Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using tunneling internally. WIP #809

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 7 additions & 20 deletions internal/controller/controlplane/k0s_controlplane_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -188,19 +188,13 @@
err := c.Client.Get(ctx, client.ObjectKey{Namespace: cluster.Namespace, Name: secretName}, &corev1.Secret{})
if err != nil {
if apierrors.IsNotFound(err) {
return kubeconfig.CreateSecret(ctx, c.Client, cluster)
}
return err
}

if kcp.Spec.K0sConfigSpec.Tunneling.Enabled {
if kcp.Spec.K0sConfigSpec.Tunneling.Mode == "proxy" {
secretName := secret.Name(cluster.Name+"-proxied", secret.Kubeconfig)
err := c.Client.Get(ctx, client.ObjectKey{Namespace: cluster.Namespace, Name: secretName}, &corev1.Secret{})
if err != nil {
if apierrors.IsNotFound(err) {
if !kcp.Spec.K0sConfigSpec.Tunneling.Enabled {
return kubeconfig.CreateSecret(ctx, c.Client, cluster)
} else {
secretName := secret.Name(cluster.Name, secret.Kubeconfig)
if kcp.Spec.K0sConfigSpec.Tunneling.Mode == "proxy" {
kc, err := c.generateKubeconfig(ctx, cluster, fmt.Sprintf("https://%s", cluster.Spec.ControlPlaneEndpoint.String()))
if err != nil {

Check warning on line 197 in internal/controller/controlplane/k0s_controlplane_controller.go

View workflow job for this annotation

GitHub Actions / Lint

indent-error-flow: if block ends with a return statement, so drop this else and outdent its block (revive)
return err
}

Expand All @@ -212,14 +206,7 @@
if err != nil {
return err
}
}
return err
}
} else {
secretName := secret.Name(cluster.Name+"-tunneled", secret.Kubeconfig)
err := c.Client.Get(ctx, client.ObjectKey{Namespace: cluster.Namespace, Name: secretName}, &corev1.Secret{})
if err != nil {
if apierrors.IsNotFound(err) {
} else {
kc, err := c.generateKubeconfig(ctx, cluster, fmt.Sprintf("https://%s:%d", kcp.Spec.K0sConfigSpec.Tunneling.ServerAddress, kcp.Spec.K0sConfigSpec.Tunneling.TunnelingNodePort))
if err != nil {
return err
Expand All @@ -230,9 +217,9 @@
return err
}
}
return err
}
}
return err
}

return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,19 +93,13 @@
}()
s.T().Log("cluster objects applied, waiting for cluster to be ready")

var localPort int
err := wait.PollUntilContextCancel(s.ctx, 1*time.Second, true, func(ctx context.Context) (bool, error) {
localPort, _ = getLBPort("docker-test-cluster-lb")
return localPort > 0, nil
})
s.Require().NoError(err)

localPort := 31443
s.T().Log("waiting to see admin kubeconfig secret")
kmcKC, err := util.GetKMCClientSet(s.ctx, s.client, "docker-test-cluster", "default", localPort)
s.Require().NoError(err)

err = wait.PollUntilContextCancel(s.ctx, 1*time.Second, true, func(ctx context.Context) (bool, error) {
b, _ := s.client.RESTClient().
b, _ := kmcKC.RESTClient().
Get().
AbsPath("/healthz").
DoRaw(context.Background())
Expand Down Expand Up @@ -134,29 +128,6 @@
s.Require().NoError(util.WaitForDeployment(s.ctx, kmcKC, "frpc", "kube-system"))

s.T().Log("checking connectivity to the child cluster via tunnel")

forwardedPort := 31443

tunneledKmcKC, err := GetKMCClientSetWithProxy(s.ctx, s.client, "docker-test-cluster-proxied", "default", forwardedPort)
s.Require().NoError(err)

s.T().Log("check for node to be ready via tunnel")
err = wait.PollUntilContextCancel(s.ctx, 1*time.Second, true, func(ctx context.Context) (bool, error) {
resp, err := tunneledKmcKC.RESTClient().
Get().
AbsPath("/healthz").
DoRaw(context.Background())
if err != nil {
return false, nil
}

return "ok" == string(resp), nil
})
s.Require().NoError(err)

s.Require().NoError(util.WaitForNodeReadyStatus(s.ctx, tunneledKmcKC, "docker-test-worker-0", corev1.ConditionTrue))

s.Require().NoError(util.WaitForDeployment(s.ctx, tunneledKmcKC, "frpc", "kube-system"))
}

func GetKMCClientSetWithProxy(ctx context.Context, kc *kubernetes.Clientset, name string, namespace string, port int) (*kubernetes.Clientset, error) {
Expand Down Expand Up @@ -194,7 +165,7 @@
s.Require().NoError(err, "failed to delete cluster objects: %s", string(out))
}

func getLBPort(name string) (int, error) {

Check failure on line 168 in inttest/capi-controlplane-docker-tunneling-proxy/capi_controlplane_docker_tunneling_proxy_test.go

View workflow job for this annotation

GitHub Actions / Lint

func `getLBPort` is unused (unused)
b, err := exec.Command("docker", "inspect", name, "--format", "{{json .NetworkSettings.Ports}}").Output()
if err != nil {
return 0, fmt.Errorf("failed to get inspect info from container %s: %w", name, err)
Expand Down Expand Up @@ -251,6 +222,9 @@
replicas: 1
version: v1.27.1+k0s.0
k0sConfigSpec:
args:
- --enable-worker
- --no-taints
tunneling:
enabled: true
mode: proxy
Expand Down
Loading