diff --git a/docker/Dockerfile-userspace b/docker/Dockerfile-userspace index 578f78ba..9307caba 100644 --- a/docker/Dockerfile-userspace +++ b/docker/Dockerfile-userspace @@ -10,7 +10,17 @@ RUN git clone https://git.zx2c4.com/wireguard-go && \ make && \ make install +ENV WITH_WGQUICK=yes +RUN git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + cd src && \ + make && \ + make install + FROM gravitl/netmaker:${NM_VERSION} -RUN apk add --no-cache --update libmnl iptables openresolv iproute2 +RUN apk add --no-cache --update bash libmnl iptables openresolv iproute2 COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/ +COPY scripts/userspace-entrypoint.sh ./entrypoint.sh + +ENTRYPOINT ["/bin/sh", "./entrypoint.sh"] diff --git a/docker/Dockerfile-wg-quick b/docker/Dockerfile-wg-quick deleted file mode 100644 index 07871ea8..00000000 --- a/docker/Dockerfile-wg-quick +++ /dev/null @@ -1,23 +0,0 @@ -ARG NM_VERSION= - -FROM gravitl/builder as builder - -RUN apk add --update git build-base libmnl-dev iptables - -WORKDIR /root/ -RUN git clone https://git.zx2c4.com/wireguard-go && \ - cd wireguard-go && \ - make && \ - make install - -ENV WITH_WGQUICK=yes -RUN git clone https://git.zx2c4.com/wireguard-tools && \ - cd wireguard-tools && \ - cd src && \ - make && \ - make install - -FROM gravitl/netmaker:${NM_VERSION} - -RUN apk add --no-cache --update bash libmnl iptables openresolv iproute2 -COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/ diff --git a/kube/helm/netmaker/Chart.lock b/kube/helm/netmaker/Chart.lock new file mode 100644 index 00000000..035a2f3b --- /dev/null +++ b/kube/helm/netmaker/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 7.11.0 +digest: sha256:849759b9fd9d89bf0d47a271334889601010d1d11dd5c00562c18feafd93356d +generated: "2021-10-13T14:02:45.428151972-04:00" diff --git a/kube/helm/netmaker/Chart.yaml b/kube/helm/netmaker/Chart.yaml new file mode 100644 index 00000000..515720aa --- /dev/null +++ b/kube/helm/netmaker/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: netmaker +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.9.0" + +dependencies: + - name: "postgresql-ha" + version: "7.11.0" + repository: https://charts.bitnami.com/bitnami diff --git a/kube/helm/netmaker/charts/postgresql-ha-7.11.0.tgz b/kube/helm/netmaker/charts/postgresql-ha-7.11.0.tgz new file mode 100644 index 00000000..6c79ddd5 Binary files /dev/null and b/kube/helm/netmaker/charts/postgresql-ha-7.11.0.tgz differ diff --git a/kube/helm/netmaker/templates/NOTES.txt b/kube/helm/netmaker/templates/NOTES.txt new file mode 100644 index 00000000..53b369ed --- /dev/null +++ b/kube/helm/netmaker/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "netmaker.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netmaker.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "netmaker.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "netmaker.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/kube/helm/netmaker/templates/_helpers.tpl b/kube/helm/netmaker/templates/_helpers.tpl new file mode 100644 index 00000000..4e815fb2 --- /dev/null +++ b/kube/helm/netmaker/templates/_helpers.tpl @@ -0,0 +1,70 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "netmaker.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "netmaker.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "netmaker.masterKey" -}} +{{- randAlphaNum 12 | nospace -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "netmaker.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "netmaker.labels" -}} +helm.sh/chart: {{ include "netmaker.chart" . }} +{{ include "netmaker.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "netmaker.selectorLabels" -}} +app.kubernetes.io/name: {{ include "netmaker.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "netmaker.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "netmaker.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/kube/helm/netmaker/templates/coredns.yaml b/kube/helm/netmaker/templates/coredns.yaml new file mode 100644 index 00000000..8102ac82 --- /dev/null +++ b/kube/helm/netmaker/templates/coredns.yaml @@ -0,0 +1,85 @@ +{{- if .Values.dns.