Skip to content

Commit

Permalink
Merge pull request #101 from interTwin-eu/main
Browse files Browse the repository at this point in the history 
rebase v0.0.2 for patch
  • Loading branch information
@dciangot
dciangot authored Sep 21, 2023
2 parents 68f66f4 + f191e78 commit b2a6311
Show file tree
Hide file tree
Showing 3,503 changed files with 626,464 additions and 142,581 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
4 changes: 2 additions & 2 deletions .github/workflows/build_images.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down Expand Up @@ -51,7 +51,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ token
secret.yaml
configmap.yaml
kubeconfig.yaml
kubeconfigVEGA.yaml
serviceaccount.yaml
.knoc
.tmp
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ Upon the receiving of a call, InterLink usually forwards that call to the sideca
A very simple call which allow the VK to understand if the InterLink API is online and ready to get a Service Account. The only thing done here is answering the caller with a 200 code.

- SetKubeConfig call:
This is the call sent by the Virtual Kubelet after te VK has received a GetCFG call; VK performs some operations in its local machine, in order to retrieve a ServiceAccount. After receiving the configuration over the HTTP request body, it is stored inside /tmp/.kube/config and then the environment variable KUBECONFIG is set to that path, to allow InterLink to access the right Kubernetes cluster. From now, InterLink will look at the same K8S cluster used by the Virtual Kubelet. If any error(s) occur, InterLink panics (since it cannot operate without a working kubeconfig) and the error is forwarded to the VK.
This is the call sent by the Virtual Kubelet after te VK has received a GetCFG call; VK performs some operations in its local machine, in order to retrieve a ServiceAccount. After receiving the configuration over the HTTP request body, it is stored inside DataRootFolder/.kube/config and then the environment variable KUBECONFIG is set to that path, to allow InterLink to access the right Kubernetes cluster. From now, InterLink will look at the same K8S cluster used by the Virtual Kubelet. If any error(s) occur, InterLink panics (since it cannot operate without a working kubeconfig) and the error is forwarded to the VK.

- Create call:
That's the most complex call, for the moment. Everytime a Pod is registered to the Kubernetes cluster, the VK sends a Create Call to InterLink. In this phase, InterLink can retrieve all ConfigMaps, Secrets and EmpyDirs data (if the ExportPodData is set to true in the InterLinkConfig.yaml file); retrieving data means scanning every Container in every single submitted Pod, looking for Secrets, ConfigMaps and, eventually, EmptyDirs. Once they have been found, the cluster is again queried, using those names, to retrieve their values. All of these values are then assembled together is a single struct of type RetrievedPodData; this struct contains the standard v1.Pod (defined by Kubernetes go-client standard library) and an array of custom sub-struct containing a Container name and every Secret/ConfigMap/EmptyDir related to that specific Container. The parent struct is then marshalled into a JSON and sent over the HTTP request body to the Sidecar.
Expand Down
78 changes: 78 additions & 0 deletions cert-retriever.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
package main

import (
"crypto/ed25519"
cryptorand "crypto/rand"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"math/rand"
"net"
"time"
)

type crtretriever func(*tls.ClientHelloInfo) (*tls.Certificate, error)

// newSelfSignedCertificateRetriever creates a new retriever for self-signed certificates.
func newSelfSignedCertificateRetriever(nodeName string, nodeIP net.IP) crtretriever {
creator := func() (*tls.Certificate, time.Time, error) {
expiration := time.Now().AddDate(1, 0, 0) // 1 year

// Generate a new private key.
publicKey, privateKey, err := ed25519.GenerateKey(cryptorand.Reader)
if err != nil {
return nil, expiration, fmt.Errorf("failed to generate a key pair: %w", err)
}

keyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
if err != nil {
return nil, expiration, fmt.Errorf("failed to marshal the private key: %w", err)
}

// Generate the corresponding certificate.
cert := &x509.Certificate{
Subject: pkix.Name{
CommonName: fmt.Sprintf("system:node:%s", nodeName),
Organization: []string{"intertwin.eu"},
},
IPAddresses: []net.IP{nodeIP},
SerialNumber: big.NewInt(rand.Int63()), //nolint:gosec // A weak random generator is sufficient.
NotBefore: time.Now(),
NotAfter: expiration,
KeyUsage: x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
}

certBytes, err := x509.CreateCertificate(cryptorand.Reader, cert, cert, publicKey, privateKey)
if err != nil {
return nil, expiration, fmt.Errorf("failed to create the self-signed certificate: %w", err)
}

// Encode the resulting certificate and private key as a single object.
output, err := tls.X509KeyPair(
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certBytes}),
pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: keyBytes}))
if err != nil {
return nil, expiration, fmt.Errorf("failed to create the X509 key pair: %w", err)
}

