Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 6c4199afe4dc4d446679b862f528e840e60925df
commit6c4199afe4dc4d446679b862f528e840e60925df[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Wed Feb 10 17:34:29 2021 +0100
committerLorenz Brun <lorenz@nexantic.com>Wed Feb 10 17:34:29 2021 +0100
treefcea4d9f54f2e04cf1d203e104c4a14bfa103702
parent5999e92b2da34cbbd50391327ec01081a91866ee [diff]
Set reasonable defaults for our kernel's network configuration

This sets a number of sysctl options to tune the kernel for a datacenter-like environment by increasing
buffers and choosing a better congestion control algorithm. It also enforces reverse path filtering to
prevent spoofing from CAP_NET_ADMIN-enabled containers and blocks source routing as we have no need for that
and it might some day interfere with policy efforts.

To set all these options a small helper structure has been added which makes setting these more compact
and nicer to read.

Test Plan: Covered by E2E for breakage, scalability improvements not yet testable

Bug: T495

X-Origin-Diff: phab/D704
GitOrigin-RevId: 427b2513d604090e51b37587d772f240112be09d
1 file changed
tree: fcea4d9f54f2e04cf1d203e104c4a14bfa103702
  1. build/
  2. intellij/
  3. metropolis/
  4. scripts/
  5. third_party/
  6. .bazelignore
  7. .bazelproject
  8. .bazelrc
  9. BUILD
  10. nogo_config.json
  11. README.md
  12. WORKSPACE
README.md

Monogon Source Monorepo

This is the main repository containing Monogon's public source code, including Metropolis.

Environment

We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.

For better reproducibility, all builds are executed in containers.

Usage

Spinning up: scripts/create_container.sh

Spinning down: scripts/destroy_container.sh

Running commands: scripts/run_in_container.sh <...>

Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)

IntelliJ

This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.

The following steps are necessary:

  • Install Google's Bazel plugin in IntelliJ.

  • Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:

    -Dbazel.bep.path=/home/leopold/.cache/bazel-nxt

  • Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.

  • Use File → Import Bazel project... to create a new project from .bazelproject.

After running the first sync, everything should now resolve in the IDE, including generated code.

It's strongly recommend to use our project presets for file watchers and other IDE features. Run this command and re-open the project in order to install them:

bazel run intellij/localconfig $(pwd)

Metropolis

Run a single node cluster

Launch the node:

bazel run //:launch

Run a kubectl command:

bazel run //metropolis/cli/dbg -- kubectl describe