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "netmaker.fullname" . }}-coredns + labels: + app: {{ include "netmaker.fullname" . }}-coredns +spec: + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }}-coredns + replicas: 1 + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }}-coredns + spec: + containers: + - args: + - -conf + - /root/dnsconfig/Corefile + image: coredns/coredns + imagePullPolicy: Always + name: netmaker-dns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + volumeMounts: + - mountPath: /root/dnsconfig + name: {{ include "netmaker.fullname" . }}-dns-pvc + readOnly: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + dnsPolicy: "None" + dnsConfig: + nameservers: + - 127.0.0.1 + volumes: + - name: {{ include "netmaker.fullname" . }}-dns-pvc + persistentVolumeClaim: + claimName: {{ include "netmaker.fullname" . }}-dns-pvc +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ include "netmaker.fullname" . }}-coredns + name: {{ include "netmaker.fullname" . }}-coredns +spec: + ports: + - port: 53 + protocol: UDP + targetPort: 53 + name: udp + - port: 53 + protocol: TCP + targetPort: 53 + name: tcp + selector: + app: {{ include "netmaker.fullname" . }}-coredns + sessionAffinity: None + type: ClusterIP + clusterIP: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP}} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "netmaker.fullname" . }}-dns-pvc +spec: + storageClassName: {{ required "A valid .Values.dns.RWX.storageClassName entry required! Specify an available RWX storage class." .Values.dns.RWX.storageClassName}} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.dns.storageSize }} +{{- end }} \ No newline at end of file diff --git a/kube/helm/netmaker/templates/hpa.yaml b/kube/helm/netmaker/templates/hpa.yaml new file mode 100644 index 00000000..073e7c0e --- /dev/null +++ b/kube/helm/netmaker/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "netmaker.fullname" . }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "netmaker.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/kube/helm/netmaker/templates/ingress.yaml b/kube/helm/netmaker/templates/ingress.yaml new file mode 100644 index 00000000..d43b8a0e --- /dev/null +++ b/kube/helm/netmaker/templates/ingress.yaml @@ -0,0 +1,142 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "netmaker.fullname" . -}} +{{- $fullUIName := printf "%s-%s" $fullName "ui" -}} +{{- $fullRESTName := printf "%s-%s" $fullName "rest" -}} +{{- $fullGRPCName := printf "%s-%s" $fullName "grpc" -}} +{{- $uiSvcPort := .Values.service.uiPort -}} +{{- $restSvcPort := .Values.service.restPort -}} +{{- $grpcSvcPort := .Values.service.grpcPort -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullUIName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + tls: + - hosts: + - {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }} + secretName: {{ $fullUIName }}-tls-secret + rules: + - host: {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullUIName }} + port: + number: {{ $uiSvcPort }} + {{- else }} + serviceName: {{ $fullUIName }} + servicePort: {{ $uiSvcPort }} + {{- end }} +--- +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullRESTName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + tls: + - hosts: + - {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }} + secretName: {{ $fullRESTName }}-tls-secret + rules: + - host: {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullRESTName }} + port: + number: {{ $restSvcPort }} + {{- else }} + serviceName: {{ $fullRESTName }} + servicePort: {{ $restSvcPort }} + {{- end }} +--- +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullGRPCName }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.ingress.grpcAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + tls: + - hosts: + - {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + secretName: {{ $fullGRPCName }}-tls-secret + rules: + - host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullGRPCName }} + port: + number: {{ $grpcSvcPort }} + {{- else }} + serviceName: {{ $fullGRPCName }} + servicePort: {{ $grpcSvcPort }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/kube/helm/netmaker/templates/netmaker-statefulset.yaml b/kube/helm/netmaker/templates/netmaker-statefulset.yaml new file mode 100644 index 00000000..64c3a1c2 --- /dev/null +++ b/kube/helm/netmaker/templates/netmaker-statefulset.