Browse Source

Add strongswan utilities for ipsec

pull/719/head
Erik Wilson 5 years ago
parent
commit
999e40d6d3
  1. 1
      .dockerignore
  2. 1
      .gitignore
  3. 3
      cmd/k3s/main.go
  4. 1
      pkg/agent/config/config.go
  5. 26
      pkg/agent/flannel/setup.go
  6. 1
      pkg/daemons/config/types.go
  7. 2
      scripts/package-cli

1
.dockerignore

@ -1,4 +1,5 @@
./bin ./bin
./etc
./build/data ./build/data
./build/data.tar.gz ./build/data.tar.gz
./pkg/data/zz_generated_bindata.go ./pkg/data/zz_generated_bindata.go

1
.gitignore vendored

@ -11,6 +11,7 @@
/.lesshst /.lesshst
/*.log /*.log
/bin /bin
/etc
/build /build
/data-dir /data-dir
/dist /dist

3
cmd/k3s/main.go

@ -87,6 +87,9 @@ func stageAndRun(dataDir string, cmd string, args []string) error {
if err := os.Setenv("PATH", filepath.Join(dir, "bin")+":"+os.Getenv("PATH")+":"+filepath.Join(dir, "bin/aux")); err != nil { if err := os.Setenv("PATH", filepath.Join(dir, "bin")+":"+os.Getenv("PATH")+":"+filepath.Join(dir, "bin/aux")); err != nil {
return err return err
} }
if err := os.Setenv("K3S_DATA_DIR", dir); err != nil {
return err
}
cmd, err = exec.LookPath(cmd) cmd, err = exec.LookPath(cmd)
if err != nil { if err != nil {

1
pkg/agent/config/config.go

@ -350,6 +350,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
nodeConfig.AgentConfig.RootDir = filepath.Join(envInfo.DataDir, "kubelet") nodeConfig.AgentConfig.RootDir = filepath.Join(envInfo.DataDir, "kubelet")
nodeConfig.AgentConfig.PauseImage = envInfo.PauseImage nodeConfig.AgentConfig.PauseImage = envInfo.PauseImage
nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK
nodeConfig.AgentConfig.StrongSwanDir = filepath.Join(envInfo.DataDir, "strongswan")
nodeConfig.CACerts = info.CACerts nodeConfig.CACerts = info.CACerts
nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "etc/containerd/config.toml") nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "etc/containerd/config.toml")
nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "containerd") nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "containerd")

26
pkg/agent/flannel/setup.go

@ -3,6 +3,8 @@ package flannel
import ( import (
"context" "context"
"fmt" "fmt"
"os"
"path"
"path/filepath" "path/filepath"
"strings" "strings"
"time" "time"
@ -131,6 +133,9 @@ func createFlannelConf(nodeConfig *config.Node) error {
backendConf = vxlanBackend backendConf = vxlanBackend
case config.FlannelBackendIPSEC: case config.FlannelBackendIPSEC:
backendConf = strings.Replace(ipsecBackend, "%psk%", nodeConfig.AgentConfig.IPSECPSK, -1) backendConf = strings.Replace(ipsecBackend, "%psk%", nodeConfig.AgentConfig.IPSECPSK, -1)
if err := setupStrongSwan(nodeConfig); err != nil {
return err
}
case config.FlannelBackendWireguard: case config.FlannelBackendWireguard:
backendConf = wireguardBackend backendConf = wireguardBackend
default: default:
@ -140,3 +145,24 @@ func createFlannelConf(nodeConfig *config.Node) error {
return util.WriteFile(nodeConfig.FlannelConf, confJSON) return util.WriteFile(nodeConfig.FlannelConf, confJSON)
} }
func setupStrongSwan(nodeConfig *config.Node) error {
// if we don't know the location of extracted strongswan data then return
dataDir := os.Getenv("K3S_DATA_DIR")
if dataDir == "" {
return nil
}
dataDir = path.Join(dataDir, "etc", "strongswan")
info, err := os.Lstat(nodeConfig.AgentConfig.StrongSwanDir)
// something exists but is not a symlink, return
if err == nil && info.Mode()&os.ModeSymlink == 0 {
return nil
}
// clean up strongswan old link
os.Remove(nodeConfig.AgentConfig.StrongSwanDir)
// make new strongswan link
return os.Symlink(dataDir, nodeConfig.AgentConfig.StrongSwanDir)
}

1
pkg/daemons/config/types.go

@ -75,6 +75,7 @@ type Agent struct {
NodeTaints []string NodeTaints []string
NodeLabels []string NodeLabels []string
IPSECPSK string IPSECPSK string
StrongSwanDir string
} }
type Control struct { type Control struct {

2
scripts/package-cli

@ -22,7 +22,7 @@ rm -rf build/data
mkdir -p build/data build/out mkdir -p build/data build/out
mkdir -p dist/artifacts mkdir -p dist/artifacts
tar cvzf ./build/out/data.tar.gz --exclude ./bin/hyperkube ./bin tar cvzf ./build/out/data.tar.gz --exclude ./bin/hyperkube ./bin ./etc
HASH=$(sha256sum ./build/out/data.tar.gz | awk '{print $1}') HASH=$(sha256sum ./build/out/data.tar.gz | awk '{print $1}')
cp ./build/out/data.tar.gz ./build/data/${HASH}.tgz cp ./build/out/data.tar.gz ./build/data/${HASH}.tgz

Loading…
Cancel
Save