What happened

When I install liqo on my laptop, after I run liqoctl install k3s --only-output-values --dump-values-path tmp.yaml (Helm) or liqoctl install k3s (liqoctl), the shell gives me this ERRO

ERRO  Error initializing installer: The connection to the server 0.0.0.0:46601 was refused - did you specify the right host or port?

What you expected to happen:

Install liqo

How to reproduce it (as minimally and precisely as possible):

I don't know

Anything else we need to know?:

What is wrong and how to fix the error

Environment:

• Liqo version: stable
• Kubernetes version (use kubectl version):

Client Version: version.Info
{Major:"1", Minor:"24", GitVersion:"v1.24.4+k3s1", GitCommit:"c3f830e9b9ed8a4d9d0e2aa663b4591b923a296e", GitTreeState:"clean", BuildDate:"2022-08-25T03:45:26Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.4
Server Version: version.Info
{Major:"1", Minor:"24", GitVersion:"v1.24.4+k3s1", GitCommit:"c3f830e9b9ed8a4d9d0e2aa663b4591b923a296e", GitTreeState:"clean", BuildDate:"2022-08-25T03:45:26Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}

• Cloud provider or hardware configuration: Leigion-5-pro with AMD® Ryzen 7 5800h with radeon graphics × 16
• Network plugin and version:
• Install tools: liqoctl and helm
• Others:

Description

• Add makefile target to generate client, informer, and lister for custom resources.
• Generate virtualkubelet group client, informer, and lister.

Reference: https://cloud.redhat.com/blog/kubernetes-deep-dive-code-generation-customresources

Notes

It might look like a huge PR but it's mostly autogenerated code. Indeed, all the code in pkg/client is autogenerated. My main contribution is the generate-groups target in the makefile.

• I had to rename the apis\virtualkubelet package and make it all lowercase because of the code generator/go fmt complaining about case-insensitive import collision.
• I removed docs, fmt, vet sub-target from the gen target after a short chat with @giorio94. It sound reasonable not to run fmt and vet on autogenerated code. Regarding docs, it looks like there is a different workflow taking care of the documentation.
• I called the target generate-groups rather than generate-client to align with the naming convention found in the documentation and script that we are using.

edit: it's annoying not to run fmt so I have left it.

This PR introduces a way to check connectivity between 2 peered clusters.

TODO:

• [x] Add first externalCIDR IP to liqo.tunnel
• [x] Exclude IP from usable IPs
• [x] Add NAT rules on the destination cluster.
• [x] Add ConnChecker
• [x] Add periodic ping
• [x] Expose connection status as prometheus metric

This PR adds a section on the Liqo Network Manager documentation page that describes the IPAM module and its important role in different situations: remapping of networks, translation of IP addresses of offloaded Pods and mapping of endpoint IP addresses during reflection.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes #(issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [ ] Test A
• [ ] Test B

Description

In a "two-cluster" peering scenario, where one Cluster plays the role of "Customer" and the other one of "Cloud Provider", it is important for the two entities that the Resource plan agreed is as much as possible guaranteed and controlled.

• The Cloud Provider has the need to control what happen in own cluster, that resource usage limits agreed are respected (also with a toleration) and that nothing exceeds the Offer provided

in the other hand

• The Customer wants that the ResourceOffer Plan "buyed" is always guaranteed (also with a toleration) respecting what has been agreed at the beginning, it has the need to be protected about what is defined in kind of "resource contract"

The goal of a Resource Validator system is to manage all this requirements, defining a new optional way of peering between clusters

What's needed

This PR introduces some new elements to allow the management of "Customer" offloaded resources on host cluster (that ideally represents a Cloud Provider)

• [x] Validating Webhook for incoming ShadowPods based on existing ResourceOffer
• [x] Used/Free resources calculator after each Offloading Request / Deletion
• [x] Cached information to decrease the overhead generated by each validation check after an Offloading Request
• [x] Cache mutex for concurrent access
• [x] Scheduled cache consistency refresh

TODO

• [x] improve cache data structure
• [x] Improve logging using klog

Description

• Refactor namespace mapper in virtualKubelet.
• Refactor reflection manager to get rid of StartAllNamespaces() method call in provider to take care of fallbackReflectors.

How Has This Been Tested?

• [x] Existing tests.
• [x] Added unit tests for the namespace handler.

Description

Wait for ResourceOffer being accepted before setting OutgoingPeeringStatus=Established (we currently set it to Established once we receive the ResourceOffer).

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [x] Manual tests
• [x] Automated tests

Description

This PR implements pod offloading through the reflection logic, instead of leveraging the virtual kubelet provider abstraction. This allows to unify the outgoing (i.e., creation of the remote pod) and incoming (i.e., the status realignment) flows, to reduce code duplication and improve the overall performance. At the same time it moves from a remote resilience mechanism based on replicasets to one leveraging a custom ShadowPod resource, for increased control, better performance and naming consistency.

Caveats:

• pod translation still has most of the limitations of the previous version (in terms of translated fields)

Fixes #721 Fixes #678 Fixes #604

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [x] Unit testing (new + existing)
• [x] E2E testing
• [x] Manual

This PR add new Broker component based on the standard Broadcaster. This version just replicates the first ResourceOffer it knows to all cluster that start an incoming peering.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes #(issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [ ] Test A
• [ ] Test B

What happened:

We have different clouds in our environment like AWS,AZURE,GCP and we have some terraform modules in our environment. Using local offloading all the modules are working but for remote offloading the modules that has dependencies in creating pvc's are not working for remote offloading.

