client mode enablement

config/config.go

@@ -53,6 +53,7 @@ type ServerConfig struct {
 	GRPCSSL              string `yaml:"grpcssl"`
 	Version              string `yaml:"version"`
 	SQLConn              string `yaml:"sqlconn"`
+	Platform              string `yaml:"platform"`
 	DefaultNodeLimit     int32  `yaml:"defaultnodelimit"`
 	Verbosity            int32  `yaml:"verbosity"`
 }

controllers/networkHttpController.go

@@ -150,21 +150,6 @@ func getNetworks(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(allnetworks)
 }
 
-func RemoveComms(networks []models.Network) []models.Network {
-	var index int = 100000001
-	for ind, net := range networks {
-		if net.NetID == "comms" {
-			index = ind
-		}
-	}
-	if index == 100000001 {
-		return networks
-	}
-	returnable := make([]models.Network, 0)
-	returnable = append(returnable, networks[:index]...)
-	return append(returnable, networks[index+1:]...)
-}
-
 func ValidateNetworkUpdate(network models.Network) error {
 	v := validator.New()
 
@@ -379,13 +364,15 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
 		returnErrorResponse(w, r, formatError(err, "badrequest"))
 		return
 	}
-	success, err := serverctl.AddNetwork(network.NetID)
+	if servercfg.IsClientMode() {
-	if err != nil || !success {
+		success, err := serverctl.AddNetwork(network.NetID)
-		if err == nil {
+		if err != nil || !success {
-			err = errors.New("Failed to add server to network " + network.DisplayName)
+			if err == nil {
+				err = errors.New("Failed to add server to network " + network.DisplayName)
+			}
+			returnErrorResponse(w, r, formatError(err, "internal"))
+			return
 		}
-		returnErrorResponse(w, r, formatError(err, "internal"))
-		return
 	}
 	functions.PrintUserLog(r.Header.Get("user"), "created network "+network.NetID, 1)
 	w.WriteHeader(http.StatusOK)

database/database.go

@@ -3,7 +3,6 @@ package database
 import (
 	"encoding/json"
 	"errors"
-	"log"
 	"github.com/gravitl/netmaker/servercfg"
 	"github.com/rqlite/gorqlite"
 )

functions/helpers.go

@@ -92,11 +92,25 @@ func CreateServerToken(netID string) (string, error) {
 	}
 
 	var accessToken models.AccessToken
-	servervals := models.ServerConfig{
+	servervals := models.ServerConfig{}
-		APIConnString:  "127.0.0.1:" + servercfg.GetAPIPort(),
+	if servercfg.GetPlatform() == "Kubernetes" {
-		GRPCConnString: "127.0.0.1:" + servercfg.GetGRPCPort(),
+		log.Println("server on kubernetes")
-		GRPCSSL:        "off",
+		servervals = models.ServerConfig{
+			APIConnString:  servercfg.GetPodIP() + ":" + servercfg.GetAPIPort(),
+			GRPCConnString: servercfg.GetPodIP() + ":" + servercfg.GetGRPCPort(),
+			GRPCSSL:        "off",
+		}
+	} else {
+		log.Println("server on linux")
+		servervals = models.ServerConfig{
+			APIConnString:  "127.0.0.1:" + servercfg.GetAPIPort(),
+			GRPCConnString: "127.0.0.1:" + servercfg.GetGRPCPort(),
+			GRPCSSL:        "off",
+		}
 	}
+	log.Println("APIConnString:",servervals.APIConnString)
+	log.Println("GRPCConnString:",servervals.GRPCConnString)
+	log.Println("GRPCSSL:",servervals.GRPCSSL)
 	accessToken.ServerConfig = servervals
 	accessToken.ClientConfig.Network = netID
 	accessToken.ClientConfig.Key = GenKey()
@@ -104,14 +118,12 @@ func CreateServerToken(netID string) (string, error) {
 	accesskey.Name = GenKeyName()
 	accesskey.Value = accessToken.ClientConfig.Key
 	accesskey.Uses = 1
-
 	tokenjson, err := json.Marshal(accessToken)
 	if err != nil {
 		return accesskey.AccessString, err
 	}
-
 	accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
-
+	log.Println("accessstring:",accesskey.AccessString)
 	network.AccessKeys = append(network.AccessKeys, accesskey)
 	if data, err := json.Marshal(network); err != nil {
 		return "", err