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: {{ include "netmaker.fullname" . }} + name: {{ include "netmaker.fullname" . }} +spec: + replicas: {{ .Values.replicas }} + serviceName: {{ include "netmaker.fullname" . }}-headless + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }} + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }} + spec: + {{- if .Values.wireguard.enabled }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ include "netmaker.fullname" . }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + containers: + - env: + - name: SERVER_API_CONN_STRING + value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443 + - name: SERVER_GRPC_CONN_STRING + value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443 + - name: GRPC_SSL + value: "on" + - name: SERVER_HTTP_HOST + value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} + - name: SERVER_GRPC_HOST + value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} + - name: API_PORT + value: "8081" + {{- if not .Values.wireguard.kernel }} + - name: WG_QUICK_USERSPACE_IMPLEMENTATION + value: wireguard-go + {{- end }} + - name: GRPC_PORT + value: "443" + {{- if .Values.dns.enabled }} + - name: DNS_MODE + value: "on" + - name: COREDNS_ADDR + value: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP }} + {{- else }} + - name: DNS_MODE + value: "off" + {{- end }} + {{- if .Values.wireguard.enabled }} + - name: CLIENT_MODE + value: "on" + {{- else }} + - name: CLIENT_MODE + value: "off" + {{- end }} + - name: MASTER_KEY + value: {{ include "netmaker.masterKey" . }} + - name: PLATFORM + value: Kubernetes + - name: CORS_ALLOWED_ORIGIN + value: '*' + - name: NODE_ID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SQL_HOST + value: '{{ .Release.Name }}-postgresql-ha-pgpool.{{ .Release.Namespace }}.svc.cluster.local' + - name: SQL_PORT + value: "5432" + - name: SQL_DB + value: {{ index .Values "postgresql-ha" "postgresql" "database" }} + - name: SQL_USER + value: {{ index .Values "postgresql-ha" "postgresql" "username" }} + - name: SQL_PASS + value: {{ index .Values "postgresql-ha" "postgresql" "password" }} + - name: DATABASE + value: postgres + {{- if or (not .Values.wireguard.enabled) (.Values.wireguard.kernel) }} + image: gravitl/netmaker:v0.8.4 + {{- else }} + image: gravitl/netmaker:v0.8.4-userspace + {{- end }} + imagePullPolicy: Always + name: {{ include "netmaker.fullname" . }} + ports: + - containerPort: 8081 + protocol: TCP + - containerPort: 443 + protocol: TCP + resources: {} + {{- if .Values.wireguard.enabled }} + securityContext: + capabilities: + add: + - NET_ADMIN + {{- end }} + {{- if .Values.dns.enabled }} + volumeMounts: + - name: {{ include "netmaker.fullname" . }}-dns-pvc + mountPath: /root/config/dnsconfig + volumes: + - name: {{ include "netmaker.fullname" . }}-dns-pvc + persistentVolumeClaim: + claimName: {{ include "netmaker.fullname" . }}-dns-pvc + {{- end }} \ No newline at end of file diff --git a/kube/helm/netmaker/templates/netmaker-ui-deployment.yaml b/kube/helm/netmaker/templates/netmaker-ui-deployment.yaml new file mode 100644 index 00000000..4d0d20bc --- /dev/null +++ b/kube/helm/netmaker/templates/netmaker-ui-deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ include "netmaker.fullname" . }}-ui + name: {{ include "netmaker.fullname" . }}-ui +spec: + replicas: {{ .Values.ui.replicas }} + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }}-ui + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }}-ui + spec: + containers: + - name: {{ include "netmaker.fullname" . }}-ui + image: gravitl/netmaker-ui:v0.8 + ports: + - containerPort: 80 + env: + - name: BACKEND_URL + value: 'https://{{ .Values.ingress.hostPrefix.rest }}{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}' \ No newline at end of file diff --git a/kube/helm/netmaker/templates/serviceaccount.yaml b/kube/helm/netmaker/templates/serviceaccount.yaml new file mode 100644 index 00000000..f44de451 --- /dev/null +++ b/kube/helm/netmaker/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "netmaker.serviceAccountName" . }} + labels: + {{- include "netmaker.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/kube/helm/netmaker/templates/services.yaml b/kube/helm/netmaker/templates/services.yaml new file mode 100644 index 00000000..1be803d7 --- /dev/null +++ b/kube/helm/netmaker/templates/services.