Skip to content

Commit 11af189

Browse files
NiklasBeierlNiklasBeierl
committed
Initial commit
(squashing before publish)
0 parents  commit 11af189

12 files changed

Lines changed: 1202 additions & 0 deletions

File tree

.github/workflows/build-and-push.yaml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
name: Build and Push Container Image
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
pull_request:
8+
branches:
9+
- main
10+
11+
env:
12+
REGISTRY: ghcr.io
13+
IMAGE_NAME: niklasbeierl/nodecryptor
14+
15+
jobs:
16+
build-and-push:
17+
runs-on: ubuntu-latest
18+
permissions:
19+
contents: read
20+
packages: write
21+
22+
steps:
23+
- name: Checkout repository
24+
uses: actions/checkout@v4
25+
26+
- name: Set up Docker Buildx
27+
uses: docker/setup-buildx-action@v3
28+
29+
- name: Log in to Container Registry
30+
if: github.event_name != 'pull_request'
31+
uses: docker/login-action@v3
32+
with:
33+
registry: ${{ env.REGISTRY }}
34+
username: ${{ github.actor }}
35+
password: ${{ secrets.GITHUB_TOKEN }}
36+
37+
- name: Extract metadata (tags, labels)
38+
id: meta
39+
uses: docker/metadata-action@v5
40+
with:
41+
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
42+
tags: |
43+
type=ref,event=branch
44+
type=sha,prefix=
45+
type=raw,value=latest,enable={{is_default_branch}}
46+
47+
- name: Build and push
48+
uses: docker/build-push-action@v6
49+
with:
50+
context: .
51+
file: docker/Dockerfile
52+
push: ${{ github.event_name != 'pull_request' }}
53+
tags: ${{ steps.meta.outputs.tags }}
54+
labels: ${{ steps.meta.outputs.labels }}
55+
cache-from: type=gha
56+
cache-to: type=gha,mode=max

.gitignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
.env
2+
.idea
3+
.venv
4+
node_modules
5+
dump

docker/.env.example

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Use a node that actually exists here (it will not mess with that node)
2+
NODE_NAME=...

docker/Dockerfile

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
FROM golang:1.25-alpine AS builder
2+
3+
RUN apk add --no-cache \
4+
iproute2 \
5+
nftables \
6+
wireguard-tools
7+
8+
RUN go install github.com/go-delve/delve/cmd/dlv@latest
9+
10+
WORKDIR /app
11+
12+
RUN apk add --no-cache git
13+
14+
COPY go.mod go.sum ./
15+
RUN go mod download
16+
17+
COPY internal ./internal
18+
COPY main.go .
19+
RUN CGO_ENABLED=0 GOOS=linux go build -gcflags="all=-N -l" -o nodeCryptor .
20+
21+
ENTRYPOINT ["/go/bin/dlv", "--listen=:40000", "--headless=true", "--api-version=2", "--accept-multiclient", "exec", "/app/nodeCryptor", "--"]
22+
CMD []
23+
24+
FROM builder AS release
25+
RUN CGO_ENABLED=0 GOOS=linux go build -o nodeCryptor .
26+
27+
FROM alpine:3.21
28+
29+
RUN apk add --no-cache \
30+
iproute2 \
31+
nftables \
32+
wireguard-tools
33+
34+
COPY --from=release /app/nodeCryptor /usr/local/bin/nodeCryptor
35+
36+
ENTRYPOINT ["/usr/local/bin/nodeCryptor"]
37+
CMD []

docker/compose.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
services:
2+
nodecryptor: &base
3+
image: ghcr.io/niklasbeierl/nodecryptor/base:latest
4+
build:
5+
context: ..
6+
dockerfile: docker/Dockerfile
7+
cap_add:
8+
- NET_ADMIN
9+
volumes:
10+
- ${HOME}/.kube/config:/root/.kube/config:ro
11+
command:
12+
- --node-name
13+
- ${NODE_NAME?error}
14+
15+
dev: &dev
16+
<<: *base
17+
container_name: nodecryptor-dev
18+
image: ghcr.io/niklasbeierl/nodecryptor/dev:latest
19+
build:
20+
context: ..
21+
dockerfile: docker/Dockerfile
22+
target: builder
23+
ports:
24+
- 127.0.0.1:40000:40000
25+
profiles:
26+
- donostart
27+
command:
28+
- --node-name
29+
- ${NODE_NAME?error}
30+
- --noop-route
31+
- 10.10.10.255/32
32+
33+
setup-link:
34+
<<: *dev
35+
network_mode: container:nodecryptor-dev
36+
cap_add:
37+
- NET_ADMIN
38+
entrypoint:
39+
- /bin/bash
40+
command:
41+
- -c
42+
- ip link add dev cilium_wg0 type wireguard && ip link set cilium_wg0 up
43+
profiles:
44+
- donotstart

