zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-25 01:40:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

merge fix

Browse Source
This commit is contained in:
0xdcarns
2021-10-15 08:40:42 -04:00
parent 618808bff1 eaa7597a05
commit 5db0e5ea4d
19 changed files with 733 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docker/Dockerfile-userspace
View File

@@ -10,7 +10,17 @@ RUN git clone https://git.zx2c4.com/wireguard-go && \
make && \ make && \
make install make install
ENV WITH_WGQUICK=yes
RUN git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
cd src && \
make && \
make install
FROM gravitl/netmaker:${NM_VERSION} FROM gravitl/netmaker:${NM_VERSION}
RUN apk add --no-cache --update libmnl iptables openresolv iproute2 RUN apk add --no-cache --update bash libmnl iptables openresolv iproute2
COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/ COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/
COPY scripts/userspace-entrypoint.sh ./entrypoint.sh
ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]

23
docker/Dockerfile-wg-quick
View File

@@ -1,23 +0,0 @@
ARG NM_VERSION=
FROM gravitl/builder as builder
RUN apk add --update git build-base libmnl-dev iptables
WORKDIR /root/
RUN git clone https://git.zx2c4.com/wireguard-go && \
cd wireguard-go && \
make && \
make install
ENV WITH_WGQUICK=yes
RUN git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
cd src && \
make && \
make install
FROM gravitl/netmaker:${NM_VERSION}
RUN apk add --no-cache --update bash libmnl iptables openresolv iproute2
COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/

6
kube/helm/netmaker/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: postgresql-ha
repository: https://charts.bitnami.com/bitnami
version: 7.11.0
digest: sha256:849759b9fd9d89bf0d47a271334889601010d1d11dd5c00562c18feafd93356d
generated: "2021-10-13T14:02:45.428151972-04:00"

29
kube/helm/netmaker/Chart.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v2
name: netmaker
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.9.0"
dependencies:
- name: "postgresql-ha"
version: "7.11.0"
repository: https://charts.bitnami.com/bitnami

BIN
kube/helm/netmaker/charts/postgresql-ha-7.11.0.tgz Normal file
View File

Binary file not shown.

22
kube/helm/netmaker/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "netmaker.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netmaker.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "netmaker.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "netmaker.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

70
kube/helm/netmaker/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,70 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "netmaker.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "netmaker.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "netmaker.masterKey" -}}
{{- randAlphaNum 12 | nospace -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "netmaker.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "netmaker.labels" -}}
helm.sh/chart: {{ include "netmaker.chart" . }}
{{ include "netmaker.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "netmaker.selectorLabels" -}}
app.kubernetes.io/name: {{ include "netmaker.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "netmaker.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "netmaker.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

85
kube/helm/netmaker/templates/coredns.yaml Normal file
View File

@@ -0,0 +1,85 @@
{{- if .Values.dns.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "netmaker.fullname" . }}-coredns
labels:
app: {{ include "netmaker.fullname" . }}-coredns
spec:
selector:
matchLabels:
app: {{ include "netmaker.fullname" . }}-coredns
replicas: 1
template:
metadata:
labels:
app: {{ include "netmaker.fullname" . }}-coredns
spec:
containers:
- args:
- -conf
- /root/dnsconfig/Corefile
image: coredns/coredns
imagePullPolicy: Always
name: netmaker-dns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
volumeMounts:
- mountPath: /root/dnsconfig
name: {{ include "netmaker.fullname" . }}-dns-pvc
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
dnsPolicy: "None"
dnsConfig:
nameservers:
- 127.0.0.1
volumes:
- name: {{ include "netmaker.fullname" . }}-dns-pvc
persistentVolumeClaim:
claimName: {{ include "netmaker.fullname" . }}-dns-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ include "netmaker.fullname" . }}-coredns
name: {{ include "netmaker.fullname" . }}-coredns
spec:
ports:
- port: 53
protocol: UDP
targetPort: 53
name: udp
- port: 53
protocol: TCP
targetPort: 53
name: tcp
selector:
app: {{ include "netmaker.fullname" . }}-coredns
sessionAffinity: None
type: ClusterIP
clusterIP: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP}}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "netmaker.fullname" . }}-dns-pvc
spec:
storageClassName: {{ required "A valid .Values.dns.RWX.storageClassName entry required! Specify an available RWX storage class." .Values.dns.RWX.storageClassName}}
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.dns.storageSize }}
{{- end }}

28
kube/helm/netmaker/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "netmaker.fullname" . }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "netmaker.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