kube/netmaker-template-udp.yaml

@@ -0,0 +1,361 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rqlite-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-backend
+  labels:
+    app: netmaker-backend
+spec:
+  nodeSelector:
+    netmaker-server: true
+  selector:
+    matchLabels:
+      app: netmaker-backend
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: netmaker-backend
+    spec:
+      containers:
+      - name: netmaker-backend
+        image: gravitl/netmaker:0.7.2
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8081
+        volumeMounts:
+        - name: nm-pvc
+          mountPath: /root/config/dnsconfig
+        - mountPath: /etc/netclient
+          name: etc-netclient
+        - mountPath: /usr/bin/wg
+          name: wg
+        - mountPath: /var/run/dbus/system_bus_socket
+          name: systemd-bus-socket
+        - mountPath: /sys/fs/cgroup
+          name: cgroup
+        - mountPath: /run/systemd/system
+          name: run-systemd
+        - mountPath: /etc/systemd/system
+          name: etc-systemd
+        securityContext:
+          privileged: true
+        env:
+        - name: SERVER_API_CONN_STRING
+          value: "api.netmaker.goallclouds.com:80"
+        - name: SERVER_GRPC_CONN_STRING
+          value: "grpc.netmaker.goallclouds.com:80"
+        - name: COREDNS_ADDR
+          value: "10.152.183.53"
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: GRPC_SSL
+          value: "on"
+        - name: SERVER_HTTP_HOST
+          value: "api.netmaker.goallclouds.com:443"
+        - name: SERVER_GRPC_HOST
+          value: "grpc.netmaker.goallclouds.com:443"
+        - name: API_PORT
+          value: "8081"
+        - name: GRPC_PORT
+          value: "443"
+        - name: CLIENT_MODE
+          value: "off"
+        - name: MASTER_KEY
+          value: "Unkn0wn!"
+        - name: PLATFORM
+          value: "Kubernetes"
+        - name: CORS_ALLOWED_ORIGIN
+          value: "*"
+      - name: rqlite
+        image: rqlite/rqlite
+        ports:
+        - containerPort: 4001
+        - containerPort: 4002
+        volumeMounts:
+        - name: rqlitevol
+          mountPath: /rqlite/file/data
+      volumes:
+      - name: rqlitevol
+        persistentVolumeClaim:
+          claimName: rqlite-pvc
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+      - hostPath:
+          path: /etc/netclient
+          type: DirectoryOrCreate
+        name: etc-netclient
+      - hostPath:
+          path: /usr/bin/wg
+          type: File
+        name: wg
+      - hostPath:
+          path: /usr/bin/resolvectl
+          type: File
+        name: resolvectl
+      - hostPath:
+          path: /var/run/dbus/system_bus_socket
+          type: ""
+        name: systemd-bus-socket
+      - hostPath:
+          path: /etc/systemd/system
+          type: ""
+        name: etc-systemd
+      - hostPath:
+          path: /run/systemd/system
+          type: ""
+        name: run-systemd
+      - hostPath:
+          path: /sys/fs/cgroup
+          type: ""
+        name: cgroup
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nm-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-api
+spec:
+  ports:
+  - port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-grpc
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-dns
+  labels:
+    app: netmaker-dns
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-dns
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-dns
+    spec:
+      containers:
+      - args:
+        - -conf
+        - /root/dnsconfig/Corefile
+        image: coredns/coredns
+        imagePullPolicy: Always
+        name: netmaker-dns
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /root/dnsconfig
+          name: nm-pvc
+          readOnly: true
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 127.0.0.1
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-dns
+  name: netmaker-dns
+spec:
+  ports:
+  - port: 53
+    protocol: UDP
+    targetPort: 53
+    name: udp
+  - port: 53
+    protocol: TCP
+    targetPort: 53
+    name: tcp
+  selector:
+    app: netmaker-dns
+  sessionAffinity: None
+  type: ClusterIP
+  clusterIP: 10.152.183.53
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+  labels:
+    app: netmaker-ui
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v0.7
+        ports:
+        - containerPort: 80
+        env:
+        - name: BACKEND_URL
+          value: "https://api.NETMAKER_BASE_DOMAIN"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-ui
+  name: netmaker-ui
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: netmaker-ui
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-api-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - api.NETMAKER_BASE_DOMAIN
+    secretName: nm-api-tls
+  rules:
+  - host: api.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-api
+            port:
+              number: 8081
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-grpc-ingress-nginx
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - grpc.NETMAKER_BASE_DOMAIN
+    secretName: nm-grpc-tls
+  rules:
+  - host: grpc.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-grpc
+            port:
+              number: 443
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-ui-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - dashboard.NETMAKER_BASE_DOMAIN
+    secretName: nm-ui-tls
+  rules:
+  - host: dashboard.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-ui
+            port:
+              number: 80

