add network selection

Signed-off-by: Oleg <[email protected]>

Author: RobotSail

api/v1alpha1/circuitrelay_types.go

@@ -17,7 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"github.com/libp2p/go-libp2p-core/peer"
+	"github.com/libp2p/go-libp2p/core/peer"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	ma "github.com/multiformats/go-multiaddr"

api/v1alpha1/ipfscluster_types.go

@@ -44,6 +44,17 @@ const (
 	ReproviderStrategyRoots ReproviderStrategy = "roots"
 )
 
+type NetworkMode string
+
+const (
+	// NetworkModePublic Defines an IPFSCluster running in public mode with its
+	// content available to everyone.
+	NetworkModePublic NetworkMode = "public"
+	// NetworkModePrivate Defines an IPFSCluster running in a private network
+	// with its content only available to other authorized nodes.
+	NetworkModePrivate NetworkMode = "private"
+)
+
 type ReprovideSettings struct {
 	// Strategy specifies the reprovider strategy, defaults to 'all'.
 	// +kubebuilder:validation:Enum={all,pinned,roots}
@@ -60,9 +71,14 @@ type followParams struct {
 	Template string `json:"template"`
 }
 
-// networkConfig defines the configuration structure used for networking.
-type networkConfig struct {
+// NetworkConfig defines the configuration structure used for networking.
+type NetworkConfig struct {
+	// circuitRelays defines how many CircuitRelays should be created.
 	CircuitRelays int32 `json:"circuitRelays"`
+	// networkMode is a switch which defines whether this IPFSCluster will use
+	// the global IPFS network or create its own.
+	// +kubebuilder:validation:Enum={public,private}
+	NetworkMode NetworkMode `json:"networkMode,omitempty"`
 }
 
 // IpfsClusterSpec defines the desired state of the IpfsCluster.
@@ -74,7 +90,7 @@ type IpfsClusterSpec struct {
 	// replicas sets the number of replicas of IPFS Cluster nodes we should be running.
 	Replicas int32 `json:"replicas"`
 	// networking defines network configuration settings.
-	Networking networkConfig `json:"networking"`
+	Networking NetworkConfig `json:"networking"`
 	// follows defines the list of other IPFS Clusters this one should follow.
 	Follows []followParams `json:"follows"`
 	// ipfsResources specifies the resource requirements for each IPFS container. If this

api/v1alpha1/zz_generated.deepcopy.go

@@ -97,8 +97,17 @@ spec:
                 description: networking defines network configuration settings.
                 properties:
                   circuitRelays:
+                    description: circuitRelays defines how many CircuitRelays should
+                      be created.
                     format: int32
                     type: integer
+                  networkMode:
+                    description: networkMode is a switch which defines whether this
+                      IPFSCluster will use the global IPFS network or create its own.
+                    enum:
+                    - public
+                    - private
+                    type: string
                 required:
                 - circuitRelays
                 type: object

bundle/manifests/cluster.ipfs.io_ipfsclusters.yaml

@@ -98,8 +98,17 @@ spec:
                 description: networking defines network configuration settings.
                 properties:
                   circuitRelays:
+                    description: circuitRelays defines how many CircuitRelays should
+                      be created.
                     format: int32
                     type: integer
+                  networkMode:
+                    description: networkMode is a switch which defines whether this
+                      IPFSCluster will use the global IPFS network or create its own.
+                    enum:
+                    - public
+                    - private
+                    type: string
                 required:
                 - circuitRelays
                 type: object

bundle/manifests/ipfs-operator.clusterserviceversion.yaml

@@ -13,4 +13,3 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/redhat-et-ipfs/ipfs-operator
-  newTag: 0.0.1

config/crd/bases/cluster.ipfs.io_ipfsclusters.yaml

@@ -36,9 +36,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	"github.com/libp2p/go-libp2p-core/crypto"
-	peer "github.com/libp2p/go-libp2p-core/peer"
 	relaydaemon "github.com/libp2p/go-libp2p-relay-daemon"
+	"github.com/libp2p/go-libp2p/core/crypto"
+	peer "github.com/libp2p/go-libp2p/core/peer"
 	relayv2 "github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/relay"
 	clusterv1alpha1 "github.com/redhat-et/ipfs-operator/api/v1alpha1"
 	"github.com/redhat-et/ipfs-operator/controllers/utils"
@@ -181,7 +181,7 @@ func (r *CircuitRelayReconciler) generateNewIdentity(
 	instance.Status.AddrInfo.Addrs = addrStrings
 	var privkey crypto.PrivKey
 	var pubkey peer.ID
-	privkey, pubkey, err = newKey()
+	privkey, pubkey, err = utils.NewKey()
 	if err != nil {
 		return nil, fmt.Errorf("error during key generation: %w", err)
 	}

config/manager/kustomization.yaml

@@ -1,50 +1,43 @@
 package controllers
 
-import (
-	"crypto/rand"
-	"encoding/base64"
-	"encoding/hex"
-	"fmt"
+// ci "github.com/libp2p/go-libp2p-core/crypto"
+// peer "github.com/libp2p/go-libp2p-core/peer"
 
