feat: add KubeSpan extra endpoint configuration

Fixes #9174

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov 2024-09-05 19:48:25 +04:00
parent 3038ccfa88
commit dd4185b144
No known key found for this signature in database
GPG Key ID: FE042E3D4085A811
26 changed files with 632 additions and 108 deletions

View File

@ -19,6 +19,7 @@ message ConfigSpec {
uint32 mtu = 6;
repeated string endpoint_filters = 7;
bool harvest_extra_endpoints = 8;
repeated common.NetIPPort extra_endpoints = 9;
}
// EndpointSpec describes Endpoint state.

View File

@ -229,6 +229,12 @@ Talos Linux installer now never wipes the system disk on upgrades, which means t
title = "Disk Management"
description = """\
Talos Linux now supports [configuration](https://www.talos.dev/v1.8/talos-guides/configuration/disk-management/#machine-configuration) for the `EPHEMERAL` volume.
"""
[notes.kubespan]
title = "KubeSpan"
description = """\
Extra announced endpoints can be added using the [`KubespanEndpointsConfig` document](https://www.talos.dev/v1.8/talos-guides/network/kubespan/#configuration).
"""
[make_deps]

View File

@ -288,6 +288,13 @@ func (ctrl *LocalAffiliateController) Run(ctx context.Context, r controller.Runt
spec.KubeSpan.Endpoints = xslices.Map(endpointIPs, func(addr netip.Addr) netip.AddrPort {
return netip.AddrPortFrom(addr, constants.KubeSpanDefaultPort)
})
// add extra announced endpoints, deduplicating on the way
for _, addr := range kubespanConfig.TypedSpec().ExtraEndpoints {
if !slices.Contains(spec.KubeSpan.Endpoints, addr) {
spec.KubeSpan.Endpoints = append(spec.KubeSpan.Endpoints, addr)
}
}
}
return nil

View File

@ -70,6 +70,7 @@ func (suite *LocalAffiliateSuite) TestGeneration() {
ksConfig := kubespan.NewConfig(config.NamespaceName, kubespan.ConfigID)
ksConfig.TypedSpec().EndpointFilters = []string{"0.0.0.0/0", "!192.168.0.0/16", "2001::/16"}
ksConfig.TypedSpec().AdvertiseKubernetesNetworks = true
ksConfig.TypedSpec().ExtraEndpoints = []netip.AddrPort{netip.MustParseAddrPort("10.5.0.1:51820"), netip.MustParseAddrPort("1.2.3.4:5678")}
suite.Require().NoError(suite.state.Create(suite.ctx, ksConfig))
// add KS address to the list of node addresses, it should be ignored in the endpoints
@ -109,7 +110,6 @@ func (suite *LocalAffiliateSuite) TestGeneration() {
asrt.NotZero(spec.KubeSpan.PublicKey)
asrt.NotZero(spec.KubeSpan.AdditionalAddresses)
asrt.Len(spec.KubeSpan.Endpoints, 4)
asrt.Equal(ksIdentity.TypedSpec().Address.Addr(), spec.KubeSpan.Address)
asrt.Equal(ksIdentity.TypedSpec().PublicKey, spec.KubeSpan.PublicKey)
@ -120,6 +120,7 @@ func (suite *LocalAffiliateSuite) TestGeneration() {
"10.5.0.1:51820",
"1.1.1.1:51820",
"[2001:123:4567::1]:51820",
"1.2.3.4:5678",
},
xslices.Map(spec.KubeSpan.Endpoints, netip.AddrPort.String),
)

View File

@ -51,6 +51,7 @@ func NewConfigController() *ConfigController {
res.TypedSpec().HarvestExtraEndpoints = c.Machine().Network().KubeSpan().HarvestExtraEndpoints()
res.TypedSpec().MTU = c.Machine().Network().KubeSpan().MTU()
res.TypedSpec().EndpointFilters = c.Machine().Network().KubeSpan().Filters().Endpoints()
res.TypedSpec().ExtraEndpoints = c.KubespanConfig().ExtraAnnouncedEndpoints()
}
return nil

View File

@ -4,6 +4,8 @@
package kubespan_test
import (
"fmt"
"net/netip"
"testing"
"time"
@ -14,6 +16,7 @@ import (
kubespanctrl "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/kubespan"
"github.com/siderolabs/talos/pkg/machinery/config/container"
"github.com/siderolabs/talos/pkg/machinery/config/types/network"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/kubespan"
@ -28,8 +31,7 @@ func (suite *ConfigSuite) TestReconcileConfig() {
suite.startRuntime()
cfg := config.NewMachineConfig(
container.NewV1Alpha1(
ctr, err := container.New(
&v1alpha1.Config{
ConfigVersion: "v1alpha1",
MachineConfig: &v1alpha1.MachineConfig{
@ -43,7 +45,16 @@ func (suite *ConfigSuite) TestReconcileConfig() {
ClusterID: "8XuV9TZHW08DOk3bVxQjH9ih_TBKjnh-j44tsCLSBzo=",
ClusterSecret: "I+1In7fLnpcRIjUmEoeugZnSyFoTF6MztLxICL5Yu0s=",
},
}))
},
&network.KubespanEndpointsConfigV1Alpha1{
ExtraAnnouncedEndpointsConfig: []netip.AddrPort{
netip.MustParseAddrPort("192.168.33.11:1001"),
},
},
)
suite.Require().NoError(err)
cfg := config.NewMachineConfig(ctr)
suite.Require().NoError(suite.state.Create(suite.ctx, cfg))
@ -61,6 +72,7 @@ func (suite *ConfigSuite) TestReconcileConfig() {
suite.Assert().True(spec.ForceRouting)
suite.Assert().False(spec.AdvertiseKubernetesNetworks)
suite.Assert().False(spec.HarvestExtraEndpoints)
suite.Assert().Equal("[\"192.168.33.11:1001\"]", fmt.Sprintf("%q", spec.ExtraEndpoints))
return nil
},

View File

@ -9,6 +9,7 @@ package api
import (
"context"
"fmt"
"math/rand/v2"
"net/netip"
"strings"
"time"
@ -23,6 +24,7 @@ import (
"github.com/siderolabs/talos/internal/integration/base"
"github.com/siderolabs/talos/pkg/machinery/client"
"github.com/siderolabs/talos/pkg/machinery/config/types/network"
"github.com/siderolabs/talos/pkg/machinery/resources/cluster"
"github.com/siderolabs/talos/pkg/machinery/resources/kubespan"
)
@ -277,6 +279,59 @@ func (suite *DiscoverySuite) TestKubeSpanPeers() {
}
}
// TestKubeSpanExtraEndpoints verifies that KubeSpan peer specs are updated with extra endpoints.
func (suite *DiscoverySuite) TestKubeSpanExtraEndpoints() {
if !suite.Capabilities().RunsTalosKernel {
suite.T().Skip("not running Talos kernel")
}
// check that cluster has KubeSpan enabled
node := suite.RandomDiscoveredNodeInternalIP()
suite.ClearConnectionRefused(suite.ctx, node)
nodeCtx := client.WithNode(suite.ctx, node)
provider, err := suite.ReadConfigFromNode(nodeCtx)
suite.Require().NoError(err)
if !provider.Machine().Network().KubeSpan().Enabled() {
suite.T().Skip("KubeSpan is disabled")
}
nodes := suite.DiscoverNodeInternalIPs(suite.ctx)
if len(nodes) < 2 {
suite.T().Skip("need at least two nodes for this test")
}
perm := rand.Perm(len(nodes))
checkNode := nodes[perm[0]]
targetNode := nodes[perm[1]]
mockEndpoint := netip.MustParseAddrPort("169.254.121.121:5820")
// inject extra endpoint to target node
cfgDocument := network.NewKubespanEndpointsV1Alpha1()
cfgDocument.ExtraAnnouncedEndpointsConfig = []netip.AddrPort{mockEndpoint}
suite.T().Logf("injecting extra endpoint %s to node %s", mockEndpoint, targetNode)
suite.PatchMachineConfig(client.WithNode(suite.ctx, targetNode), cfgDocument)
targetIdentity, err := safe.ReaderGetByID[*kubespan.Identity](client.WithNode(suite.ctx, targetNode), suite.Client.COSI, kubespan.LocalIdentity)
suite.Require().NoError(err)
suite.T().Logf("checking extra endpoint %s on node %s", mockEndpoint, checkNode)
rtestutils.AssertResources(client.WithNode(suite.ctx, checkNode), suite.T(), suite.Client.COSI, []string{targetIdentity.TypedSpec().PublicKey},
func(peer *kubespan.PeerSpec, asrt *assert.Assertions) {
asrt.Contains(peer.TypedSpec().Endpoints, mockEndpoint)
},
)
// the extra endpoints disappears with a timeout from the discovery service, so can't assert on that
suite.T().Logf("removin extra endpoint %s from node %s", mockEndpoint, targetNode)
suite.RemoveMachineConfigDocuments(client.WithNode(suite.ctx, targetNode), cfgDocument.MetaKind)
}
func (suite *DiscoverySuite) getMembers(nodeCtx context.Context) []*cluster.Member {
var result []*cluster.Member

View File

@ -39,6 +39,7 @@ type ConfigSpec struct {
Mtu uint32 `protobuf:"varint,6,opt,name=mtu,proto3" json:"mtu,omitempty"`
EndpointFilters []string `protobuf:"bytes,7,rep,name=endpoint_filters,json=endpointFilters,proto3" json:"endpoint_filters,omitempty"`
HarvestExtraEndpoints bool `protobuf:"varint,8,opt,name=harvest_extra_endpoints,json=harvestExtraEndpoints,proto3" json:"harvest_extra_endpoints,omitempty"`
ExtraEndpoints []*common.NetIPPort `protobuf:"bytes,9,rep,name=extra_endpoints,json=extraEndpoints,proto3" json:"extra_endpoints,omitempty"`
}
func (x *ConfigSpec) Reset() {
@ -129,6 +130,13 @@ func (x *ConfigSpec) GetHarvestExtraEndpoints() bool {
return false
}
func (x *ConfigSpec) GetExtraEndpoints() []*common.NetIPPort {
if x != nil {
return x.ExtraEndpoints
}
return nil
}
// EndpointSpec describes Endpoint state.
type EndpointSpec struct {
state protoimpl.MessageState
@ -450,7 +458,7 @@ var file_resource_definitions_kubespan_kubespan_proto_rawDesc = []byte{
0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x22, 0xc8, 0x02, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63,
0x6f, 0x22, 0x84, 0x03, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63,
0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x6c,
0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
@ -470,72 +478,76 @@ var file_resource_definitions_kubespan_kubespan_proto_rawDesc = []byte{
0x74, 0x65, 0x72, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x68, 0x61, 0x72, 0x76, 0x65, 0x73, 0x74, 0x5f,
0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18,
0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x68, 0x61, 0x72, 0x76, 0x65, 0x73, 0x74, 0x45, 0x78,
0x74, 0x72, 0x61, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0x60, 0x0a, 0x0c,
0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x21, 0x0a, 0x0c,
0x61, 0x66, 0x66, 0x69, 0x6c, 0x69, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
0x28, 0x09, 0x52, 0x0b, 0x61, 0x66, 0x66, 0x69, 0x6c, 0x69, 0x61, 0x74, 0x65, 0x49, 0x64, 0x12,
0x2d, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28,
0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50,
0x50, 0x6f, 0x72, 0x74, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0xaa,
0x01, 0x0a, 0x0c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x53, 0x70, 0x65, 0x63, 0x12,
0x2d, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x13, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50,
0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2b,
0x0a, 0x06, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x72, 0x65,
0x66, 0x69, 0x78, 0x52, 0x06, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x70,
0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a,
0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0xb4, 0x01, 0x0a, 0x0c,
0x50, 0x65, 0x65, 0x72, 0x53, 0x70, 0x65, 0x63, 0x53, 0x70, 0x65, 0x63, 0x12, 0x27, 0x0a, 0x07,
0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e,
0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x52, 0x07, 0x61, 0x64,
0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x34, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64,
0x5f, 0x69, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x6d,
0x74, 0x72, 0x61, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x0f,
0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18,
0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e,
0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x72, 0x61, 0x45,
0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0x60, 0x0a, 0x0c, 0x45, 0x6e, 0x64, 0x70,
0x6f, 0x69, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x66, 0x66, 0x69,
0x6c, 0x69, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
0x61, 0x66, 0x66, 0x69, 0x6c, 0x69, 0x61, 0x74, 0x65, 0x49, 0x64, 0x12, 0x2d, 0x0a, 0x08, 0x65,
0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e,
0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74,
0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0xaa, 0x01, 0x0a, 0x0c, 0x49,
0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x53, 0x70, 0x65, 0x63, 0x12, 0x2d, 0x0a, 0x07, 0x61,
0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63,
0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x72, 0x65, 0x66, 0x69,
0x78, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2b, 0x0a, 0x06, 0x73, 0x75,
0x62, 0x6e, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x6d,
0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52,
0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x49, 0x70, 0x73, 0x12, 0x2f, 0x0a, 0x09, 0x65,
0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11,
0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72,
0x74, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x14, 0x0a, 0x05,
0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62,
0x65, 0x6c, 0x22, 0xc7, 0x03, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75,
0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x2d, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70,
0x6f, 0x69, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x02, 0x20,
0x01, 0x28, 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x49, 0x0a, 0x05, 0x73, 0x74,
0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x4b, 0x75, 0x62,
0x65, 0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05,
0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65,
0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x72, 0x65,
0x63, 0x65, 0x69, 0x76, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x72,
0x61, 0x6e, 0x73, 0x6d, 0x69, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01,
0x28, 0x03, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x6d, 0x69, 0x74, 0x42, 0x79, 0x74, 0x65,
0x73, 0x12, 0x4a, 0x0a, 0x13, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68,
0x61, 0x6b, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x11, 0x6c, 0x61, 0x73, 0x74,
0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x3f, 0x0a,
0x12, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f,
0x69, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x10, 0x6c, 0x61,
0x73, 0x74, 0x55, 0x73, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x4c,
0x0a, 0x14, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f,
0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x6e,
0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x7a, 0x0a, 0x2b,
0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65,
0x06, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61,
0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72,
0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c,
0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x75,
