Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add encrypt-node status to cilium status #24399

Merged
merged 1 commit into from
Apr 4, 2023
Merged

Add encrypt-node status to cilium status #24399

merged 1 commit into from
Apr 4, 2023

Conversation

romanspb80
Copy link
Contributor

@romanspb80 romanspb80 commented Mar 15, 2023
edited by nathanjsweet

This patch adds param "NodeEncryption" to the cilium status

$ cilium status
[...]
Encryption: Wireguard [NodeEncryption: true, cilium_wg0 (Pubkey: UzRSJUmRqsxl82xvFG0joBheaiqOnM3BCgpByYjVtCE=, Port: 51871, Peers: 3)]

Fixes: #24239

cmd: Add NodeEncryption status to the cilium status command

@romanspb80 romanspb80 requested review from a team as code owners March 15, 2023 22:17
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 15, 2023
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Mar 15, 2023
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch 3 times, most recently from 075d500 to 2b33698 Compare March 17, 2023 18:29
@nathanjsweet nathanjsweet removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 17, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 17, 2023
@nathanjsweet nathanjsweet added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. and removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Mar 17, 2023
nathanjsweet
nathanjsweet requested changes Mar 17, 2023
View reviewed changes
Copy link
Member

@nathanjsweet nathanjsweet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this looks good, but some minor fixes are needed. Thanks for the submission!

cilium-health/cmd/get.go Outdated Show resolved Hide resolved
pkg/client/client.go Outdated Show resolved Hide resolved
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from 2b33698 to 1b4013c Compare March 18, 2023 11:18
@maintainer-s-little-helper
Copy link

Commit e288da6f20df73e11d49b03089998529d38c84bf does not contain "Signed-off-by".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Mar 18, 2023
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from e288da6 to 3ab4998 Compare March 18, 2023 11:24
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Mar 18, 2023
@romanspb80
Copy link
Contributor Author

Thanks Nathan
Done

nathanjsweet
nathanjsweet requested changes Mar 21, 2023
View reviewed changes
Copy link
Member

@nathanjsweet nathanjsweet left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: typos

cilium-health/cmd/get.go Outdated Show resolved Hide resolved
cilium/cmd/debuginfo.go Outdated Show resolved Hide resolved
cilium/cmd/status.go Outdated Show resolved Hide resolved
pkg/client/client.go Outdated Show resolved Hide resolved
pkg/client/client.go Outdated Show resolved Hide resolved
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from 3ab4998 to ef3d926 Compare March 21, 2023 15:12
@nathanjsweet nathanjsweet added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. and removed ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Mar 21, 2023
@nathanjsweet
Copy link
Member

nathanjsweet commented Mar 21, 2023
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed:

Click to show.

Test Name

K8sAgentPolicyTest Multi-node policy test with L7 policy using connectivity-check to check datapath

Failure Output

FAIL: cannot install connectivity-check

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.25-kernel-4.19 so I can create one.

gandro
gandro requested changes Mar 21, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. Unfortunately, this approach will not work. I recommend implementing the logic in the WireGuard status getter here:

cilium/pkg/wireguard/agent/agent.go

Line 567 in 02e61a1

func (a *Agent) Status(withPeers bool) (*models.WireguardStatus, error) {

cilium-health/cmd/get.go Outdated Show resolved Hide resolved
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from ef3d926 to 9086262 Compare March 25, 2023 22:40
@romanspb80 romanspb80 requested a review from a team as a code owner March 25, 2023 22:40
@romanspb80 romanspb80 requested a review from brb March 25, 2023 22:40
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch 2 times, most recently from a53795e to 4ce05db Compare March 25, 2023 23:06
@romanspb80 romanspb80 requested review from gandro and removed request for brb March 25, 2023 23:35
gandro
gandro reviewed Mar 27, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! This is looking much better. There are two issues with the API definition that needs to be addressed, but the high-level approach looks good to me.

api/v1/models/wireguard_interface.go Outdated Show resolved Hide resolved
gandro
gandro requested changes Mar 27, 2023
View reviewed changes
pkg/client/client.go Outdated Show resolved Hide resolved
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from 4ce05db to 6a40980 Compare March 27, 2023 22:05
@romanspb80 romanspb80 requested a review from gandro March 27, 2023 22:09
gandro
gandro requested changes Mar 28, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Looks good in terms of API, but local testing revealed that the formatting seem off now.

pkg/client/client.go Outdated Show resolved Hide resolved
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from 6a40980 to 57c7b62 Compare March 29, 2023 18:22
@romanspb80 romanspb80 requested a review from gandro March 29, 2023 18:27
gandro
gandro reviewed Mar 30, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks! One last nit, then this should be good to go.

pkg/client/client.go Outdated Show resolved Hide resolved
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from 57c7b62 to d5d5e61 Compare March 31, 2023 17:54
@romanspb80
Add encrypt-node status to cilium status
e465b57 
This patch adds param "NodeEncryption" to the cilium status

$ cilium status
[...]
Encryption:              Wireguard   [NodeEncryption: Enabled, cilium_wg0 (Pubkey: IoCvq0AB81XznieMpRyBl4XRcRxFuaN3Xhqefun5YQA=, Port: 51871, Peers: 0)]
[...]

Fixes: cilium#24239

Signed-off-by: Roman Ptitcyn <romanspb@yahoo.com>
@romanspb80 romanspb80 force-pushed the Add_encrypt-node_status_to_cilium_status branch from d5d5e61 to e465b57 Compare March 31, 2023 17:54
@romanspb80 romanspb80 requested a review from gandro March 31, 2023 17:55
gandro
gandro approved these changes Apr 3, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks a lot for tackling this!

@gandro
Copy link
Member

gandro commented Apr 3, 2023
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed:

Click to show.

Test Name

K8sDatapathBandwidthTest Checks Bandwidth Rate-Limiting Checks Pod to Pod bandwidth, vxlan tunneling

Failure Output

FAIL: Found 2 io.cilium/app=operator logs matching list of errors that must be investigated:

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.26-kernel-net-next so I can create one.

@gandro
Copy link
Member

gandro commented Apr 3, 2023
edited

@gandro
Copy link
Member

gandro commented Apr 3, 2023

Failures in required tests are unrelated (see above). Marking ready to merge.

@gandro gandro added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Apr 3, 2023
@romanspb80
Copy link
Contributor Author

Failures in required tests are unrelated (see above). Marking ready to merge.

Thanks a lot

@squeed squeed merged commit c601b50 into cilium:master Apr 4, 2023
41 of 42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@nathanjsweet nathanjsweet nathanjsweet approved these changes

Assignees
No one assigned
Labels
kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add encrypt-node status to cilium status
4 participants
@romanspb80 @nathanjsweet @gandro @squeed