dahjah/headplane
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix(TALE-5): remove deployment check and only use pod spec

Browse Source
This commit is contained in:
Aarnav Tale 2024-07-08 14:40:38 -04:00
parent bda151f4e8
commit 3cc726320a
No known key found for this signature in database
2 changed files with 27 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
app/integration/kubernetes.ts
View File

@ -3,7 +3,7 @@ import { platform } from 'node:os'
import { join, resolve } from 'node:path' import { join, resolve } from 'node:path'
import { kill } from 'node:process' import { kill } from 'node:process'
import { AppsV1Api, Config, CoreV1Api, KubeConfig } from '@kubernetes/client-node' import { Config, CoreV1Api, KubeConfig } from '@kubernetes/client-node'
import type { Integration } from '.' import type { Integration } from '.'
@ -57,25 +57,23 @@ async function preflight() {
return false return false
} }
const skip = process.env.HEADSCALE_INTEGRATION_UNSTRICT
if (skip === 'true' || skip === '1') {
console.warn('Skipping strict Kubernetes integration check')
return true
}
// Some very ugly nesting but it's necessary // Some very ugly nesting but it's necessary
const deployment = process.env.DEPLOYMENT_NAME const pod = process.env.POD_NAME
if (deployment) { if (!pod) {
const result = await checkDeployment(deployment, namespace) console.error('No pod name found (POD_NAME)')
if (!result) {
return false return false
} }
} else {
const pod = process.env.POD_NAME
if (pod) {
const result = await checkPod(pod, namespace) const result = await checkPod(pod, namespace)
if (!result) { if (!result) {
return false return false
} }
} else {
console.error('No deployment or pod name found')
return false
}
}
return true return true
} }
@ -119,45 +117,6 @@ async function checkPod(pod: string, namespace: string) {
return true return true
} }
async function checkDeployment(deployment: string, namespace: string) {
if (deployment.trim().length === 0) {
console.error('Deployment name is empty')
return false
}
try {
const kc = new KubeConfig()
kc.loadFromCluster()
const kAppsV1Api = kc.makeApiClient(AppsV1Api)
const { response, body } = await kAppsV1Api.readNamespacedDeployment(
deployment,
namespace,
)
if (response.statusCode !== 200) {
console.error('Failed to read deployment', response.statusCode)
return false
}
const shared = body.spec?.template.spec?.shareProcessNamespace
if (shared === undefined) {
console.error('Deployment does not have shareProcessNamespace set')
return false
}
if (!shared) {
console.error('Deployment has disabled shareProcessNamespace')
return false
}
} catch (error) {
console.error('Failed to check deployment', error)
return false
}
return true
}
async function findPid() { async function findPid() {
const dirs = await readdir('/proc') const dirs = await readdir('/proc')

16
docs/integration/Kubernetes.md
View File

@ -57,8 +57,11 @@ away into a `ConfigMap` or `Secret` for easier management.
The important parts of this deployment are the `HEADSCALE_INTEGRATION` and The important parts of this deployment are the `HEADSCALE_INTEGRATION` and
`DEPLOYMENT_NAME` environment variables. The `HEADSCALE_INTEGRATION` variable `DEPLOYMENT_NAME` environment variables. The `HEADSCALE_INTEGRATION` variable
should be set to `kubernetes` and the `DEPLOYMENT_NAME` variable should be set should be set to `kubernetes` and the `POST_NAME` variable should be set
to the name of the deployment (done using the Downward API below). to the name of the pod (done using the Downward API below).
> If you are having issues with validating `shareProcessNamespace`, you can
set `HEADSCALE_INTEGRATION_UNSTRICT` to `true` to disable the strict checks.
A basic deployment of the integration would look like this. Keep in mind that A basic deployment of the integration would look like this. Keep in mind that
you are responsible for setting up a reverse-proxy via an `Ingress` or `Service` you are responsible for setting up a reverse-proxy via an `Ingress` or `Service`
@ -81,6 +84,7 @@ spec:
labels: labels:
app: headplane app: headplane
spec: spec:
shareProcessNamespace: true
serviceAccountName: default serviceAccountName: default
containers: containers:
- name: headplane - name: headplane
@ -90,7 +94,7 @@ spec:
value: 'abcdefghijklmnopqrstuvwxyz' value: 'abcdefghijklmnopqrstuvwxyz'
- name: HEADSCALE_INTEGRATION - name: HEADSCALE_INTEGRATION
value: 'kubernetes' value: 'kubernetes'
- name: DEPLOYMENT_NAME - name: POD_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
@ -119,5 +123,7 @@ spec:
claimName: headscale-config claimName: headscale-config
``` ```
> For a breakdown of each configuration variable, please refer to the [Configuration](/docs/Configuration.md) guide. > For a breakdown of each configuration variable, please refer to the
> It explains what each variable does, how to configure them, and what the default values are. [Configuration](/docs/Configuration.md) guide.
> It explains what each variable does, how to configure them, and what the
default values are.