return &output, expiration, nil
}

// Cache the last generated cert, until it is not expired.
var cert *tls.Certificate
var expiration time.Time
return func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
if cert == nil || expiration.Before(time.Now().AddDate(0, 0, 1)) {
var err error
cert, expiration, err = creator()
if err != nil {
return nil, err
}
}
return cert, nil
}
}
1 change: 1 addition & 0 deletions cmd/interlink/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ func main() {
mutex.HandleFunc("/delete", interlink.DeleteHandler)
mutex.HandleFunc("/setKubeCFG", interlink.SetKubeCFGHandler)
mutex.HandleFunc("/ping", interlink.Ping)
mutex.HandleFunc("/getLogs", interlink.GetLogsHandler)
err := http.ListenAndServe(":"+commonIL.InterLinkConfigInst.Interlinkport, mutex)
if err != nil {
log.G(interlink.Ctx).Fatal(err)
Expand Down
1 change: 1 addition & 0 deletions cmd/sidecars/docker/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func main() {
mutex.HandleFunc("/status", docker.StatusHandler)
mutex.HandleFunc("/create", docker.CreateHandler)
mutex.HandleFunc("/delete", docker.DeleteHandler)
mutex.HandleFunc("/getLogs", docker.GetLogsHandler)
err := http.ListenAndServe(":"+commonIL.InterLinkConfigInst.Sidecarport, mutex)

if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion examples/busyecho_k8s.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
restartPolicy: OnFailure
containers:
#- image: /cvmfs/unpacked.cern.ch/registry.hub.docker.com/cmssw/el8:x86_64
- image: busybox
- image: docker://busybox:latest
volumeMounts:
- name: foo
mountPath: "/etc/foo"
Expand Down
137 changes: 57 additions & 80 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,92 +3,69 @@ module github.com/intertwin-eu/interlink
go 1.20

require (
github.com/alexellis/go-execute v0.5.0
github.com/containerd/containerd v1.0.2
github.com/sirupsen/logrus v1.4.2
github.com/virtual-kubelet/virtual-kubelet v1.2.0
gopkg.in/yaml.v2 v2.2.2
k8s.io/api v0.0.0
k8s.io/apimachinery v0.0.0
k8s.io/client-go v11.0.0+incompatible
k8s.io/kubernetes v1.15.2
github.com/alexellis/go-execute v0.6.0
github.com/containerd/containerd v1.7.6
github.com/sirupsen/logrus v1.9.3
github.com/virtual-kubelet/virtual-kubelet v1.10.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.28.2
k8s.io/apimachinery v0.28.2
k8s.io/client-go v0.28.2
)

require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/spdystream v0.0.0-20170912183627-bc6354cbbc29 // indirect
github.com/gogo/protobuf v1.2.1 // indirect
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
github.com/golang/protobuf v1.3.1 // indirect
github.com/google/go-cmp v0.5.2 // indirect
github.com/google/gofuzz v1.0.0 // indirect
github.com/googleapis/gnostic v0.1.0 // indirect
github.com/gorilla/mux v1.7.0 // indirect
github.com/hashicorp/golang-lru v0.5.1 // indirect
github.com/imdario/mergo v0.3.7 // indirect
github.com/json-iterator/go v1.1.6 // indirect
github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/moby/spdystream v0.2.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.1 // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/spf13/pflag v1.0.3 // indirect
github.com/stretchr/testify v1.6.1 // indirect
go.opencensus.io v0.21.0 // indirect
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad // indirect
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d // indirect
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a // indirect
golang.org/x/sys v0.0.0-20210927052749-1cf2251ac284 // indirect
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
golang.org/x/text v0.3.6 // indirect
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/appengine v1.5.0 // indirect
google.golang.org/grpc v1.23.1 // indirect
github.com/prometheus/client_golang v1.16.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.11.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/net v0.15.0 // indirect
golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.12.0 // indirect
golang.org/x/term v0.12.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/grpc v1.58.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiserver v0.0.0 // indirect
k8s.io/klog v0.3.3 // indirect
k8s.io/kube-openapi v0.0.0-20190510232812-a01b7d5d6c22 // indirect
k8s.io/utils v0.0.0-20190607212802-c55fbcfc754a // indirect
sigs.k8s.io/yaml v1.1.0 // indirect
k8s.io/apiserver v0.28.2 // indirect
k8s.io/component-base v0.28.2 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.0.0-20190805144654-3d5bf3a310c1

replace k8s.io/cloud-provider => k8s.io/cloud-provider v0.0.0-20190805144409-8484242760e7

replace k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20190805143448-a07e59fb081d

replace k8s.io/apiserver => k8s.io/apiserver v0.0.0-20190805142138-368b2058237c

replace k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.0.0-20190805144531-3985229e1802

replace k8s.io/cri-api => k8s.io/cri-api v0.0.0-20190531030430-6117653b35f1

replace k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.0.0-20190805142416-fd821fbbb94e

replace k8s.io/kubelet => k8s.io/kubelet v0.0.0-20190805143852-517ff267f8d1

replace k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.0.0-20190805144128-269742da31dd

replace k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719

replace k8s.io/api => k8s.io/api v0.0.0-20190805141119-fdd30b57c827

replace k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.0.0-20190805144246-c01ee70854a1

replace k8s.io/kube-proxy => k8s.io/kube-proxy v0.0.0-20190805143734-7f1675b90353

replace k8s.io/component-base => k8s.io/component-base v0.0.0-20190805141645-3a5e5ac800ae

replace k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.0.0-20190805144012-2a1ed1f3d8a4

replace k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20190805143126-cdb999c96590

replace k8s.io/metrics => k8s.io/metrics v0.0.0-20190805143318-16b07057415d

replace k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.0.0-20190805142637-3b65bc4bb24f

replace k8s.io/code-generator => k8s.io/code-generator v0.0.0-20190612205613-18da4a14b22b

replace k8s.io/client-go => k8s.io/client-go v0.0.0-20190805141520-2fe0317bcee0
Loading

0 comments on commit b2a6311

Please sign in to comment.