
|
||||
}
|
||||
var header metadata.MD
|
||||
|
||||
response, err := wcclient.GetPeers(ctx, req, grpc.Header(&header))
|
||||
if err != nil {
|
||||
return []Peer{}, fmt.Errorf("retrieving peers: %w", err)
|
||||
}
|
||||
if err := json.Unmarshal([]byte(response.GetData()), &nodes); err != nil {
|
||||
return []Peer{}, fmt.Errorf("unmarshaling data for peers: %w", err)
|
||||
}
|
||||
|
||||
peers := []Peer{}
|
||||
for _, node := range nodes {
|
||||
if node.Name != cfg.Node.Name {
|
||||
peers = append(peers, Peer{Name: fmt.Sprintf("%v.%v", node.Name, network), PrivateIPv4: node.Address, PrivateIPv6: node.Address6})
|
||||
}
|
||||
}
|
||||
|
||||
return peers, nil
|
||||
}
|
||||
|
|
@ -26,6 +26,11 @@ func main() {
|
|||
app.Usage = "Netmaker's netclient agent and CLI. Used to perform interactions with Netmaker server and set local WireGuard config."
|
||||
app.Version = "v0.8.4"
|
||||
|
||||
hostname, err := os.Hostname()
|
||||
if err != nil {
|
||||
hostname = ""
|
||||
}
|
||||
|
||||
cliFlags := []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "network",
|
||||
|
|
@ -91,7 +96,7 @@ func main() {
|
|||
&cli.StringFlag{
|
||||
Name: "name",
|
||||
EnvVars: []string{"NETCLIENT_NAME"},
|
||||
Value: "",
|
||||
Value: hostname,
|
||||
Usage: "Identifiable name for machine within Netmaker network.",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
set -e
|
||||
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue