Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dev-docs: Helm chart for full L3 VPN connectivity #2620

Merged
merged 2 commits into from
Jan 16, 2024
Merged

dev-docs: Helm chart for full L3 VPN connectivity #2620

merged 2 commits into from
Jan 16, 2024

Conversation

burgerdev
Copy link
Contributor

@burgerdev burgerdev commented Nov 21, 2023
edited
Loading

Context

Modifies the VPN Helm chart to allow for full bidirectional L3 connectivity.

Note: this PR targets the VPN development branch for now.

Checklist

  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone

@burgerdev burgerdev requested a review from 3u13r November 21, 2023 07:26
Base automatically changed from burgerdev/vpn to main November 22, 2023 14:08
@3u13r
Copy link
Member

3u13r commented Nov 23, 2023

fyi: I rebased and merged my changes to main. So you should be able to re-base this PR now.

@netlify Netlify
Copy link

netlify bot commented Nov 27, 2023
edited
Loading

Deploy Preview for constellation-docs ready!

Name Link
🔨 Latest commit 3deb089
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/65a66e93ed88780008d97d01
😎 Deploy Preview https://deploy-preview-2620--constellation-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@burgerdev burgerdev force-pushed the burgerdev/full-vpn branch 2 times, most recently from e0a3e70 to 2802477 Compare November 27, 2023 15:46
@burgerdev burgerdev marked this pull request as ready for review November 27, 2023 17:04
3u13r
3u13r requested changes Dec 1, 2023
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested some setup where we either can also allow the node CIDR (since all pod traffic not destined for inside the cluster is usually masqueraded). Or, if we also want to preserve the pod IP we switch to eBPF based host routing (which we should anyway) and add a ip masq config which makes an exception for the peered range (https://docs.cilium.io/en/stable/network/concepts/masquerading/#ebpf-based)

I think it's best to simply discuss on Monday.

dev-docs/howto/vpn/helm/files/routing/experimental/frontend-pod.sh Outdated Show resolved Hide resolved
dev-docs/howto/vpn/helm/files/routing/experimental/all-nodes.sh Outdated Show resolved Hide resolved
@burgerdev burgerdev requested a review from derpsteb as a code owner December 20, 2023 11:41
@github-actions GitHub Actions
Copy link
Contributor

Coverage report

Package Old New Trend
internal/constellation/helm 52.80% 52.80% ↔️

@burgerdev burgerdev added the feature This introduces new functionality label Dec 20, 2023
@burgerdev burgerdev added this to the v2.15.0 milestone Dec 20, 2023
@burgerdev burgerdev changed the title dev-docs: add option to deploy a full L3 vpn dev-docs: Helm chart for full L3 VPN connectivity Dec 20, 2023
@burgerdev burgerdev requested a review from 3u13r December 21, 2023 11:03
3u13r
3u13r requested changes Dec 27, 2023
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This already looks and works quite good. Just some advanced discussions. We cal also merge this at some point and discuss elsewhere.

dev-docs/howto/vpn/helm/values.yaml Outdated Show resolved Hide resolved
dev-docs/howto/vpn/helm/README.md Outdated Show resolved Hide resolved
dev-docs/howto/vpn/helm/files/routing/pod-l3-setup.sh Outdated Show resolved Hide resolved
@burgerdev burgerdev requested a review from 3u13r January 5, 2024 17:48
3u13r
3u13r requested changes Jan 10, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also note the comment in #2620 (comment)

dev-docs/howto/vpn/helm/templates/operator-deployment.yaml Outdated Show resolved Hide resolved
dev-docs/howto/vpn/helm/README.md Outdated Show resolved Hide resolved
dev-docs/howto/vpn/helm/values.yaml Outdated Show resolved Hide resolved
dev-docs/howto/vpn/helm/files/routing/experimental/all-nodes.sh Outdated Show resolved Hide resolved
@burgerdev burgerdev requested review from 3u13r and removed request for derpsteb January 11, 2024 15:18
3u13r
3u13r approved these changes Jan 15, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dev-docs/howto/vpn/helm/README.md Outdated Show resolved Hide resolved
@burgerdev burgerdev merged commit 16c63d5 into main Jan 16, 2024
6 checks passed
@burgerdev burgerdev deleted the burgerdev/full-vpn branch January 16, 2024 12:59
@elchead elchead added no changelog Change won't be listed in release changelog and removed feature This introduces new functionality labels Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@3u13r 3u13r 3u13r approved these changes

Assignees
No one assigned
Labels
no changelog Change won't be listed in release changelog
Projects
None yet
Milestone
v2.15.0
Development

Successfully merging this pull request may close these issues.
3 participants
@burgerdev @3u13r @elchead