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-ui' +spec: + ports: + - port: {{ .Values.service.uiPort }} + protocol: TCP + targetPort: {{ .Values.service.uiPort }} + selector: + app: '{{ include "netmaker.fullname" . }}-ui' + sessionAffinity: None + type: '{{ .Values.service.type }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-rest' +spec: + ports: + - name: rest + port: {{ .Values.service.restPort }} + protocol: TCP + targetPort: {{ .Values.service.restPort }} + selector: + app: '{{ include "netmaker.fullname" . }}' + sessionAffinity: None + type: {{ .Values.service.type }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "netmaker.labels" . | nindent 4 }} + name: '{{ include "netmaker.fullname" . }}-grpc' +spec: + ports: + - name: rest + port: {{ .Values.service.grpcPort }} + protocol: TCP + targetPort: {{ .Values.service.grpcPort }} + selector: + app: '{{ include "netmaker.fullname" . }}' + sessionAffinity: None + type: {{ .Values.service.type }} \ No newline at end of file diff --git a/kube/helm/netmaker/templates/tests/test-connection.yaml b/kube/helm/netmaker/templates/tests/test-connection.yaml new file mode 100644 index 00000000..c0d498cc --- /dev/null +++ b/kube/helm/netmaker/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "netmaker.fullname" . }}-test-connection" + labels: + {{- include "netmaker.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "netmaker.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/kube/helm/netmaker/values.yaml b/kube/helm/netmaker/values.yaml new file mode 100644 index 00000000..d5d789d4 --- /dev/null +++ b/kube/helm/netmaker/values.yaml @@ -0,0 +1,114 @@ +# Default values for netmaker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicas: 3 + +image: + repository: gravitl/netmaker + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.8.4" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +isKernel: false +isClient: true + +ui: + replicas: 2 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + restPort: 8081 + grpcPort: 443 + uiPort: 80 + +ingress: + enabled: false + className: "" + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + grpcAnnotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + hostPrefix: + ui: 'dashboard.' + rest: 'api.' + grpc: 'grpc.' + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +wireguard: + enabled: true + kernel: false + +dns: + enabled: false + storageSize: 128Mi + +postgresql-ha: + postgresql: + username: netmaker + password: netmaker + database: netmaker + persistence: + size: 3Gi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +netmakerUI: + + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/logic/wireguard.go b/logic/wireguard.go index 0184e33a..e79ce5a4 100644 --- a/logic/wireguard.go +++ b/logic/wireguard.go @@ -125,6 +125,7 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig time.Sleep(time.Second >> 2) d, _ = wgclient.Device(deviceiface) } + time.Sleep(time.Second >> 2) err = applyWGQuickConf(confPath) if err != nil { Log("failed to create wireguard interface", 1) diff --git a/scripts/userspace-entrypoint.sh b/scripts/userspace-entrypoint.sh new file mode 100644 index 00000000..1cfe316f --- /dev/null +++ b/scripts/userspace-entrypoint.sh @@ -0,0 +1,6 @@ +# If running userspace wireguard in Docker, create missing tun device. +if [ ! -d /dev/net ]; then mkdir /dev/net; fi +if [ ! -e /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi + +# Wait and then run netmaker. +/bin/sh -c "sleep 3; ./netmaker" \ No newline at end of file diff --git a/serverctl/serverctl.go b/serverctl/serverctl.go index d41cb72e..8eb601d0 100644 --- a/serverctl/serverctl.go +++ b/serverctl/serverctl.go @@ -106,11 +106,7 @@ func HandleContainedClient() error { for _, serverNet := range servernets { err = logic.ServerCheckin(servercfg.GetNodeID(), serverNet.NetID) if err != nil { - logic.Log("error occurred during server checkin, running a pull: "+err.Error(), 1) - _, err = logic.ServerPull(servercfg.GetNodeID(), serverNet.NetID, true) - if err != nil { - logic.Log("error when pulling after checkin: "+err.Error(), 1) - } + logic.Log("error occurred during server checkin: "+err.Error(), 1) } } logic.Log("completed a checkin call", 3)