-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VM support fixes #123
VM support fixes #123
Commits on Mar 18, 2021
-
clustermesh: Relax cluster validation on Enable
Allow enabling clustermesh with default cluster name and ID (zero) to allow external workloads to be used without explicitly setting cluster ID and/or name. Validate both local and remote cluster config fully when connecting to remote cluster instead. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for 78d75a0 - Browse repository at this point
Copy the full SHA 78d75a0View commit details -
clustermesh: Add support for ClusterIP
Add support for extracting service's ClusterIP and port rather than erroring out. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for 0fd940e - Browse repository at this point
Copy the full SHA 0fd940eView commit details -
clustermesh: Error out if service type is not specified or LoadBalanc…
…er type can not be used Error out if service type is not explicitly set or can not be auto-detected as LoadBalancer type. Warn if service type is set to HostPort. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for 2254d0c - Browse repository at this point
Copy the full SHA 2254d0cView commit details -
clustermesh: Set CNs to etcd user account names
Client certificate's Common Name is used as etcd user account name once TLS based user auth (--client-cert-auth) is enabled. Use the user account names as CNs as follows: - Admin cert: root - Client cert: remote Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for efb399c - Browse repository at this point
Copy the full SHA efb399cView commit details -
clustermesh: Add support for external-workload cert
Add a new cert to be used by External Workloads. Common Name is set to the etcd user account name that has write access to the registation key (externalworkload). Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for 843200b - Browse repository at this point
Copy the full SHA 843200bView commit details -
install: Auto-detect datapath mode for Kind
Auto-detect tunnel mode for Kind and disable kube-proxy replacement to be able to access NodePort services. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for 17ebab0 - Browse repository at this point
Copy the full SHA 17ebab0View commit details -
clustermesh: Fix status when clustermesh is not available
This makes 'cilium clustermesh status' succeed with a warning message instead of failing when Cluster ID and/or Cluster Name has not been set when Cilium was installed. In that case warn like this: ✅ Service "clustermesh-apiserver" of type "NodePort" found
⚠️ Cluster not configured for clustermesh, use '--cluster-id' and '--cluster-name' with 'cilium install'. External workloads may still be configured. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>Configuration menu - View commit details
-
Copy full SHA for 077d821 - Browse repository at this point
Copy the full SHA 077d821View commit details -
clustermesh: Add subcommand 'external-workload' (alias 'vm')
Add 'external-workload' (alias 'vm') subcommands to 'clustermesh': 'cilium clustermesh external-workload status' - Show the status of external workloads 'cilium clustermesh external-workload create <name...>' - Create new Cilium External Workload resource to allow a VM to join A new CEW resource with name <name> is created with a "default" namespace label. Options: '--namespace string' (alias '-n') Specify other than "default" as the namespace label '--labels' Pass a comma separated list of other labels for the identity of the external workload '--ipv4-alloc-cidr string' IPv4 allocation CIDR to be used instead the default picked by the VM (e.g., 10.15.0.0/30) '--ipv6-alloc-cidr string' IPv6 allocation CIDR to be used instead the default picked by the VM (e.g., f00d::a0f:0:0:0/126) 'cilium clustermesh external-workload delete <name...>' - Delete Cilium External Workload resources The named CEW resources will be deleted. External Workloads that have already registered may continue to communicate with the cluster, but may not rergister again. Options: '--all' Delete all CEW resources if none are named on the command line. 'cilium clustermesh external-workload install <file>' - Create an installation script to be used in external workloads to install or uninstall Cilium Write an installation script to the named file. Note that the script inlines the TLS credentials for external workload registration as well as the access details to the your k8s cluster. The file needs to be copied to the external workload (such as a VM) and executed there to install Cilium as a Docker container and connect to your k8s cluster. 'uninstall' parameter to the script will cause the script to uninstall Cilium from the external workload. All these commands require clustermesh to be enabled (via 'cilium clustermesh enable'). Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for e5d594e - Browse repository at this point
Copy the full SHA e5d594eView commit details
Commits on Mar 19, 2021
-
clustermesh: Fail external workload install generation if Cilium has …
…tunneling disabled As of now external workload installs rely on vxlan tunneling. Fail the install script generation if Cilium has tunneling disabled of not set to vxlan. In future consider testing with geneve and non-tunneled datapaths. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for b3f7f03 - Browse repository at this point
Copy the full SHA b3f7f03View commit details
Commits on Mar 20, 2021
-
clustermesh: Allow VM install script to run as root, do not assume sy…
…slog Define $SUDO as an empty string if running as root. Use 'local' docker log driver to not depend on syslog. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for baaa86e - Browse repository at this point
Copy the full SHA baaa86eView commit details
Commits on Mar 22, 2021
-
clustermesh: Fix error capitalization and typos
'make staticcheck' does not allow error messages starting with a capital letter, so do not use 'Cilium' to start an error message. Correctly spell 'DaemonSet' in error messages. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Configuration menu - View commit details
-
Copy full SHA for 98283cd - Browse repository at this point
Copy the full SHA 98283cdView commit details