0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0xb4, 0x01, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72,
0x53, 0x70, 0x65, 0x63, 0x53, 0x70, 0x65, 0x63, 0x12, 0x27, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72,
0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
0x73, 0x12, 0x34, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69, 0x70, 0x73,
0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e,
0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x0a, 0x61, 0x6c, 0x6c,
0x6f, 0x77, 0x65, 0x64, 0x49, 0x70, 0x73, 0x12, 0x2f, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f,
0x69, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d,
0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x09, 0x65,
0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65,
0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x22, 0xc7,
0x03, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65,
0x63, 0x12, 0x2d, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x01, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x65, 0x74,
0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x49, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18,
0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65,
0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f,
0x6e, 0x73, 0x2e, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x70, 0x61, 0x6e, 0x5a, 0x4b, 0x67, 0x69, 0x74,
0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61,
0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63,
0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
0x6b, 0x75, 0x62, 0x65, 0x73, 0x70, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x4b, 0x75, 0x62, 0x65, 0x73, 0x70, 0x61,
0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74,
0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x5f, 0x62, 0x79, 0x74,
0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76,
0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x6d,
0x69, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d,
0x74, 0x72, 0x61, 0x6e, 0x73, 0x6d, 0x69, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x4a, 0x0a,
0x13, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x5f,
0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d,
0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x11, 0x6c, 0x61, 0x73, 0x74, 0x48, 0x61, 0x6e, 0x64,
0x73, 0x68, 0x61, 0x6b, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x12, 0x6c, 0x61, 0x73,
0x74, 0x5f, 0x75, 0x73, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18,
0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e,
0x65, 0x74, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x10, 0x6c, 0x61, 0x73, 0x74, 0x55, 0x73,
0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x4c, 0x0a, 0x14, 0x6c, 0x61,
0x73, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x6e,
0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73,
0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
0x6e, 0x74, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x7a, 0x0a, 0x2b, 0x64, 0x65, 0x76, 0x2e,
0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x6b,
0x75, 0x62, 0x65, 0x73, 0x70, 0x61, 0x6e, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74,
0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65,
0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f,
0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x6b, 0x75, 0x62, 0x65,
0x73, 0x70, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@ -564,22 +576,23 @@ var file_resource_definitions_kubespan_kubespan_proto_goTypes = []any{
(*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp
}
var file_resource_definitions_kubespan_kubespan_proto_depIdxs = []int32{
5, // 0: talos.resource.definitions.kubespan.EndpointSpec.endpoint:type_name -> common.NetIPPort
6, // 1: talos.resource.definitions.kubespan.IdentitySpec.address:type_name -> common.NetIPPrefix
6, // 2: talos.resource.definitions.kubespan.IdentitySpec.subnet:type_name -> common.NetIPPrefix
7, // 3: talos.resource.definitions.kubespan.PeerSpecSpec.address:type_name -> common.NetIP
6, // 4: talos.resource.definitions.kubespan.PeerSpecSpec.allowed_ips:type_name -> common.NetIPPrefix
5, // 5: talos.resource.definitions.kubespan.PeerSpecSpec.endpoints:type_name -> common.NetIPPort
5, // 6: talos.resource.definitions.kubespan.PeerStatusSpec.endpoint:type_name -> common.NetIPPort
8, // 7: talos.resource.definitions.kubespan.PeerStatusSpec.state:type_name -> talos.resource.definitions.enums.KubespanPeerState
9, // 8: talos.resource.definitions.kubespan.PeerStatusSpec.last_handshake_time:type_name -> google.protobuf.Timestamp
5, // 9: talos.resource.definitions.kubespan.PeerStatusSpec.last_used_endpoint:type_name -> common.NetIPPort
9, // 10: talos.resource.definitions.kubespan.PeerStatusSpec.last_endpoint_change:type_name -> google.protobuf.Timestamp
11, // [11:11] is the sub-list for method output_type
11, // [11:11] is the sub-list for method input_type
11, // [11:11] is the sub-list for extension type_name
11, // [11:11] is the sub-list for extension extendee
0, // [0:11] is the sub-list for field type_name
5, // 0: talos.resource.definitions.kubespan.ConfigSpec.extra_endpoints:type_name -> common.NetIPPort
5, // 1: talos.resource.definitions.kubespan.EndpointSpec.endpoint:type_name -> common.NetIPPort
6, // 2: talos.resource.definitions.kubespan.IdentitySpec.address:type_name -> common.NetIPPrefix
6, // 3: talos.resource.definitions.kubespan.IdentitySpec.subnet:type_name -> common.NetIPPrefix
7, // 4: talos.resource.definitions.kubespan.PeerSpecSpec.address:type_name -> common.NetIP
6, // 5: talos.resource.definitions.kubespan.PeerSpecSpec.allowed_ips:type_name -> common.NetIPPrefix
5, // 6: talos.resource.definitions.kubespan.PeerSpecSpec.endpoints:type_name -> common.NetIPPort
5, // 7: talos.resource.definitions.kubespan.PeerStatusSpec.endpoint:type_name -> common.NetIPPort
8, // 8: talos.resource.definitions.kubespan.PeerStatusSpec.state:type_name -> talos.resource.definitions.enums.KubespanPeerState
9, // 9: talos.resource.definitions.kubespan.PeerStatusSpec.last_handshake_time:type_name -> google.protobuf.Timestamp
5, // 10: talos.resource.definitions.kubespan.PeerStatusSpec.last_used_endpoint:type_name -> common.NetIPPort
9, // 11: talos.resource.definitions.kubespan.PeerStatusSpec.last_endpoint_change:type_name -> google.protobuf.Timestamp
12, // [12:12] is the sub-list for method output_type
12, // [12:12] is the sub-list for method input_type
12, // [12:12] is the sub-list for extension type_name
12, // [12:12] is the sub-list for extension extendee
0, // [0:12] is the sub-list for field type_name
}
func init() { file_resource_definitions_kubespan_kubespan_proto_init() }

View File

@ -55,6 +55,30 @@ func (m *ConfigSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if len(m.ExtraEndpoints) > 0 {
for iNdEx := len(m.ExtraEndpoints) - 1; iNdEx >= 0; iNdEx-- {
if vtmsg, ok := interface{}(m.ExtraEndpoints[iNdEx]).(interface {
MarshalToSizedBufferVT([]byte) (int, error)
}); ok {
size, err := vtmsg.MarshalToSizedBufferVT(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
} else {
encoded, err := proto.Marshal(m.ExtraEndpoints[iNdEx])
if err != nil {
return 0, err
}
i -= len(encoded)
copy(dAtA[i:], encoded)
i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded)))
}
i--
dAtA[i] = 0x4a
}
}
if m.HarvestExtraEndpoints {
i--
if m.HarvestExtraEndpoints {
@ -543,6 +567,18 @@ func (m *ConfigSpec) SizeVT() (n int) {
if m.HarvestExtraEndpoints {
n += 2
}
if len(m.ExtraEndpoints) > 0 {
for _, e := range m.ExtraEndpoints {
if size, ok := interface{}(e).(interface {
SizeVT() int
}); ok {
l = size.SizeVT()
} else {
l = proto.Size(e)
}
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
}
n += len(m.unknownFields)
return n
}
@ -932,6 +968,48 @@ func (m *ConfigSpec) UnmarshalVT(dAtA []byte) error {
}
}
m.HarvestExtraEndpoints = bool(v != 0)
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ExtraEndpoints", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return protohelpers.ErrInvalidLength
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return protohelpers.ErrInvalidLength
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ExtraEndpoints = append(m.ExtraEndpoints, &common.NetIPPort{})
if unmarshal, ok := interface{}(m.ExtraEndpoints[len(m.ExtraEndpoints)-1]).(interface {
UnmarshalVT([]byte) error
}); ok {
if err := unmarshal.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
return err
}
} else {
if err := proto.Unmarshal(dAtA[iNdEx:postIndex], m.ExtraEndpoints[len(m.ExtraEndpoints)-1]); err != nil {
return err
}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])

View File

@ -16,4 +16,5 @@ type Config interface {
NetworkRules() NetworkRuleConfig
TrustedRoots() TrustedRootsConfig
Volumes() VolumesConfig
KubespanConfig() KubespanConfig
}

View File

@ -0,0 +1,25 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package config
import "net/netip"
// KubespanConfig defines the interface to access KubeSpan configuration.
type KubespanConfig interface {
ExtraAnnouncedEndpoints() []netip.AddrPort
}
// WrapKubespanConfig wraps a list of KubespanConfig into a single KubespanConfig aggregating the results.
func WrapKubespanConfig(configs ...KubespanConfig) KubespanConfig {
return kubespanConfigWrapper(configs)
}
type kubespanConfigWrapper []KubespanConfig
func (w kubespanConfigWrapper) ExtraAnnouncedEndpoints() []netip.AddrPort {
return aggregateValues(w, func(c KubespanConfig) []netip.AddrPort {
return c.ExtraAnnouncedEndpoints()
})
}

View File

@ -199,6 +199,11 @@ func (container *Container) Volumes() config.VolumesConfig {
return config.WrapVolumesConfigList(findMatchingDocs[config.VolumeConfig](container.documents)...)
}
// KubespanConfig implements config.Config interface.
func (container *Container) KubespanConfig() config.KubespanConfig {
return config.WrapKubespanConfig(findMatchingDocs[config.KubespanConfig](container.documents)...)
}
// Bytes returns source YAML representation (if available) or does default encoding.
func (container *Container) Bytes() ([]byte, error) {
if !container.readonly {

