-
Notifications
You must be signed in to change notification settings - Fork 42
/
tools.go
117 lines (105 loc) · 3.03 KB
/
tools.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package handler
import (
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"os"
log "github.com/sirupsen/logrus"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/health/grpc_health_v1"
"github.com/wencaiwulue/kubevpn/v2/pkg/config"
"github.com/wencaiwulue/kubevpn/v2/pkg/core"
"github.com/wencaiwulue/kubevpn/v2/pkg/util"
"github.com/wencaiwulue/kubevpn/v2/pkg/webhook/rpc"
)
func Complete(ctx context.Context, route *core.Route) error {
if v, ok := os.LookupEnv(config.EnvInboundPodTunIPv4); !ok || v != "" {
return nil
}
ns := os.Getenv(config.EnvPodNamespace)
if ns == "" {
return fmt.Errorf("can not get namespace")
}
client, err := getDHCPServerClient(ctx, ns)
if err != nil {
return err
}
var resp *rpc.RentIPResponse
resp, err = client.RentIP(context.Background(), &rpc.RentIPRequest{
PodName: os.Getenv(config.EnvPodName),
PodNamespace: ns,
})
if err != nil {
return err
}
go func() {
<-ctx.Done()
err := release(context.Background(), client)
if err != nil {
log.Errorf("release ip failed: %v", err)
} else {
log.Errorf("release ip secuess")
}
}()
log.Infof("rent an ipv4: %s, ipv6: %s", resp.IPv4CIDR, resp.IPv6CIDR)
if err = os.Setenv(config.EnvInboundPodTunIPv4, resp.IPv4CIDR); err != nil {
log.Errorf("can not set ip, err: %v", err)
return err
}
if err = os.Setenv(config.EnvInboundPodTunIPv6, resp.IPv6CIDR); err != nil {
log.Errorf("can not set ip, err: %v", err)
return err
}
for i := 0; i < len(route.ServeNodes); i++ {
var node *core.Node
node, err = core.ParseNode(route.ServeNodes[i])
if err != nil {
return err
}
if node.Protocol == "tun" {
if get := node.Get("net"); get == "" {
route.ServeNodes[i] = route.ServeNodes[i] + "&net=" + resp.IPv4CIDR
}
}
}
return nil
}
func release(ctx context.Context, client rpc.DHCPClient) error {
_, err := client.ReleaseIP(ctx, &rpc.ReleaseIPRequest{
PodName: os.Getenv(config.EnvPodName),
PodNamespace: os.Getenv(config.EnvPodNamespace),
IPv4CIDR: os.Getenv(config.EnvInboundPodTunIPv4),
IPv6CIDR: os.Getenv(config.EnvInboundPodTunIPv6),
})
return err
}
func getDHCPServerClient(ctx context.Context, namespace string) (rpc.DHCPClient, error) {
cert, ok := os.LookupEnv(config.TLSCertKey)
if !ok {
return nil, fmt.Errorf("can not get %s from env", config.TLSCertKey)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(cert))
conn, err := grpc.DialContext(ctx,
fmt.Sprintf("%s:80", util.GetTlsDomain(namespace)),
grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
RootCAs: caCertPool,
})),
)
if err != nil {
return nil, err
}
healthClient := grpc_health_v1.NewHealthClient(conn)
var resp *grpc_health_v1.HealthCheckResponse
resp, err = healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
if err != nil {
return nil, err
}
if resp.Status != grpc_health_v1.HealthCheckResponse_SERVING {
return nil, fmt.Errorf("grpc service is not heath: %s", resp.Status)
}
cli := rpc.NewDHCPClient(conn)
return cli, nil
}