kube/netmaker-template.yaml

@@ -1,45 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: rqlite
-  labels:
-    name: rqlite
-spec:
-  ports:
-    - port: 4001
-      targetPort: 4001
-  clusterIP: None
-  selector:
-    role: rqlite
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: rqlite
-spec:
-  serviceName: "rqlite"
-  replicas: 1
-  selector:
-    matchLabels:
-      role: rqlite
-  template:
-    metadata:
-      labels:
-        app: rqlite
-        role: rqlite
-    spec:
-      containers:
-      - name: rqlite
-        image: rqlite/rqlite
-        ports:
-        - containerPort: 4001
-        volumeMounts:
-        - name: rqlitevol
-          mountPath: /rqlite/file/data
-      volumes:
-      - name: rqlitevol
-        persistentVolumeClaim:
-          claimName: rqlite-pvc
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -59,10 +17,14 @@ metadata:
   labels:
     app: netmaker-backend
 spec:
+  nodeSelector:
+    netmaker-server: true
   selector:
     matchLabels:
       app: netmaker-backend
   replicas: 1
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -70,27 +32,44 @@ spec:
     spec:
       containers:
       - name: netmaker-backend
-        image: gravitl/netmaker:v0.7
+        image: gravitl/netmaker:0.7.2
+        imagePullPolicy: Always
         ports:
         - containerPort: 8081
         volumeMounts:
         - name: nm-pvc
           mountPath: /root/config/dnsconfig
+        - mountPath: /etc/netclient
+          name: etc-netclient
+        - mountPath: /usr/bin/wg
+          name: wg
+        - mountPath: /var/run/dbus/system_bus_socket
+          name: systemd-bus-socket
+        - mountPath: /sys/fs/cgroup
+          name: cgroup
+        - mountPath: /run/systemd/system
+          name: run-systemd
+        - mountPath: /etc/systemd/system
+          name: etc-systemd
+        securityContext:
+          privileged: true
         env:
         - name: SERVER_API_CONN_STRING
-          value: "api.NETMAKER_BASE_DOMAIN:443"
+          value: "api.netmaker.goallclouds.com:80"
         - name: SERVER_GRPC_CONN_STRING
-          value: "grpc.NETMAKER_BASE_DOMAIN:443"
+          value: "grpc.netmaker.goallclouds.com:80"
         - name: COREDNS_ADDR
           value: "10.152.183.53"
-        - name: SQL_CONN
+        - name: POD_IP
-          value: "http://rqlite-0:4001"
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
         - name: GRPC_SSL
           value: "on"
         - name: SERVER_HTTP_HOST
-          value: "api.NETMAKER_BASE_DOMAIN"
+          value: "api.netmaker.goallclouds.com:443"
         - name: SERVER_GRPC_HOST
-          value: "grpc.NETMAKER_BASE_DOMAIN"
+          value: "grpc.netmaker.goallclouds.com:443"
         - name: API_PORT
           value: "8081"
         - name: GRPC_PORT
@@ -99,14 +78,53 @@ spec:
           value: "off"
         - name: MASTER_KEY
           value: "Unkn0wn!"
-        - name: MASTER_KEY
+        - name: PLATFORM
-          value: "secretkey"
+          value: "Kubernetes"
         - name: CORS_ALLOWED_ORIGIN
           value: "*"
+      - name: rqlite
+        image: rqlite/rqlite
+        ports:
+        - containerPort: 4001
+        - containerPort: 4002
+        volumeMounts:
+        - name: rqlitevol
+          mountPath: /rqlite/file/data
       volumes:
+      - name: rqlitevol
+        persistentVolumeClaim:
+          claimName: rqlite-pvc
       - name: nm-pvc
         persistentVolumeClaim:
           claimName: nm-pvc
+      - hostPath:
+          path: /etc/netclient
+          type: DirectoryOrCreate
+        name: etc-netclient
+      - hostPath:
+          path: /usr/bin/wg
+          type: File
+        name: wg
+      - hostPath:
+          path: /usr/bin/resolvectl
+          type: File
+        name: resolvectl
+      - hostPath:
+          path: /var/run/dbus/system_bus_socket
+          type: ""
+        name: systemd-bus-socket
+      - hostPath:
+          path: /etc/systemd/system
+          type: ""
+        name: etc-systemd
+      - hostPath:
+          path: /run/systemd/system
+          type: ""
+        name: run-systemd
+      - hostPath:
+          path: /sys/fs/cgroup
+          type: ""
+        name: cgroup
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