View File

@ -227,6 +227,44 @@
"additionalProperties": false,
"type": "object"
},
"network.KubespanEndpointsConfigV1Alpha1": {
"properties": {
"apiVersion": {
"enum": [
"v1alpha1"
],
"title": "apiVersion",
"description": "apiVersion is the API version of the resource.\n",
"markdownDescription": "apiVersion is the API version of the resource.",
"x-intellij-html-description": "\u003cp\u003eapiVersion is the API version of the resource.\u003c/p\u003e\n"
},
"kind": {
"enum": [
"KubespanEndpoints"
],
"title": "kind",
"description": "kind is the kind of the resource.\n",
"markdownDescription": "kind is the kind of the resource.",
"x-intellij-html-description": "\u003cp\u003ekind is the kind of the resource.\u003c/p\u003e\n"
},
"extraAnnouncedEndpoints": {
"items": {
"type": "string"
},
"type": "array",
"title": "extraAnnouncedEndpoints",
"description": "A list of extra Wireguard endpoints to announce from this machine.\n\nTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.\n",
"markdownDescription": "A list of extra Wireguard endpoints to announce from this machine.\n\nTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.",
"x-intellij-html-description": "\u003cp\u003eA list of extra Wireguard endpoints to announce from this machine.\u003c/p\u003e\n\n\u003cp\u003eTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.\u003c/p\u003e\n"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"apiVersion",
"kind"
]
},
"network.RuleConfigV1Alpha1": {
"properties": {
"apiVersion": {
@ -3569,6 +3607,9 @@
{
"$ref": "#/$defs/network.DefaultActionConfigV1Alpha1"
},
{
"$ref": "#/$defs/network.KubespanEndpointsConfigV1Alpha1"
},
{
"$ref": "#/$defs/network.RuleConfigV1Alpha1"
},

View File

@ -2,16 +2,30 @@
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Code generated by "deep-copy -type DefaultActionConfigV1Alpha1 -type RuleConfigV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go ."; DO NOT EDIT.
// Code generated by "deep-copy -type DefaultActionConfigV1Alpha1 -type KubespanEndpointsConfigV1Alpha1 -type RuleConfigV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go ."; DO NOT EDIT.
package network
import (
"net/netip"
)
// DeepCopy generates a deep copy of *DefaultActionConfigV1Alpha1.
func (o *DefaultActionConfigV1Alpha1) DeepCopy() *DefaultActionConfigV1Alpha1 {
var cp DefaultActionConfigV1Alpha1 = *o
return &cp
}
// DeepCopy generates a deep copy of *KubespanEndpointsConfigV1Alpha1.
func (o *KubespanEndpointsConfigV1Alpha1) DeepCopy() *KubespanEndpointsConfigV1Alpha1 {
var cp KubespanEndpointsConfigV1Alpha1 = *o
if o.ExtraAnnouncedEndpointsConfig != nil {
cp.ExtraAnnouncedEndpointsConfig = make([]netip.AddrPort, len(o.ExtraAnnouncedEndpointsConfig))
copy(cp.ExtraAnnouncedEndpointsConfig, o.ExtraAnnouncedEndpointsConfig)
}
return &cp
}
// DeepCopy generates a deep copy of *RuleConfigV1Alpha1.
func (o *RuleConfigV1Alpha1) DeepCopy() *RuleConfigV1Alpha1 {
var cp RuleConfigV1Alpha1 = *o

View File

@ -19,7 +19,7 @@ const DefaultActionConfig = "NetworkDefaultActionConfig"
func init() {
registry.Register(DefaultActionConfig, func(version string) config.Document {
switch version {
case "v1alpha1":
case "v1alpha1": //nolint:goconst
return &DefaultActionConfigV1Alpha1{}
default:
return nil

View File

@ -0,0 +1,85 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package network
//docgen:jsonschema
import (
"net/netip"
"slices"
"github.com/siderolabs/talos/pkg/machinery/config/config"
"github.com/siderolabs/talos/pkg/machinery/config/internal/registry"
"github.com/siderolabs/talos/pkg/machinery/config/types/meta"
)
// KubespanEndpointsKind is a KubeSpan endpoints document kind.
const KubespanEndpointsKind = "KubespanEndpointsConfig"
func init() {
registry.Register(KubespanEndpointsKind, func(version string) config.Document {
switch version {
case "v1alpha1":
return &KubespanEndpointsConfigV1Alpha1{}
default:
return nil
}
})
}
// Check interfaces.
var (
_ config.KubespanConfig = &KubespanEndpointsConfigV1Alpha1{}
)
// KubespanEndpointsConfigV1Alpha1 is a config document to configure KubeSpan endpoints.
//
// examples:
// - value: exampleKubespanEndpointsV1Alpha1()
// alias: KubespanEndpoints
// schemaRoot: true
// schemaMeta: v1alpha1/KubespanEndpoints
type KubespanEndpointsConfigV1Alpha1 struct {
meta.Meta `yaml:",inline"`
// description: |
// A list of extra Wireguard endpoints to announce from this machine.
//
// Talos automatically adds endpoints based on machine addresses, public IP, etc.
// This field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.
// schema:
// type: array
// items:
// type: string
ExtraAnnouncedEndpointsConfig []netip.AddrPort `yaml:"extraAnnouncedEndpoints"`
}
// NewKubespanEndpointsV1Alpha1 creates a new KubespanEndpoints config document.
func NewKubespanEndpointsV1Alpha1() *KubespanEndpointsConfigV1Alpha1 {
return &KubespanEndpointsConfigV1Alpha1{
Meta: meta.Meta{
MetaKind: KubespanEndpointsKind,
MetaAPIVersion: "v1alpha1",
},
}
}
func exampleKubespanEndpointsV1Alpha1() *KubespanEndpointsConfigV1Alpha1 {
cfg := NewKubespanEndpointsV1Alpha1()
cfg.ExtraAnnouncedEndpointsConfig = []netip.AddrPort{
netip.MustParseAddrPort("192.168.13.46:52000"),
}
return cfg
}
// Clone implements config.Document interface.
func (s *KubespanEndpointsConfigV1Alpha1) Clone() config.Document {
return s.DeepCopy()
}
// ExtraAnnouncedEndpoints implements KubespanConfig interface.
func (s *KubespanEndpointsConfigV1Alpha1) ExtraAnnouncedEndpoints() []netip.AddrPort {
return slices.Clone(s.ExtraAnnouncedEndpointsConfig)
}