go.mod

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,113 @@
1+
module github.com/niklasbeierl/nodeCryptor
2+
3+
go 1.25.5
4+
5+
require (
6+
github.com/cilium/cilium v1.18.5
7+
github.com/go-logr/logr v1.4.3
8+
github.com/vishvananda/netlink v1.3.1
9+
golang.org/x/sys v0.40.0
10+
k8s.io/apimachinery v0.34.1
11+
k8s.io/client-go v0.34.1
12+
sigs.k8s.io/controller-runtime v0.22.4
13+
)
14+
15+
require (
16+
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
17+
github.com/beorn7/perks v1.0.1 // indirect
18+
github.com/blang/semver/v4 v4.0.0 // indirect
19+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
20+
github.com/cilium/ebpf v0.19.0 // indirect
21+
github.com/cilium/hive v0.0.0-20250611195437-5a5dacdfb354 // indirect
22+
github.com/cilium/proxy v0.0.0-20250623105955-2136f59a4ea1 // indirect
23+
github.com/cilium/statedb v0.4.6 // indirect
24+
github.com/cilium/stream v0.0.1 // indirect
25+
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
26+
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
27+
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
28+
github.com/fsnotify/fsnotify v1.9.0 // indirect
29+
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
30+
github.com/go-logr/stdr v1.2.2 // indirect
31+
github.com/go-logr/zapr v1.3.0 // indirect
32+
github.com/go-openapi/analysis v0.23.0 // indirect
33+
github.com/go-openapi/errors v0.22.1 // indirect
34+
github.com/go-openapi/jsonpointer v0.21.0 // indirect
35+
github.com/go-openapi/jsonreference v0.21.0 // indirect
36+
github.com/go-openapi/loads v0.22.0 // indirect
37+
github.com/go-openapi/runtime v0.28.0 // indirect
38+
github.com/go-openapi/spec v0.21.0 // indirect
39+
github.com/go-openapi/strfmt v0.23.0 // indirect
40+
github.com/go-openapi/swag v0.23.1 // indirect
41+
github.com/go-openapi/validate v0.24.0 // indirect
42+
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
43+
github.com/gogo/protobuf v1.3.2 // indirect
44+
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
45+
github.com/google/btree v1.1.3 // indirect
46+
github.com/google/gnostic-models v0.7.0 // indirect
47+
github.com/google/go-cmp v0.7.0 // indirect
48+
github.com/google/uuid v1.6.0 // indirect
49+
github.com/inconshreveable/mousetrap v1.1.0 // indirect
50+
github.com/josharian/intern v1.0.0 // indirect
51+
github.com/json-iterator/go v1.1.12 // indirect
52+
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
53+
github.com/mackerelio/go-osstat v0.2.6 // indirect
54+
github.com/mailru/easyjson v0.9.0 // indirect
55+
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
56+
github.com/mitchellh/mapstructure v1.5.0 // indirect
57+
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
58+
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
59+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
60+
github.com/oklog/ulid v1.3.1 // indirect
61+
github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
62+
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
63+
github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect
64+
github.com/pkg/errors v0.9.1 // indirect
65+
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
66+
github.com/prometheus/client_golang v1.22.0 // indirect
67+
github.com/prometheus/client_model v0.6.2 // indirect
68+
github.com/prometheus/common v0.65.0 // indirect
69+
github.com/prometheus/procfs v0.17.0 // indirect
70+
github.com/sagikazarmark/locafero v0.7.0 // indirect
71+
github.com/sasha-s/go-deadlock v0.3.5 // indirect
72+
github.com/sourcegraph/conc v0.3.0 // indirect
73+
github.com/spf13/afero v1.14.0 // indirect
74+
github.com/spf13/cast v1.9.2 // indirect
75+
github.com/spf13/cobra v1.9.1 // indirect
76+
github.com/spf13/pflag v1.0.7 // indirect
77+
github.com/spf13/viper v1.20.1 // indirect
78+
github.com/subosito/gotenv v1.6.0 // indirect
79+
github.com/vishvananda/netns v0.0.5 // indirect
80+
github.com/x448/float16 v0.8.4 // indirect
81+
go.mongodb.org/mongo-driver v1.14.0 // indirect
82+
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
83+
go.opentelemetry.io/otel v1.37.0 // indirect
84+
go.opentelemetry.io/otel/metric v1.37.0 // indirect
85+
go.opentelemetry.io/otel/trace v1.37.0 // indirect
86+
go.uber.org/dig v1.17.1 // indirect
87+
go.uber.org/multierr v1.11.0 // indirect
88+
go.uber.org/zap v1.27.0 // indirect
89+
go.yaml.in/yaml/v2 v2.4.2 // indirect
90+
go.yaml.in/yaml/v3 v3.0.4 // indirect
91+
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
92+
golang.org/x/net v0.47.0 // indirect
93+
golang.org/x/oauth2 v0.30.0 // indirect
94+
golang.org/x/sync v0.18.0 // indirect
95+
golang.org/x/term v0.37.0 // indirect
96+
golang.org/x/text v0.31.0 // indirect
97+
golang.org/x/time v0.12.0 // indirect
98+
golang.org/x/tools v0.38.0 // indirect
99+
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
100+
google.golang.org/protobuf v1.36.6 // indirect
101+
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
102+
gopkg.in/inf.v0 v0.9.1 // indirect
103+
gopkg.in/yaml.v3 v3.0.1 // indirect
104+
k8s.io/api v0.34.1 // indirect
105+
k8s.io/apiextensions-apiserver v0.34.1 // indirect
106+
k8s.io/klog/v2 v2.130.1 // indirect
107+
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
108+
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
109+
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
110+
sigs.k8s.io/randfill v1.0.0 // indirect
111+
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
112+
sigs.k8s.io/yaml v1.6.0 // indirect
113+
)

