profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/ToothlessGear/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Marcus Farkas ToothlessGear vienna, austria

ToothlessGear/node-gcm 1291

A NodeJS wrapper library port to send data to Android devices via Google Cloud Messaging

ToothlessGear/traefik-with-consul-on-kubernetes 2

Deploy a traefik deployment with consul cluster in helm. Tested in GKE.

ToothlessGear/vscode-go 1

An extension for VS Code which provides support for the Go language.

ToothlessGear/azure-iot-sdks 0

SDKs for a variety of languages and platforms that help connect devices to Microsoft Azure IoT services

ToothlessGear/docker 0

Docker - the Linux container runtime

ToothlessGear/docker-gitlab 0

Dockerized GitLab

ToothlessGear/docker-registry-client 0

A Go API client for the v2 Docker Registry API

ToothlessGear/legoev3 0

LEGO MINDSTORMS EV3 API for .NET

ToothlessGear/lxsession 0

LXSession repo mirror of the SF.net repo, this is not the upstream canonical repo. This is just for convenience.

ToothlessGear/vscode 0

Visual Studio Code

pull request commentToothlessGear/node-gcm

Update index.js

No thanks.

gabrielferrazduque

comment created time in 2 months

PR closed ToothlessGear/node-gcm

Update index.js invalid spam
+32 -1

1 comment

1 changed file

gabrielferrazduque

pr closed time in 2 months

issue commentsquat/kilo

PersistentKeepalive in Peer CRD is not written to Wireguard config

Ah, now I got you about the second value. This looks nice! I think the array is fine here. If choosing the location directly instead of the node label, wouldn't it make the API simpler, like:

nodePersistentKeepalive:
  - value: 10
    location: behind-nat
ToothlessGear

comment created time in 2 months

issue commentsquat/kilo

PersistentKeepalive in Peer CRD is not written to Wireguard config

Sounds good! I am fine with an addtional field in the CRD.

So to summarize the scenario with an example: I have some number nodes in the same location/network behind NAT, all with private endpoints, and trying to add a ordinary peer which is publicly reachable. These nodes themselves are labeled with networktype: behind-nat for this example.

I would have to create such a CRD:

apiVersion: kilo.squat.ai/v1alpha1
kind: Peer
metadata:
  name: externalpeer
spec:
  allowedIPs:
    - 10.6.0.1/32
  endpoint:
    ip: 1.2.3.4
    port: 51820
  persistentKeepalive: 25
  persistentKeepaliveNodeSelector:
    networktype: behind-nat
  publicKey: SOMEPUBLICKEY

This results that the persistent keepalive value will be written to the resulting WireGuard config for only this peer in a full mesh configuration. If the annotation kilo.squat.ai/persistent-keepalive: "25" is set, it still should have precedence over the CRD config, I think.

Does that sound reasonable?

ToothlessGear

comment created time in 2 months

issue commentsquat/kilo

PersistentKeepalive in Peer CRD is not written to Wireguard config

I think to make your use case work, we would need to check along with your proposed changes whether or not the node has a public endpoint and only then set a persistent keepalive for the peer. I wonder what @squat thinks about it.

Yes, feedback would be appreciated if this is something worth pursuing in a PR.

ToothlessGear

comment created time in 3 months

issue commentsquat/kilo

PersistentKeepalive in Peer CRD is not written to Wireguard config

Normally, a node behind NAT should send Keepalives to all its peers, not just to a particular one.

I agree with that. However, all cluster nodes are on the same network/in the same location, where the PersistentKeepalive annotation on the node would not be needed as well. My thinking was that, if I want to connect this location to an external peer (this is a simple machine, not another Kubernetes node) which is publicly available, I can simple create the CRD and set the PersistentKeepalive value.

Maybe the behavior could be, that if the PersistentKeepalive value is set for the topology, it will override the value set by CRD. Something like this, but I am not sure about the implication in other use cases:

diff --git a/pkg/mesh/topology.go b/pkg/mesh/topology.go
index 858c900..d0ffd3f 100644
--- a/pkg/mesh/topology.go
+++ b/pkg/mesh/topology.go
@@ -227,10 +227,16 @@ func (t *Topology) Conf() *wireguard.Conf {
                c.Peers = append(c.Peers, peer)
        }
        for _, p := range t.peers {
+               var pka int
+               if t.persistentKeepalive != 0 {
+                       pka = t.persistentKeepalive
+               } else {
+                       pka = p.PersistentKeepalive
+               }
                peer := &wireguard.Peer{
                        AllowedIPs:          p.AllowedIPs,
                        Endpoint:            t.updateEndpoint(p.Endpoint, p.PublicKey, p.PersistentKeepalive),
-                       PersistentKeepalive: t.persistentKeepalive,
+                       PersistentKeepalive: pka,
                        PresharedKey:        p.PresharedKey,
                        PublicKey:           p.PublicKey,
                }
ToothlessGear

comment created time in 3 months

issue openedsquat/kilo

PersistentKeepalive in Peer CRD is not written to Wireguard config

Hi @squat,

I am running a cluster with --mesh-granularity=full (kg version: e843262064963aef2491a9fd32c82746c31b2af6) with the nodes behind NAT and trying to connect to an external peer. When I create this peer resource with a PersistentKeepalive value it does not show in the resulting Wireguard config.

apiVersion: kilo.squat.ai/v1alpha1
kind: Peer
metadata:
  name: externalpeer
spec:
  allowedIPs:
    - 10.6.0.1/32
  endpoint:
    ip: PUBLIC_IP_OMITTED
    port: 51820
  persistentKeepalive: 25
  publicKey: PUBLIC_KEY_OMITTED

In the resulting Wireguard configuration on the nodes, the set value for persistentKeepAlive is omitted:

$ sudo wg show
interface: kilo0
  public key: PUBLIC_KEY_OMITTED
  private key: (hidden)
  listening port: 51820

... other node peers ...

peer: PUBLIC_KEY_OMITTED
  endpoint: PUBLIC_ENDPOINT_OMITTED
  allowed ips: 10.6.0.1/32

Using kgctl it shows the values correctly, however:

$ kgctl --kubeconfig ~/k3s.yaml showconf peer externalpeer --as-peer
[Peer]
AllowedIPs = 10.6.0.1/32
Endpoint = PUBLIC_ENDPOINT_OMITTED
PersistentKeepalive = 25
PublicKey = PUBLIC_KEY_OMITTED

Setting it via the node annotation squat.kilo.ai/persistent-keepalive: "25" works and a connection is established, but then it is set for all peers, which I want to avoid.

It seem like in topology.Conf() it always uses the value set by the Topology struct, rather than the value of the peer.

Is this a bug, or is this intentional and I am missing something?

created time in 3 months