m/node: implement Port type for node ports
This allows us to use %v/%s to get a pretty port name where needed.
We also drive-by remove MasterServicePort which is a leftover from
a pre-curator cluster service implementation.
Change-Id: Id8feddf87269b13dd1dad2460a015c1a7ecbc6d7
Reviewed-on: https://review.monogon.dev/c/monogon/+/418
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
diff --git a/metropolis/node/core/consensus/consensus.go b/metropolis/node/core/consensus/consensus.go
index 8e74000..d0fe83f 100644
--- a/metropolis/node/core/consensus/consensus.go
+++ b/metropolis/node/core/consensus/consensus.go
@@ -124,7 +124,7 @@
}
port := s.config.Port
if port == 0 {
- port = node.ConsensusPort
+ port = int(node.ConsensusPort)
}
cfg := embed.NewConfig()
diff --git a/metropolis/node/kubernetes/apiserver.go b/metropolis/node/kubernetes/apiserver.go
index e3f0d98..39105b2 100644
--- a/metropolis/node/kubernetes/apiserver.go
+++ b/metropolis/node/kubernetes/apiserver.go
@@ -98,7 +98,7 @@
"--enable-admission-plugins=NodeRestriction,PodSecurityPolicy",
"--enable-aggregator-routing=true",
"--insecure-port=0",
- fmt.Sprintf("--secure-port=%v", common.KubernetesAPIPort),
+ fmt.Sprintf("--secure-port=%d", common.KubernetesAPIPort),
fmt.Sprintf("--etcd-servers=unix:///%s:0", s.EphemeralConsensusDirectory.ClientSocket.FullPath()),
args.FileOpt("--kubelet-client-certificate", "kubelet-client-cert.pem",
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.kubeletClientCert})),
diff --git a/metropolis/node/kubernetes/clusternet/clusternet.go b/metropolis/node/kubernetes/clusternet/clusternet.go
index 85a78a1..3cf2535 100644
--- a/metropolis/node/kubernetes/clusternet/clusternet.go
+++ b/metropolis/node/kubernetes/clusternet/clusternet.go
@@ -120,7 +120,7 @@
err = s.wgClient.ConfigureDevice(clusterNetDeviceName, wgtypes.Config{
Peers: []wgtypes.PeerConfig{{
PublicKey: pubKey,
- Endpoint: &net.UDPAddr{Port: common.WireGuardPort, IP: internalIP},
+ Endpoint: &net.UDPAddr{Port: int(common.WireGuardPort), IP: internalIP},
ReplaceAllowedIPs: true,
AllowedIPs: allowedIPs,
}},
@@ -227,7 +227,7 @@
}
defer netlink.LinkDel(wgInterface)
- listenPort := common.WireGuardPort
+ listenPort := int(common.WireGuardPort)
if err := wgClient.ConfigureDevice(clusterNetDeviceName, wgtypes.Config{
PrivateKey: &s.privKey,
ListenPort: &listenPort,
diff --git a/metropolis/node/kubernetes/pki/kubernetes.go b/metropolis/node/kubernetes/pki/kubernetes.go
index a59ab98..0c795f2 100644
--- a/metropolis/node/kubernetes/pki/kubernetes.go
+++ b/metropolis/node/kubernetes/pki/kubernetes.go
@@ -213,7 +213,7 @@
kubeconfig := configapi.NewConfig()
cluster := configapi.NewCluster()
- cluster.Server = fmt.Sprintf("https://127.0.0.1:%v", common.KubernetesAPIPort)
+ cluster.Server = fmt.Sprintf("https://127.0.0.1:%d", common.KubernetesAPIPort)
ca, err := c.Issuer.CACertificate(ctx, kv)
if err != nil {
diff --git a/metropolis/node/ports.go b/metropolis/node/ports.go
index 3449f07..05cbd9e 100644
--- a/metropolis/node/ports.go
+++ b/metropolis/node/ports.go
@@ -16,12 +16,44 @@
package node
+// Port is a TCP and/or UDP port number reserved for and used by Metropolis
+// node code.
+type Port uint16
+
const (
- CuratorServicePort = 7835
- ConsensusPort = 7834
- MasterServicePort = 7833
- DebugServicePort = 7837
- WireGuardPort = 7838
- KubernetesAPIPort = 6443
- DebuggerPort = 2345
+ // CuratorServicePort is the TCP port on which the Curator listens for gRPC
+ // calls and services Management/AAA/Curator RPCs.
+ CuratorServicePort Port = 7835
+ // ConsensusPort is the TCP port on which etcd listens for peer traffic.
+ ConsensusPort Port = 7834
+ // DebugServicePort is the TCP port on which the debug service serves gRPC
+ // traffic. This is only available in debug builds.
+ DebugServicePort Port = 7837
+ // WireGuardPort is the UDP port on which the Wireguard Kubernetes network
+ // overlay listens for incoming peer traffic.
+ WireGuardPort Port = 7838
+ // KubernetesAPIPort is the TCP port on which the Kubernetes API is
+ // exposed.
+ KubernetesAPIPort Port = 6443
+ // DebuggerPort is the port on which the delve debugger runs (on debug
+ // builds only). Not to be confused with DebugServicePort.
+ DebuggerPort Port = 2345
)
+
+func (p Port) String() string {
+ switch p {
+ case CuratorServicePort:
+ return "curator"
+ case ConsensusPort:
+ return "consensus"
+ case DebugServicePort:
+ return "debug"
+ case WireGuardPort:
+ return "wireguard"
+ case KubernetesAPIPort:
+ return "kubernetes-api"
+ case DebuggerPort:
+ return "delve"
+ }
+ return "unknown"
+}