mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-15 17:41:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
talos/pkg/resources/network/ula.go
Andrey Smirnov caee24bf61
feat: implement KubeSpan identity controller 
Fixes #4138

When KubeSpan is enabled, Talos automatically generates or loads
KubeSpan identity which consists of Wireguard key pair. ULA address is
calculated based on ClusterID and first NIC MAC address.

Some code was borrowed from #3577.

Example:

```
$ talosctl -n 172.20.0.2 get ksi
NODE         NAMESPACE   TYPE               ID      VERSION   ADDRESS                                       PUBLICKEY
172.20.0.2   kubespan    KubeSpanIdentity   local   1         fd71:6e1d:86be:6302:e871:1bff:feb2:ccee/128   Oak2fBEWngBhwslBxDVgnRNHXs88OAp4kjroSX0uqUE=
```

Additional changes:

* `--with-kubespan` flag for `talosctl cluster create` for quick testing
* validate that cluster discovery (and KubeSpan) requires ClusterID and
ClusterSecret.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Co-authored-by: Seán C McCord <ulexus@gmail.com>
2021-08-27 18:49:15 +03:00

46 lines
1.4 KiB
Go
Raw Blame History

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package network
import (
"crypto/sha256"
"inet.af/netaddr"
)
// ULAPurpose is the Unique Local Addressing key for the Talos-specific purpose of the prefix.
type ULAPurpose byte
const (
// ULAUnknown indicates an unknown ULA Purpose.
ULAUnknown = 0x00
// ULABootstrap is the Unique Local Addressing space key for the Talos Self-Bootstrapping protocol.
ULABootstrap = 0x01
// ULAKubeSpan is the Unique Local Addressing space key for the Talos KubeSpan feature.
ULAKubeSpan = 0x02
)
// ULAPrefix calculates and returns a Talos-specific Unique Local Address prefix for the given purpose.
// This implements a Talos-specific implementation of RFC4193.
// The Talos implementation uses a combination of a 48-bit cluster-unique portion with an 8-bit purpose portion.
func ULAPrefix(clusterID string, purpose ULAPurpose) netaddr.IPPrefix {
var prefixData [16]byte
hash := sha256.Sum256([]byte(clusterID))
// Take the last 16 bytes of the clusterID's hash.
copy(prefixData[:], hash[sha256.Size-16:])
// Apply the ULA prefix as per RFC4193
prefixData[0] = 0xfd
// Apply the Talos-specific ULA Purpose suffix
prefixData[7] = byte(purpose)
return netaddr.IPPrefixFrom(netaddr.IPFrom16(prefixData), 64).Masked()
}
Reference in New Issue View Git Blame Copy Permalink