kilo icon indicating copy to clipboard operation
kilo copied to clipboard

Published 20 hours ago verified publisher icon squat

Allow disabling private IP

Open SerialVelocity opened this issue 6 years ago • 8 comments

Hi squat!

Is there a way to completely disable the private IP? I have hosts that do not have a private interface. Currently I'm forcing the private IP to a random IP that doesn't exist but it still adds it to the allowed ips list.

SerialVelocity avatar Aug 27 '19 09:08 SerialVelocity

This is landing today thanks to @leonnicolas 🚀 🚀

squat avatar Jan 24 '21 21:01 squat

@squat @leonnicolas Could you give an example of how to disable private IPs? Do I need to set kilo.squat.ai/force-internal-ip to an empty string? (my hosts have private IPs that cannot be used or all networking breaks)

SerialVelocity avatar Feb 15 '21 11:02 SerialVelocity

#104 allows nodes that have no private IPs. Prior to the PR, the internal IP was set to the public IP, when no private IPs were found. Now with #104 the internal-ip annotation is set to "" by Kilo and these nodes are being treated as if they were in a different location. Meaning, communication to other nodes happens over the WireGuard interface even if they are in the same location (kilo.squat.ai/location="..." is equal) e.g. the default location. So I guess if your nodes have private IPs, but you don't want to use them, this PR doesn't really help you. You can't disable using private IPs with a flag.

leonnicolas avatar Feb 18 '21 12:02 leonnicolas

Maybe we need to enable setting the annotation kilo.squat.ai/force-internal-ip="" to force disabling privateIPs

squat avatar Feb 18 '21 12:02 squat

Ok, worth reopening this issue then @squat as the PR wasn't for this? It would be nice if there was also a flag to disable it so an annotation isn't necessary if there are no private IPs in the cluster.

SerialVelocity avatar Feb 18 '21 12:02 SerialVelocity

Reopening :) #104 allowed adding nodes to the mesh that don't have private IPs, but doesn't provide a programmatic way to disable private IPs on nodes that have them but shouldn't use them.

Acceptance criteria:

  • setting kilo.squat.ai/force-internal-ip="" on a node disables private networking for the node
  • using the --private-networking=false flag disables private networking on a node

squat avatar Feb 18 '21 12:02 squat

  • using the --private-networking=false flag disables private networking on a node

This might not make sense because Kilo is normally run as a DaemonSet, so using this flag will cause all nodes to run with disabled private networking.

Whereas the annotation is more targeted and it could also achieve the above functionality with this one-liner:

for node in $(kubectl get nodes -o name); do kubectl annotate $node kilo.squat.ai/force-internal-ip="-"; done

leonnicolas avatar Apr 15 '21 19:04 leonnicolas

  • setting kilo.squat.ai/force-internal-ip="" on a node disables private networking for the node

This was implemented in #127.

leonnicolas avatar Apr 15 '21 19:04 leonnicolas