kube/ubuntu.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ubuntu
+  labels:
+    app: ubuntu
+spec:
+  # Uncomment and specify a specific node you want to debug
+  # nodeName: <insert-node-name-here>
+  containers:
+  - image: ubuntu
+    command:
+      - "sleep"
+      - "3600"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu
+    securityContext:
+      privileged: true
+    volumeMounts:
+    - name: rootfolder
+      mountPath: /
+  restartPolicy: Never
+  hostIPC: true
+  hostNetwork: true
+  hostPID: true
+  volumes:
+  - hostPath:
+      path: /
+      type: ""
+    name: rootfolder

models/network.go

@@ -7,7 +7,7 @@ import (
 	"reflect"
 	"strings"
 	"time"
-
+	"github.com/gravitl/netmaker/servercfg"
 	"github.com/go-playground/validator/v10"
 	"github.com/gravitl/netmaker/database"
 )
@@ -215,7 +215,11 @@ func (network *Network) SetNetworkLastModified() {
 
 func (network *Network) SetDefaults() {
 	if network.DefaultUDPHolePunch == "" {
-		network.DefaultUDPHolePunch = "yes"
+		if servercfg.IsClientMode() {
+			network.DefaultUDPHolePunch = "yes"
+		} else {
+			network.DefaultUDPHolePunch = "no"
+		}
 	}
 	if network.IsLocal == "" {
 		network.IsLocal = "no"

servercfg/serverconf.go

@@ -59,6 +59,7 @@ func GetServerConfig() config.ServerConfig {
 	if DisableDefaultNet() {
 		cfg.DisableRemoteIPCheck = "on"
 	}
+	cfg.Platform = GetPlatform()
 	cfg.Version = GetVersion()
 	return cfg
 }
@@ -94,6 +95,14 @@ func GetAPIHost() string {
 	}
 	return serverhost
 }
+func GetPodIP() string {
+	podip := "127.0.0.1"
+	if os.Getenv("POD_IP") != "" {
+		podip = os.Getenv("POD_IP")
+	}
+	return podip
+}
+
 func GetAPIPort() string {
 	apiport := "8081"
 	if os.Getenv("API_PORT") != "" {
@@ -309,6 +318,16 @@ func GetVerbose() int32 {
 	return int32(level)
 }
 
+func GetPlatform() string {
+	platform := "linux"
+	if os.Getenv("PLATFORM") != "" {
+		platform = os.Getenv("PLATFORM")
+	} else if config.Config.Server.Platform != ""  {
+		platform = config.Config.Server.SQLConn
+	}
+	return platform
+}
+
 func GetSQLConn() string {
 	sqlconn := "http://"
 	if os.Getenv("SQL_CONN") != "" {