VM support fixes #123
Merged
VM support fixes #123
Commits on Mar 18, 2021
-
clustermesh: Relax cluster validation on Enable
Allow enabling clustermesh with default cluster name and ID (zero) to allow external workloads to be used without explicitly setting cluster ID and/or name. Validate both local and remote cluster config fully when connecting to remote cluster instead. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
-
clustermesh: Add support for ClusterIP
Add support for extracting service's ClusterIP and port rather than erroring out. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
-
clustermesh: Error out if service type is not specified or LoadBalanc…
…er type can not be used Error out if service type is not explicitly set or can not be auto-detected as LoadBalancer type. Warn if service type is set to HostPort. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
-
clustermesh: Set CNs to etcd user account names
Client certificate's Common Name is used as etcd user account name once TLS based user auth (--client-cert-auth) is enabled. Use the user account names as CNs as follows: - Admin cert: root - Client cert: remote Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
-
clustermesh: Add support for external-workload cert
Add a new cert to be used by External Workloads. Common Name is set to the etcd user account name that has write access to the registation key (externalworkload). Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
-
install: Auto-detect datapath mode for Kind
Auto-detect tunnel mode for Kind and disable kube-proxy replacement to be able to access NodePort services. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
-
clustermesh: Fix status when clustermesh is not available
This makes 'cilium clustermesh status' succeed with a warning message instead of failing when Cluster ID and/or Cluster Name has not been set when Cilium was installed. In that case warn like this: ✅ Service "clustermesh-apiserver" of type "NodePort" found
⚠️ Cluster not configured for clustermesh, use '--cluster-id' and '--cluster-name' with 'cilium install'. External workloads may still be configured. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> -
clustermesh: Add subcommand 'external-workload' (alias 'vm')
Add 'external-workload' (alias 'vm') subcommands to 'clustermesh': 'cilium clustermesh external-workload status' - Show the status of external workloads 'cilium clustermesh external-workload create <name...>' - Create new Cilium External Workload resource to allow a VM to join A new CEW resource with name <name> is created with a "default" namespace label. Options: '--namespace string' (alias '-n') Specify other than "default" as the namespace label '--labels' Pass a comma separated list of other labels for the identity of the external workload '--ipv4-alloc-cidr string' IPv4 allocation CIDR to be used instead the default picked by the VM (e.g., 10.15.0.0/30) '--ipv6-alloc-cidr string' IPv6 allocation CIDR to be used instead the default picked by the VM (e.g., f00d::a0f:0:0:0/126) 'cilium clustermesh external-workload delete <name...>' - Delete Cilium External Workload resources The named CEW resources will be deleted. External Workloads that have already registered may continue to communicate with the cluster, but may not rergister again. Options: '--all' Delete all CEW resources if none are named on the command line. 'cilium clustermesh external-workload install <file>' - Create an installation script to be used in external workloads to install or uninstall Cilium Write an installation script to the named file. Note that the script inlines the TLS credentials for external workload registration as well as the access details to the your k8s cluster. The file needs to be copied to the external workload (such as a VM) and executed there to install Cilium as a Docker container and connect to your k8s cluster. 'uninstall' parameter to the script will cause the script to uninstall Cilium from the external workload. All these commands require clustermesh to be enabled (via 'cilium clustermesh enable'). Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Commits on Mar 19, 2021
-
clustermesh: Fail external workload install generation if Cilium has …
…tunneling disabled As of now external workload installs rely on vxlan tunneling. Fail the install script generation if Cilium has tunneling disabled of not set to vxlan. In future consider testing with geneve and non-tunneled datapaths. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Commits on Mar 20, 2021
-
clustermesh: Allow VM install script to run as root, do not assume sy…
…slog Define $SUDO as an empty string if running as root. Use 'local' docker log driver to not depend on syslog. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Commits on Mar 22, 2021
-
clustermesh: Fix error capitalization and typos
'make staticcheck' does not allow error messages starting with a capital letter, so do not use 'Cilium' to start an error message. Correctly spell 'DaemonSet' in error messages. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.