142
kube/helm/netmaker/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,142 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "netmaker.fullname" . -}}
{{- $fullUIName := printf "%s-%s" $fullName "ui" -}}
{{- $fullRESTName := printf "%s-%s" $fullName "rest" -}}
{{- $fullGRPCName := printf "%s-%s" $fullName "grpc" -}}
{{- $uiSvcPort := .Values.service.uiPort -}}
{{- $restSvcPort := .Values.service.restPort -}}
{{- $grpcSvcPort := .Values.service.grpcPort -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullUIName }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
tls:
- hosts:
- {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }}
secretName: {{ $fullUIName }}-tls-secret
rules:
- host: {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }}
http:
paths:
- path: /
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: Prefix
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullUIName }}
port:
number: {{ $uiSvcPort }}
{{- else }}
serviceName: {{ $fullUIName }}
servicePort: {{ $uiSvcPort }}
{{- end }}
---
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullRESTName }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
tls:
- hosts:
- {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }}
secretName: {{ $fullRESTName }}-tls-secret
rules:
- host: {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }}
http:
paths:
- path: /
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: Prefix
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullRESTName }}
port:
number: {{ $restSvcPort }}
{{- else }}
serviceName: {{ $fullRESTName }}
servicePort: {{ $restSvcPort }}
{{- end }}
---
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullGRPCName }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.ingress.grpcAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
tls:
- hosts:
- {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
secretName: {{ $fullGRPCName }}-tls-secret
rules:
- host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
http:
paths:
- path: /
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: Prefix
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullGRPCName }}
port:
number: {{ $grpcSvcPort }}
{{- else }}
serviceName: {{ $fullGRPCName }}
servicePort: {{ $grpcSvcPort }}
{{- end }}
{{- end }}

118
kube/helm/netmaker/templates/netmaker-statefulset.yaml Normal file
View File

@@ -0,0 +1,118 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: {{ include "netmaker.fullname" . }}
name: {{ include "netmaker.fullname" . }}
spec:
replicas: {{ .Values.replicas }}
serviceName: {{ include "netmaker.fullname" . }}-headless
selector:
matchLabels:
app: {{ include "netmaker.fullname" . }}
template:
metadata:
labels:
app: {{ include "netmaker.fullname" . }}
spec:
{{- if .Values.wireguard.enabled }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ include "netmaker.fullname" . }}
topologyKey: "kubernetes.io/hostname"
{{- end }}
containers:
- env:
- name: SERVER_API_CONN_STRING
value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443
- name: SERVER_GRPC_CONN_STRING
value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443
- name: GRPC_SSL
value: "on"
- name: SERVER_HTTP_HOST
value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
- name: SERVER_GRPC_HOST
value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
- name: API_PORT
value: "8081"
{{- if not .Values.wireguard.kernel }}
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
value: wireguard-go
{{- end }}
- name: GRPC_PORT
value: "443"
{{- if .Values.dns.enabled }}
- name: DNS_MODE
value: "on"
- name: COREDNS_ADDR
value: {{ required "A valid .Values.dns.clusterIP entry required! Choose an IP from your k8s service IP CIDR" .Values.dns.clusterIP }}
{{- else }}
- name: DNS_MODE
value: "off"
{{- end }}
{{- if .Values.wireguard.enabled }}
- name: CLIENT_MODE
value: "on"
{{- else }}
- name: CLIENT_MODE
value: "off"
{{- end }}
- name: MASTER_KEY
value: {{ include "netmaker.masterKey" . }}
- name: PLATFORM
value: Kubernetes
- name: CORS_ALLOWED_ORIGIN
value: '*'
- name: NODE_ID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: SQL_HOST
value: '{{ .Release.Name }}-postgresql-ha-pgpool.{{ .Release.Namespace }}.svc.cluster.local'
- name: SQL_PORT
value: "5432"
- name: SQL_DB
value: {{ index .Values "postgresql-ha" "postgresql" "database" }}
- name: SQL_USER
value: {{ index .Values "postgresql-ha" "postgresql" "username" }}
- name: SQL_PASS
value: {{ index .Values "postgresql-ha" "postgresql" "password" }}
- name: DATABASE
value: postgres
{{- if or (not .Values.wireguard.enabled) (.Values.wireguard.kernel) }}
image: gravitl/netmaker:v0.8.4
{{- else }}
image: gravitl/netmaker:v0.8.4-userspace
{{- end }}
imagePullPolicy: Always
name: {{ include "netmaker.fullname" . }}
ports:
- containerPort: 8081
protocol: TCP
- containerPort: 443
protocol: TCP
resources: {}
{{- if .Values.wireguard.enabled }}
securityContext:
capabilities:
add:
- NET_ADMIN
{{- end }}
{{- if .Values.dns.enabled }}
volumeMounts:
- name: {{ include "netmaker.fullname" . }}-dns-pvc
mountPath: /root/config/dnsconfig
volumes:
- name: {{ include "netmaker.fullname" . }}-dns-pvc
persistentVolumeClaim:
claimName: {{ include "netmaker.fullname" . }}-dns-pvc
{{- end }}

24
kube/helm/netmaker/templates/netmaker-ui-deployment.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ include "netmaker.fullname" . }}-ui
name: {{ include "netmaker.fullname" . }}-ui
spec:
replicas: {{ .Values.ui.replicas }}
selector:
matchLabels:
app: {{ include "netmaker.fullname" . }}-ui
template:
metadata:
labels:
app: {{ include "netmaker.fullname" . }}-ui
spec:
containers:
- name: {{ include "netmaker.fullname" . }}-ui
image: gravitl/netmaker-ui:v0.8
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: 'https://{{ .Values.ingress.hostPrefix.rest }}{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}'

12
kube/helm/netmaker/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "netmaker.serviceAccountName" . }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

49
kube/helm/netmaker/templates/services.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "netmaker.labels" . | nindent 4 }}
name: '{{ include "netmaker.fullname" . }}-ui'
spec:
ports:
- port: {{ .Values.service.uiPort }}
protocol: TCP
targetPort: {{ .Values.service.uiPort }}
selector:
app: '{{ include "netmaker.fullname" . }}-ui'
sessionAffinity: None
type: '{{ .Values.service.type }}'
---
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "netmaker.labels" . | nindent 4 }}
name: '{{ include "netmaker.fullname" . }}-rest'
spec:
ports:
- name: rest
port: {{ .Values.service.restPort }}
protocol: TCP
targetPort: {{ .Values.service.restPort }}
selector:
app: '{{ include "netmaker.fullname" . }}'
sessionAffinity: None
type: {{ .Values.service.type }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "netmaker.labels" . | nindent 4 }}
name: '{{ include "netmaker.fullname" . }}-grpc'
spec:
ports:
- name: rest
port: {{ .Values.service.grpcPort }}
protocol: TCP
targetPort: {{ .Values.service.grpcPort }}
selector:
app: '{{ include "netmaker.fullname" . }}'
sessionAffinity: None
type: {{ .Values.service.type }}

15
kube/helm/netmaker/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "netmaker.fullname" . }}-test-connection"
labels:
{{- include "netmaker.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "netmaker.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

114
kube/helm/netmaker/values.yaml Normal file
View File

@@ -0,0 +1,114 @@
# Default values for netmaker.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicas: 3
image:
repository: gravitl/netmaker
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.8.4"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
isKernel: false
isClient: true
ui:
replicas: 2
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
restPort: 8081
grpcPort: 443
uiPort: 80
ingress:
enabled: false
className: ""
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
grpcAnnotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
hostPrefix:
ui: 'dashboard.'
rest: 'api.'
grpc: 'grpc.'
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
wireguard:
enabled: true
kernel: false
dns:
enabled: false
storageSize: 128Mi
postgresql-ha:
postgresql:
username: netmaker
password: netmaker
database: netmaker
persistence:
size: 3Gi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
netmakerUI:
nodeSelector: {}
tolerations: []
affinity: {}

1
logic/wireguard.go
View File

@@ -125,6 +125,7 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
time.Sleep(time.Second >> 2) time.Sleep(time.Second >> 2)
d, _ = wgclient.Device(deviceiface) d, _ = wgclient.Device(deviceiface)
} }
time.Sleep(time.Second >> 2)
err = applyWGQuickConf(confPath) err = applyWGQuickConf(confPath)
if err != nil { if err != nil {
Log("failed to create wireguard interface", 1) Log("failed to create wireguard interface", 1)

6
scripts/userspace-entrypoint.sh Normal file
View File

@@ -0,0 +1,6 @@
# If running userspace wireguard in Docker, create missing tun device.
if [ ! -d /dev/net ]; then mkdir /dev/net; fi
if [ ! -e /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi
# Wait and then run netmaker.
/bin/sh -c "sleep 3; ./netmaker"

6
serverctl/serverctl.go
View File

@@ -106,11 +106,7 @@ func HandleContainedClient() error {
for _, serverNet := range servernets { for _, serverNet := range servernets {
err = logic.ServerCheckin(servercfg.GetNodeID(), serverNet.NetID) err = logic.ServerCheckin(servercfg.GetNodeID(), serverNet.NetID)
if err != nil { if err != nil {
logic.Log("error occurred during server checkin, running a pull: "+err.Error(), 1) logic.Log("error occurred during server checkin: "+err.Error(), 1)
_, err = logic.ServerPull(servercfg.GetNodeID(), serverNet.NetID, true)
if err != nil {
logic.Log("error when pulling after checkin: "+err.Error(), 1)
}
} }
} }
logic.Log("completed a checkin call", 3) logic.Log("completed a checkin call", 3)