View File

@ -0,0 +1,60 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package network_test
import (
_ "embed"
"net/netip"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/siderolabs/talos/pkg/machinery/config/configloader"
"github.com/siderolabs/talos/pkg/machinery/config/encoder"
"github.com/siderolabs/talos/pkg/machinery/config/types/meta"
"github.com/siderolabs/talos/pkg/machinery/config/types/network"
)
//go:embed testdata/kubespanendpointsconfig.yaml
var expectedKubespanEndpointsConfigDocument []byte
func TestKubespanEndpointsConfigMarshalStability(t *testing.T) {
t.Parallel()
cfg := network.NewKubespanEndpointsV1Alpha1()
cfg.ExtraAnnouncedEndpointsConfig = []netip.AddrPort{
netip.MustParseAddrPort("3.4.5.6:123"),
netip.MustParseAddrPort("10.11.12.13:456"),
}
marshaled, err := encoder.NewEncoder(cfg, encoder.WithComments(encoder.CommentsDisabled)).Encode()
require.NoError(t, err)
t.Log(string(marshaled))
assert.Equal(t, expectedKubespanEndpointsConfigDocument, marshaled)
}
func TestKubespanEndpointsConfigUnmarshal(t *testing.T) {
t.Parallel()
provider, err := configloader.NewFromBytes(expectedKubespanEndpointsConfigDocument)
require.NoError(t, err)
docs := provider.Documents()
require.Len(t, docs, 1)
assert.Equal(t, &network.KubespanEndpointsConfigV1Alpha1{
Meta: meta.Meta{
MetaAPIVersion: "v1alpha1",
MetaKind: network.KubespanEndpointsKind,
},
ExtraAnnouncedEndpointsConfig: []netip.AddrPort{
netip.MustParseAddrPort("3.4.5.6:123"),
netip.MustParseAddrPort("10.11.12.13:456"),
},
}, docs[0])
}

View File

@ -5,6 +5,6 @@
// Package network provides network machine configuration documents.
package network
//go:generate docgen -output network_doc.go network.go default_action_config.go port_range.go rule_config.go
//go:generate docgen -output network_doc.go network.go default_action_config.go kubespan_endpoints.go port_range.go rule_config.go
//go:generate deep-copy -type DefaultActionConfigV1Alpha1 -type RuleConfigV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go .
//go:generate deep-copy -type DefaultActionConfigV1Alpha1 -type KubespanEndpointsConfigV1Alpha1 -type RuleConfigV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go .

View File

@ -37,6 +37,27 @@ func (DefaultActionConfigV1Alpha1) Doc() *encoder.Doc {
return doc
}
func (KubespanEndpointsConfigV1Alpha1) Doc() *encoder.Doc {
doc := &encoder.Doc{
Type: "KubespanEndpoints",
Comments: [3]string{"" /* encoder.HeadComment */, "KubespanEndpoints is a config document to configure KubeSpan endpoints." /* encoder.LineComment */, "" /* encoder.FootComment */},
Description: "KubespanEndpoints is a config document to configure KubeSpan endpoints.",
Fields: []encoder.Doc{
{}, {
Name: "extraAnnouncedEndpoints",
Type: "[]AddrPort",
Note: "",
Description: "A list of extra Wireguard endpoints to announce from this machine.\n\nTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.",
Comments: [3]string{"" /* encoder.HeadComment */, "A list of extra Wireguard endpoints to announce from this machine." /* encoder.LineComment */, "" /* encoder.FootComment */},
},
},
}
doc.AddExample("", exampleKubespanEndpointsV1Alpha1())
return doc
}
func (RuleConfigV1Alpha1) Doc() *encoder.Doc {
doc := &encoder.Doc{
Type: "NetworkRuleConfig",
@ -157,6 +178,7 @@ func GetFileDoc() *encoder.FileDoc {
Description: "Package network provides network machine configuration documents.\n",
Structs: []*encoder.Doc{
DefaultActionConfigV1Alpha1{}.Doc(),
KubespanEndpointsConfigV1Alpha1{}.Doc(),
RuleConfigV1Alpha1{}.Doc(),
RulePortSelector{}.Doc(),
IngressRule{}.Doc(),

View File

@ -0,0 +1,5 @@
apiVersion: v1alpha1
kind: KubespanEndpointsConfig
extraAnnouncedEndpoints:
- 3.4.5.6:123
- 10.11.12.13:456

