external gateway servers for GlobalVPN Devices#341
Conversation
nxtcoder17
changed the title
- observability api, updates kloudlite gateway device URI
fixes: - cluster CIDR allocation, (already claimed errors) - device IP allocation, (already claimed errors)
- we also have an internal gateway for vpn devices, which we use to stream logs from the vpn devices - also adds a local DNS query `account.kloudlite.local` to allow cli tool to get the account for the current gateway
nxtcoder17
force-pushed
the
feat/edge-gateway-for-vpn-device
branch
10 times, most recently
from
8efd405 to
bdde77f
Compare
nxtcoder17
force-pushed
the
feat/edge-gateway-for-vpn-device
branch
4 times, most recently
from
d6f2053 to
4f85c92
Compare
- environment cloning namespace will now be gateway enabled by default
nxtcoder17
force-pushed
the
feat/edge-gateway-for-vpn-device
branch
from
4f85c92 to
42ee98a
Compare
Reviewer's Guide by SourceryThis pull request implements external gateway servers for GlobalVPN Devices. The changes include adding new fields and methods to support the external gateway functionality, updating existing methods to accommodate the new gateway devices, and removing deprecated or redundant code. The changes span multiple files, primarily focusing on GraphQL schema updates, domain logic, and build configurations. File-Level Changes
Tips
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @nxtcoder17 - I've reviewed your changes and found some issues that need to be addressed.
Blocking issues:
Here's what I looked at during the review
- 🟡 General issues: 1 issue found
- 🔴 Security: 2 blocking issues, 1 other issue
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.
| wg-quick down wg0 || echo "[starting] wg-quick down wg0" | ||
| wg-quick up wg0 | ||
| echo "allowing time for ip addr to become available" | ||
| sleep 0.25 |
There was a problem hiding this comment.
suggestion: Sleep command in template
The addition of a sleep 0.25 command might be a workaround for a timing issue. Consider if there are more robust solutions to ensure the IP address becomes available.
| sleep 0.25 | |
| while ! ip addr show wg0 | grep -q "inet "; do | |
| echo "waiting for IP address to become available" | |
| sleep 0.1 | |
| done |
| {{- /* - SETGID */}} | ||
| {{- /* drop: */}} | ||
| {{- /* - all */}} | ||
| securityContext: |
There was a problem hiding this comment.
🚨 issue (security): Security context for container
The security context has been added to the container configuration. Ensure that the capabilities added (NET_BIND_SERVICE, SETGID) are necessary and do not introduce security vulnerabilities.
| DisplayName string `json:"displayName"` | ||
| Region string `json:"region"` | ||
| CloudProvider string `json:"cloudProvider"` | ||
| Kubeconfig string `json:"kubeconfig"` |
There was a problem hiding this comment.
🚨 issue (security): Potential hard-coded kubeconfig found.
Ensure that this kubeconfig is not a real secret and is appropriately managed.
| DisplayName string `json:"displayName"` | ||
| Region string `json:"region"` | ||
| CloudProvider string `json:"cloudProvider"` | ||
| Kubeconfig string `json:"kubeconfig"` |
There was a problem hiding this comment.
🚨 issue (security): Potential hard-coded kubeconfig found.
Ensure that this kubeconfig is not a real secret and is appropriately managed.
external gateway servers for GlobalVPN Devices
3 participants
Resolves kloudlite/kloudlite#254
Summary by Sourcery
This pull request adds support for external gateway servers for GlobalVPN devices, refactors device management to distinguish between cluster-local and gateway devices, and updates build tasks for multi-architecture support. It also removes unused MatchFilter resolvers and deletes obsolete GitHub workflows.