mirror of https://github.com/k3s-io/k3s
Add strongswan utilities for ipsec
parent
959acf9c92
commit
999e40d6d3
|
@ -1,4 +1,5 @@
|
||||||
./bin
|
./bin
|
||||||
|
./etc
|
||||||
./build/data
|
./build/data
|
||||||
./build/data.tar.gz
|
./build/data.tar.gz
|
||||||
./pkg/data/zz_generated_bindata.go
|
./pkg/data/zz_generated_bindata.go
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
/.lesshst
|
/.lesshst
|
||||||
/*.log
|
/*.log
|
||||||
/bin
|
/bin
|
||||||
|
/etc
|
||||||
/build
|
/build
|
||||||
/data-dir
|
/data-dir
|
||||||
/dist
|
/dist
|
||||||
|
|
|
@ -87,6 +87,9 @@ func stageAndRun(dataDir string, cmd string, args []string) error {
|
||||||
if err := os.Setenv("PATH", filepath.Join(dir, "bin")+":"+os.Getenv("PATH")+":"+filepath.Join(dir, "bin/aux")); err != nil {
|
if err := os.Setenv("PATH", filepath.Join(dir, "bin")+":"+os.Getenv("PATH")+":"+filepath.Join(dir, "bin/aux")); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := os.Setenv("K3S_DATA_DIR", dir); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
cmd, err = exec.LookPath(cmd)
|
cmd, err = exec.LookPath(cmd)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -350,6 +350,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
|
||||||
nodeConfig.AgentConfig.RootDir = filepath.Join(envInfo.DataDir, "kubelet")
|
nodeConfig.AgentConfig.RootDir = filepath.Join(envInfo.DataDir, "kubelet")
|
||||||
nodeConfig.AgentConfig.PauseImage = envInfo.PauseImage
|
nodeConfig.AgentConfig.PauseImage = envInfo.PauseImage
|
||||||
nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK
|
nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK
|
||||||
|
nodeConfig.AgentConfig.StrongSwanDir = filepath.Join(envInfo.DataDir, "strongswan")
|
||||||
nodeConfig.CACerts = info.CACerts
|
nodeConfig.CACerts = info.CACerts
|
||||||
nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "etc/containerd/config.toml")
|
nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "etc/containerd/config.toml")
|
||||||
nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "containerd")
|
nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "containerd")
|
||||||
|
|
|
@ -3,6 +3,8 @@ package flannel
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
@ -131,6 +133,9 @@ func createFlannelConf(nodeConfig *config.Node) error {
|
||||||
backendConf = vxlanBackend
|
backendConf = vxlanBackend
|
||||||
case config.FlannelBackendIPSEC:
|
case config.FlannelBackendIPSEC:
|
||||||
backendConf = strings.Replace(ipsecBackend, "%psk%", nodeConfig.AgentConfig.IPSECPSK, -1)
|
backendConf = strings.Replace(ipsecBackend, "%psk%", nodeConfig.AgentConfig.IPSECPSK, -1)
|
||||||
|
if err := setupStrongSwan(nodeConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
case config.FlannelBackendWireguard:
|
case config.FlannelBackendWireguard:
|
||||||
backendConf = wireguardBackend
|
backendConf = wireguardBackend
|
||||||
default:
|
default:
|
||||||
|
@ -140,3 +145,24 @@ func createFlannelConf(nodeConfig *config.Node) error {
|
||||||
|
|
||||||
return util.WriteFile(nodeConfig.FlannelConf, confJSON)
|
return util.WriteFile(nodeConfig.FlannelConf, confJSON)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func setupStrongSwan(nodeConfig *config.Node) error {
|
||||||
|
// if we don't know the location of extracted strongswan data then return
|
||||||
|
dataDir := os.Getenv("K3S_DATA_DIR")
|
||||||
|
if dataDir == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
dataDir = path.Join(dataDir, "etc", "strongswan")
|
||||||
|
|
||||||
|
info, err := os.Lstat(nodeConfig.AgentConfig.StrongSwanDir)
|
||||||
|
// something exists but is not a symlink, return
|
||||||
|
if err == nil && info.Mode()&os.ModeSymlink == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// clean up strongswan old link
|
||||||
|
os.Remove(nodeConfig.AgentConfig.StrongSwanDir)
|
||||||
|
|
||||||
|
// make new strongswan link
|
||||||
|
return os.Symlink(dataDir, nodeConfig.AgentConfig.StrongSwanDir)
|
||||||
|
}
|
||||||
|
|
|
@ -75,6 +75,7 @@ type Agent struct {
|
||||||
NodeTaints []string
|
NodeTaints []string
|
||||||
NodeLabels []string
|
NodeLabels []string
|
||||||
IPSECPSK string
|
IPSECPSK string
|
||||||
|
StrongSwanDir string
|
||||||
}
|
}
|
||||||
|
|
||||||
type Control struct {
|
type Control struct {
|
||||||
|
|
|
@ -22,7 +22,7 @@ rm -rf build/data
|
||||||
mkdir -p build/data build/out
|
mkdir -p build/data build/out
|
||||||
mkdir -p dist/artifacts
|
mkdir -p dist/artifacts
|
||||||
|
|
||||||
tar cvzf ./build/out/data.tar.gz --exclude ./bin/hyperkube ./bin
|
tar cvzf ./build/out/data.tar.gz --exclude ./bin/hyperkube ./bin ./etc
|
||||||
HASH=$(sha256sum ./build/out/data.tar.gz | awk '{print $1}')
|
HASH=$(sha256sum ./build/out/data.tar.gz | awk '{print $1}')
|
||||||
|
|
||||||
cp ./build/out/data.tar.gz ./build/data/${HASH}.tgz
|
cp ./build/out/data.tar.gz ./build/data/${HASH}.tgz
|
||||||
|
|
Loading…
Reference in New Issue