internal/controller/ciliumnode_controller.go

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
package controller
2+
3+
import (
4+
"context"
5+
6+
ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
7+
"github.com/niklasbeierl/nodeCryptor/internal/state"
8+
apierrors "k8s.io/apimachinery/pkg/api/errors"
9+
"k8s.io/apimachinery/pkg/runtime"
10+
ctrl "sigs.k8s.io/controller-runtime"
11+
"sigs.k8s.io/controller-runtime/pkg/client"
12+
"sigs.k8s.io/controller-runtime/pkg/log"
13+
)
14+
15+
// CiliumNodeReconciler reconciles CiliumNode objects
16+
type CiliumNodeReconciler struct {
17+
client.Client
18+
Scheme *runtime.Scheme
19+
state state.State
20+
}
21+
22+
// NewCiliumNodeReconciler creates a new CiliumNode reconciler
23+
func NewCiliumNodeReconciler(
24+
client client.Client,
25+
scheme *runtime.Scheme,
26+
state state.State,
27+
) *CiliumNodeReconciler {
28+
return &CiliumNodeReconciler{
29+
Client: client,
30+
Scheme: scheme,
31+
state: state,
32+
}
33+
}
34+
35+
// +kubebuilder:rbac:groups=cilium.io,resources=ciliumnodes,verbs=get;list;watch
36+
// +kubebuilder:rbac:groups=cilium.io,resources=ciliumnodes/status,verbs=get
37+
38+
// Reconcile handles CiliumNode reconciliation
39+
func (r *CiliumNodeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
40+
logger := log.FromContext(ctx)
41+
42+
var node ciliumv2.CiliumNode
43+
if err := r.Get(ctx, req.NamespacedName, &node); err != nil {
44+
if apierrors.IsNotFound(err) {
45+
logger.Info("CiliumNode deleted", "name", req.Name)
46+
r.state.DeleteNode(req.Name)
47+
return ctrl.Result{}, nil
48+
}
49+
logger.Error(err, "unable to fetch CiliumNode")
50+
return ctrl.Result{}, err
51+
}
52+
53+
r.state.SetNode(&node)
54+
return ctrl.Result{}, nil
55+
}
56+
57+
// SetupWithManager sets up the controller with the Manager
58+
func (r *CiliumNodeReconciler) SetupWithManager(mgr ctrl.Manager) error {
59+
return ctrl.NewControllerManagedBy(mgr).
60+
For(&ciliumv2.CiliumNode{}).
61+
Complete(r)
62+
}

0 commit comments

Comments
 (0)