What you expected to happen:

As like local the module should get provisioned for remote offloading strategies for same cloud combinations like AKS-AKS,EKS-EKS and also with cross cloud combinations like AKS-EKS, EKS-AKS

Anything else we need to know?:

Environment:

• Liqo version:

• Client version: v0.6.0 Server version: v0.6.0

• Kubernetes version (use kubectl version): Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T18:16:20Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.12", GitCommit:"f941a31f4515c5ac03f5fc7ccf9a330e3510b80d", GitTreeState:"clean", BuildDate:"2022-11-09T17:12:33Z", GoVersion:"go1.17.13", Compiler:"gc", Platform:"linux/amd64"}

• Cloud provider or hardware configuration: PVC's are not getting created for remote offload strategies for same and cross cloud combinations

• Others: Command used for remote pod offloading

#liqoctl offload namespace ***** --namespace-mapping-strategy EnforceSameName --pod-offloading-strategy Remote --selector liqo.io/provider=eks

Description

This PR modifies the virtual kubelet to introduce the support for the retrieval of service account tokens from the dedicated API, in addition to the standard secrets-based approach. This enables the support for offloaded applications interacting with the local Kubernetes API server, when hosted on Kubernetes 1.24 and above. Moreover, it includes a few related changes, allowing to filter reflection events per type, and enqueue a given event after a certain interval elapsed.

Fixes #1185

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [x] Existing E2E tests (now enabled also on k8s 1.24+)
• [x] Unit tests (new + existing)
• [x] Manual testing on Kind

Description

This pr fixes a bug that prevents two EKS clusters to re-do an in-band peering after the unpeering

Fixes #(issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [ ] Test A
• [ ] Test B

What happened:

I have 2 clusters which are peered and liqo v0.6.0 is installed on both the clusters. I tried unpeering the clusters and tried to establish the peering again, but peering is not happening between both the clusters in the 2nd attempt of peering

What you expected to happen:

After peering and unpeering in the 2nd attempt of peering, the clusters should be peered but it is not happening

How to reproduce it (as minimally and precisely as possible):

Environment:

• Liqo version: Client version: v0.6.0 Server version: v0.6.0

• Kubernetes version (use kubectl version): Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:18:45Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.12", GitCommit:"f941a31f4515c5ac03f5fc7ccf9a330e3510b80d", GitTreeState:"clean", BuildDate:"2022-11-09T17:12:33Z", GoVersion:"go1.17.13", Compiler:"gc", Platform:"linux/amd64"} WARNING: version difference between client (1.21) and server (1.23) exceeds the supported minor version skew of +/-1

• Cloud provider or hardware configuration:- Getting authentication failed to remote cluster error for aks-aks, aks-eks, eks-eks combinations

• Others:

Command used for peering: #liqoctl peer in-band --kubeconfig "config-local" --remote-kubeconfig "config-eks" --bidirectional

Logs and Error:

INFO (local) cluster identity correctly retrieved
INFO (local) network configuration correctly retrieved
INFO (local) wireGuard configuration correctly retrieved
INFO (local) authentication token correctly retrieved
INFO (local) authentication endpoint correctly retrieved
INFO (local) proxy endpoint correctly retrieved
INFO (remote) cluster identity correctly retrieved
INFO (remote) network configuration correctly retrieved
INFO (remote) wireGuard configuration correctly retrieved
INFO (remote) authentication token correctly retrieved
INFO (remote) authentication endpoint correctly retrieved
INFO (remote) proxy endpoint correctly retrieved
INFO (local) foreign cluster for remote cluster "priiam-eks-dev" not found: marked for creation
INFO (remote) foreign cluster for remote cluster "test-aks-dev" not found: marked for creation
INFO (local) tenant namespace "liqo-tenant-priiam-eks-dev-da4494" created for remote cluster "priiam-eks-dev" INFO (remote) tenant namespace "liqo-tenant-test-aks-dev-8c2972" created for remote cluster "test-aks-dev" INFO (local) network configuration created in local cluster "test-aks-dev"
INFO (local) network configuration created in remote cluster "priiam-eks-dev"
INFO (local) network configuration status correctly reflected from cluster "priiam-eks-dev"
INFO (remote) network configuration created in local cluster "priiam-eks-dev"
INFO (remote) network configuration created in remote cluster "test-aks-dev"
INFO (remote) network configuration status correctly reflected from cluster "test-aks-dev"
INFO (local) IPAM service correctly port-forwarded "43825:6000"
INFO (remote) IPAM service correctly port-forwarded "33211:6000"
INFO (local) proxy address "10.0.177.16" remapped to "10.245.0.2" for remote cluster "priiam-eks-dev"
INFO (remote) proxy address "10.100.95.177" remapped to "10.101.0.2" for remote cluster "test-aks-dev"
INFO (local) auth address "10.0.81.183" remapped to "10.245.0.3" for remote cluster "priiam-eks-dev"
INFO (remote) auth address "10.100.140.83" remapped to "10.101.0.3" for remote cluster "test-aks-dev"
INFO (local) foreign cluster for remote cluster "priiam-eks-dev" correctly configured
INFO (remote) foreign cluster for remote cluster "test-aks-dev" correctly configured
INFO (local) Network established to the remote cluster "priiam-eks-dev"
INFO (remote) Network established to the remote cluster "test-aks-dev"
ERRO (local) Authentication to the remote cluster "priiam-eks-dev" failed: timed out waiting for the condition INFO (remote) IPAM service port-forward correctly stopped "33211:6000"
INFO (local) IPAM service port-forward correctly stopped "43825:6000

Description

This PR bumps the k8s libraries to the latest version, updating at the same time the automatically generated manifests which caused dependabot PR to fail linting.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• [ ] Existing tests