View File

@ -5,6 +5,8 @@
package kubespan
import (
"net/netip"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/resource/meta"
"github.com/cosi-project/runtime/pkg/resource/protobuf"
@ -42,6 +44,8 @@ type ConfigSpec struct {
EndpointFilters []string `yaml:"endpointFilters,omitempty" protobuf:"7"`
// Harvest endpoints from the peer statuses.
HarvestExtraEndpoints bool `yaml:"harvestExtraEndpoints" protobuf:"8"`
// Extra endpoints to announce.
ExtraEndpoints []netip.AddrPort `yaml:"extraEndpoints,omitempty" protobuf:"9"`
}
// NewConfig initializes a Config resource.

View File

@ -17,6 +17,10 @@ func (o ConfigSpec) DeepCopy() ConfigSpec {
cp.EndpointFilters = make([]string, len(o.EndpointFilters))
copy(cp.EndpointFilters, o.EndpointFilters)
}
if o.ExtraEndpoints != nil {
cp.ExtraEndpoints = make([]netip.AddrPort, len(o.ExtraEndpoints))
copy(cp.ExtraEndpoints, o.ExtraEndpoints)
}
return cp
}

View File

@ -3147,6 +3147,7 @@ ConfigSpec describes KubeSpan configuration..
| mtu | [uint32](#uint32) | | |
| endpoint_filters | [string](#string) | repeated | |
| harvest_extra_endpoints | [bool](#bool) | | |
| extra_endpoints | [common.NetIPPort](#common.NetIPPort) | repeated | |

View File

@ -0,0 +1,33 @@
---
description: KubespanEndpoints is a config document to configure KubeSpan endpoints.
title: KubespanEndpoints
---
<!-- markdownlint-disable -->
{{< highlight yaml >}}
apiVersion: v1alpha1
kind: KubespanEndpointsConfig
# A list of extra Wireguard endpoints to announce from this machine.
extraAnnouncedEndpoints:
- 192.168.13.46:52000
{{< /highlight >}}
| Field | Type | Description | Value(s) |
|-------|------|-------------|----------|
|`extraAnnouncedEndpoints` |[]AddrPort |<details><summary>A list of extra Wireguard endpoints to announce from this machine.</summary><br />Talos automatically adds endpoints based on machine addresses, public IP, etc.<br />This field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.</details> | |

View File

@ -227,6 +227,44 @@
"additionalProperties": false,
"type": "object"
},
"network.KubespanEndpointsConfigV1Alpha1": {
"properties": {
"apiVersion": {
"enum": [
"v1alpha1"
],
"title": "apiVersion",
"description": "apiVersion is the API version of the resource.\n",
"markdownDescription": "apiVersion is the API version of the resource.",
"x-intellij-html-description": "\u003cp\u003eapiVersion is the API version of the resource.\u003c/p\u003e\n"
},
"kind": {
"enum": [
"KubespanEndpoints"
],
"title": "kind",
"description": "kind is the kind of the resource.\n",
"markdownDescription": "kind is the kind of the resource.",
"x-intellij-html-description": "\u003cp\u003ekind is the kind of the resource.\u003c/p\u003e\n"
},
"extraAnnouncedEndpoints": {
"items": {
"type": "string"
},
"type": "array",
"title": "extraAnnouncedEndpoints",
"description": "A list of extra Wireguard endpoints to announce from this machine.\n\nTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.\n",
"markdownDescription": "A list of extra Wireguard endpoints to announce from this machine.\n\nTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.",
"x-intellij-html-description": "\u003cp\u003eA list of extra Wireguard endpoints to announce from this machine.\u003c/p\u003e\n\n\u003cp\u003eTalos automatically adds endpoints based on machine addresses, public IP, etc.\nThis field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping.\u003c/p\u003e\n"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"apiVersion",
"kind"
]
},
"network.RuleConfigV1Alpha1": {
"properties": {
"apiVersion": {
@ -3569,6 +3607,9 @@
{
"$ref": "#/$defs/network.DefaultActionConfigV1Alpha1"
},
{
"$ref": "#/$defs/network.KubespanEndpointsConfigV1Alpha1"
},
{
"$ref": "#/$defs/network.RuleConfigV1Alpha1"
},

View File

@ -134,6 +134,15 @@ The `filters` setting allows hiding some endpoints from being advertised over Ku
This is useful when some endpoints are known to be unreachable between the nodes, so that KubeSpan doesn't try to establish a connection to them.
Another use-case is hiding some endpoints if nodes can connect on multiple networks, and some of the networks are more preferable than others.
To include additional announced endpoints, such as inbound NAT mappings, you can add the [machine config document]({{< relref "../../reference/configuration/network/kubespanendpoints" >}}).
```yaml
apiVersion: v1alpha1
kind: KubespanEndpointsConfig
extraAnnouncedEndpoints:
- 192.168.101.3:61033
```
## Resource Definitions
### KubeSpanIdentities