-	ci "github.com/libp2p/go-libp2p-core/crypto"
-	peer "github.com/libp2p/go-libp2p-core/peer"
-)
+// func newClusterSecret() (string, error) {
+// 	const secretLen = 32
+// 	buf := make([]byte, secretLen)
+// 	_, err := rand.Read(buf)
+// 	if err != nil {
+// 		return "", err
+// 	}
+// 	return hex.EncodeToString(buf), nil
+// }
 
-func newClusterSecret() (string, error) {
-	const secretLen = 32
-	buf := make([]byte, secretLen)
-	_, err := rand.Read(buf)
-	if err != nil {
-		return "", err
-	}
-	return hex.EncodeToString(buf), nil
-}
+// // newKey Generates a new private key and returns that along with the identity.
+// func newKey() (ci.PrivKey, peer.ID, error) {
+// 	const edDSAKeyLen = 4096
+// 	priv, pub, err := ci.GenerateKeyPair(ci.Ed25519, edDSAKeyLen)
+// 	if err != nil {
+// 		return nil, "", err
+// 	}
+// 	peerid, err := peer.IDFromPublicKey(pub)
+// 	if err != nil {
+// 		return nil, "", err
+// 	}
+// 	return priv, peerid, nil
+// }
 
-// newKey Generates a new private key and returns that along with the identity.
-func newKey() (ci.PrivKey, peer.ID, error) {
-	const edDSAKeyLen = 4096
-	priv, pub, err := ci.GenerateKeyPair(ci.Ed25519, edDSAKeyLen)
-	if err != nil {
-		return nil, "", err
-	}
-	peerid, err := peer.IDFromPublicKey(pub)
-	if err != nil {
-		return nil, "", err
-	}
-	return priv, peerid, nil
-}
-
-// generateIdentity Generates a new key and returns the peer ID and private key
-// encoded as a base64 string using standard encoding, or an error if the key could not be generated.
-func generateIdentity() (peer.ID, string, error) {
-	priv, peerid, err := newKey()
-	if err != nil {
-		return "", "", fmt.Errorf("cannot generate new key: %w", err)
-	}
-	privBytes, err := ci.MarshalPrivateKey(priv)
-	if err != nil {
-		return "", "", fmt.Errorf("cannot get bytes from private key: %w", err)
-	}
-	privStr := base64.StdEncoding.EncodeToString(privBytes)
-	return peerid, privStr, nil
-}
+// // generateIdentity Generates a new key and returns the peer ID and private key
+// // encoded as a base64 string using standard encoding, or an error if the key could not be generated.
+// func generateIdentity() (peer.ID, string, error) {
+// 	priv, peerid, err := newKey()
+// 	if err != nil {
+// 		return "", "", fmt.Errorf("cannot generate new key: %w", err)
+// 	}
+// 	privBytes, err := ci.MarshalPrivateKey(priv)
+// 	if err != nil {
+// 		return "", "", fmt.Errorf("cannot get bytes from private key: %w", err)
+// 	}
+// 	privStr := base64.StdEncoding.EncodeToString(privBytes)
+// 	return peerid, privStr, nil
+// }

config/manifests/bases/ipfs-operator.clusterserviceversion.yaml

@@ -32,7 +32,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	ctrllog "sigs.k8s.io/controller-runtime/pkg/log"
 
-	"github.com/libp2p/go-libp2p-core/peer"
 	clusterv1alpha1 "github.com/redhat-et/ipfs-operator/api/v1alpha1"
 	"github.com/redhat-et/ipfs-operator/controllers/utils"
 )
@@ -82,20 +81,6 @@ func (r *IpfsClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, r.Update(ctx, instance)
 	}
 
-	// generate a new ID
-	var peerid peer.ID
-	var privStr string
-	if peerid, privStr, err = generateIdentity(); err != nil {
-		log.Error(err, "failed to generate identity")
-		return ctrl.Result{}, err
-	}
-
-	clusSec, err := newClusterSecret()
-	if err != nil {
-		log.Error(err, "cannot generate new cluster secret")
-		return ctrl.Result{}, err
-	}
-
 	if err = r.createCircuitRelays(ctx, instance); err != nil {
 		log.Error(err, "cannot create circuit relays")
 		return ctrl.Result{}, err
@@ -121,7 +106,7 @@ func (r *IpfsClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	}
 
 	// Reconcile the tracked objects
-	trackedObjects := r.createTrackedObjects(ctx, instance, peerid, clusSec, privStr)
+	trackedObjects := r.createTrackedObjects(ctx, instance)
 	shouldRequeue := utils.CreateOrPatchTrackedObjects(ctx, trackedObjects, r.Client, log)
 	return ctrl.Result{Requeue: shouldRequeue}, nil
 }
@@ -130,9 +115,9 @@ func (r *IpfsClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 func (r *IpfsClusterReconciler) createTrackedObjects(
 	ctx context.Context,
 	instance *clusterv1alpha1.IpfsCluster,
-	peerID peer.ID,
-	clusterSecret string,
-	privateString string,
+	// peerID peer.ID,
+	// clusterSecret string,
+	// privateString string,
 ) map[client.Object]controllerutil.MutateFn {
 	sa := corev1.ServiceAccount{}
 	svc := corev1.Service{}
@@ -148,9 +133,9 @@ func (r *IpfsClusterReconciler) createTrackedObjects(
 		ctx,
 		instance,
 		&secConfig,
-		[]byte(clusterSecret),
-		[]byte(privateString),
-		peerID.String(),
+		// []byte(clusterSecret),
+		// []byte(privateString),
+		// peerID.String(),
 	)
 	mutSts := r.StatefulSet(instance, &sts, svcName, secConfigName, cmScriptName)
 

controllers/circuitrelay_controller.go

@@ -71,29 +71,26 @@ var _ = Describe("IPFS Reconciler", func() {
 	When("replicas are edited", func() {
 		// we always expect there to be cluster secrets, which have two values
 		const (
-			clusterPeerID = "meow meow meow"
-			alwaysKeys    = 3
+			alwaysKeys = 3
 		)
 		var (
-			clusterSec   = []byte("cluster secret")
-			bootstrapKey = []byte("bootstrap private key")
-			replicas     int32
+			replicas int32
 		)
 		BeforeEach(func() {
 			replicas = rand.Int31n(100)
 			ipfs.Spec.Replicas = replicas
 		})
 		It("creates a new peer ids", func() {
 			secretConfig := &v1.Secret{}
-			fn, _ := ipfsReconciler.SecretConfig(ctx, ipfs, secretConfig, clusterSec, bootstrapKey, clusterPeerID)
+			fn, _ := ipfsReconciler.SecretConfig(ctx, ipfs, secretConfig)
 			Expect(fn()).To(BeNil())
 			secretStringToData(secretConfig)
 			expectedKeys := int(replicas)*2 + alwaysKeys
 			Expect(len(secretConfig.Data)).To(Equal(expectedKeys))
 
 			// increase the replica count. Expect to see new keys generated.
 			ipfs.Spec.Replicas++
-			fn, _ = ipfsReconciler.SecretConfig(ctx, ipfs, secretConfig, clusterSec, bootstrapKey, clusterPeerID)
+			fn, _ = ipfsReconciler.SecretConfig(ctx, ipfs, secretConfig)
 			Expect(fn()).To(BeNil())
 			secretStringToData(secretConfig)
 			Expect(len(secretConfig.Data)).To(Equal(expectedKeys + 2))

controllers/ipfs_util.go

@@ -10,7 +10,7 @@ import (
 
 	"github.com/alecthomas/units"
 	"github.com/ipfs/kubo/config"
-	"github.com/libp2p/go-libp2p-core/peer"
+	"github.com/libp2p/go-libp2p/core/peer"
 	ma "github.com/multiformats/go-multiaddr"
 	clusterv1alpha1 "github.com/redhat-et/ipfs-operator/api/v1alpha1"
 	"github.com/redhat-et/ipfs-operator/controllers/scripts"

controllers/ipfscluster_controller.go

@@ -10,7 +10,7 @@ import (
 
 	"github.com/alecthomas/units"
 	"github.com/ipfs/kubo/config"
-	"github.com/libp2p/go-libp2p-core/peer"
+	"github.com/libp2p/go-libp2p/core/peer"
 )
 
 type configureIpfsOpts struct {