This repository has been archived by the owner on Dec 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
29387d4
commit fc32626
Showing
5 changed files
with
86 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| name: Action | ||
|
|
||
| on: | ||
| push: | ||
| tags: | ||
| - v*.*.* | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
|
|
||
| jobs: | ||
| build_release: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Setup repo | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
|
|
||
| - name: Build and push Docker image | ||
| uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | ||
| with: | ||
| context: . | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,3 +20,6 @@ | |
| .idea/ | ||
| *.tmproj | ||
| .vscode/ | ||
| /.tg | ||
| /connector-init-container.iml | ||
| /Dockerfile | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| FROM ubuntu:latest | ||
|
|
||
| # Install app dependencies. | ||
| WORKDIR /usr/src/app | ||
| RUN apt-get update | ||
| RUN apt-get install wget unzip curl jq -y | ||
| RUN wget "https://github.com/Twingate-Labs/tg-cli/releases/latest/download/cli_linux_x86_64.zip" | ||
| RUN unzip cli_linux_x86_64.zip | ||
| RUN chmod +x ./tg | ||
| RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | ||
| RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,37 @@ | ||
| # Twingate Connector Helm Chart | ||
|
|
||
| Command to Run: | ||
| ```helm upgrade --install twingate-connector connector-init-container -n default --set twingate.apiKey="xxxx" --set twingate.account="xxxx.twingate.com" --set twingate.networkName="kube_test2" --set connector.replicas=4 --values connector-init-container/values.yaml``` | ||
| ```helm upgrade --install twingate-connector connector-init-container -n default --set twingate.apiKey="xxxx" --set twingate.account="xxxx.twingate.com" --set twingate.networkName="kube_test2" --set connector.replicas=4 --values connector-init-container/values.yaml``` | ||
|
|
||
| Scaling: | ||
| ``` | ||
| kubectl scale statefulset twingate-connector --replicas=2 | ||
| Or | ||
| helm upgrade --install twingate-connector connector-init-container -n default --set twingate.apiKey="xxxx" --set twingate.account="xxxx.twingate.com" --set twingate.networkName="kube_test2" --set connector.replicas=10 --values connector-init-container/values.yaml | ||
| ``` | ||
|
|
||
| Summary: | ||
| 1. Workflow: | ||
| 1. Init container provision connector | ||
| 2. Connector token stored in secret | ||
| 3. Connector application pod using the tokens stored in the secret | ||
| 2. Stateful set | ||
| 3. Antiaffinity set to preferredDuringSchedulingIgnoredDuringExecution | ||
| 4. Service Account | ||
| 5. Replicas can be defined | ||
| 6. Pod die/kill auto recover | ||
|
|
||
| Potential Improvements: | ||
| 1. Secret is overwritten for each new connector pod | ||
| 1. Can't access index info from helm easily | ||
| 2. Can be further improved if needed | ||
| 2. Role is set as cluster admin, which is not ideal | ||
| 1. Cannot limit role access at the moment, as we are doing kubectl apply | ||
| 2. Can be improved if needed | ||
| 3. Delete connector while pod die | ||
| 1. Require connector delete command | ||
| 2. Connector name - pod name map need to be stored somehow | ||
| 3. Could be complicated | ||
| 4. Can be further investigated if needed | ||
| 4. Create init-container docker image | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters