Blockchain : Création de réseaux privés décentralisés avec EdgeVPN et application à l’opérateur…

root@edgevpn1:~# wget -c https://github.com/mudler/edgevpn/releases/download/v0.18.0/edgevpn-v0.18.0-Linux-x86_64.tar.gz root@edgevpn1:~# tar xvzf edgevpn-v0.18.0-Linux-x86_64.tar.gz LICENSE README.md edgevpn root@edgevpn1:~# chmod +x edgevpn root@edgevpn1:~# mv edgevpn /usr/bin/ root@edgevpn1:~# edgevpn -g > vpn.yaml root@edgevpn1:~# cat vpn.yaml otp: dht: interval: 9000 key: pvRp0ugVkdRe9A5B67sgY7P2ZyUyRhdg5r9j4Z4bi8R length: 43 crypto: interval: 9000 key: 5028y7IEQL4R8dnRXrf5PfDVd3mlhtDRy46o32ramHg length: 43 room: ojK0uZeHM2FFyU0nOUiLAi4w5iPZTrcqGmnisKyyfwN rendezvous: CzRNPu1ivKbqXld6HqkkNy50FoxoFINtMehn2bKxfrA mdns: 5kfQxOqEMupaFOwfROp17e3hze9Y5cmfuaFolNcxZVN max_message_size: 20971520 

root@edgevpn1:~# IFACE=edgevpn0 ADDRESS=10.1.0.3/24 EDGEVPNCONFIG=vpn.yaml edgevpn {"level":"INFO","time":"2022-11-20T12:27:10.563Z","caller":"cmd/util.go:333","message":" \tedgevpn Copyright (C) 2021-2022 Ettore Di Giacinto\nThis program comes with ABSOLUTELY NO WARRANTY.\nThis is free software, and you are welcome to redistribute it\nunder certain conditions."} {"level":"INFO","time":"2022-11-20T12:27:10.563Z","caller":"cmd/util.go:335","message":"Version: v0.18.0 commit: 042b7b2d3037670da9cea9d2d3eae52d559016e6\n"} {"level":"INFO","time":"2022-11-20T12:27:10.564Z","caller":"node/node.go:118","message":" Starting EdgeVPN network"} 2022/11/20 12:27:10 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details. {"level":"INFO","time":"2022-11-20T12:27:10.575Z","caller":"node/node.go:172","message":" Node ID: 12D3KooWJoNbdmp7deTm7oqbjNV1x6Fe123RvAUds4eq53VZUvdR"} {"level":"INFO","time":"2022-11-20T12:27:10.575Z","caller":"node/node.go:173","message":" Node Addresses: [/ip4/65.21.189.254/tcp/45281 /ip4/127.0.0.1/tcp/45281 /ip4/65.21.189.254/udp/53929/quic /ip4/127.0.0.1/udp/53929/quic /ip6/2a01:4f9:c012:5f57::1/tcp/37131 /ip6/::1/tcp/37131 /ip6/2a01:4f9:c012:5f57::1/udp/40467/quic /ip6/::1/udp/40467/quic]"} {"level":"INFO","time":"2022-11-20T12:27:10.576Z","caller":"discovery/dht.go:104","message":" Bootstrapping DHT"} 

root@edgevpn1:~# ifconfig -a edgevpn0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1200 inet 10.1.0.3 netmask 255.255.255.0 destination 10.1.0.3 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 65.21.189.254 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 2a01:4f9:c012:5f57::1 prefixlen 64 scopeid 0x0<global> inet6 fe80::9400:1ff:feae:5b76 prefixlen 64 scopeid 0x20<link> ether 96:00:01:ae:5b:76 txqueuelen 1000 (Ethernet) RX packets 21611 bytes 17359594 (17.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 22066 bytes 7546282 (7.5 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 6925 bytes 4179081 (4.1 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6925 bytes 4179081 (4.1 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 

root@edgevpn1:~# wget -c https://github.com/k3s-io/k3s/releases/download/v1.25.3%2Bk3s1/k3s && chmod +x k3s && mv k3s /usr/bin/ root@edgevpn1:~# k3s NAME: k3s - Kubernetes, but small and simple USAGE: k3s [global options] command [command options] [arguments...] VERSION: v1.25.3+k3s1 (f2585c16) COMMANDS: server Run management server agent Run node agent kubectl Run kubectl crictl Run crictl ctr Run ctr check-config Run config check etcd-snapshot Trigger an immediate etcd snapshot secrets-encrypt Control secrets encryption and keys rotation certificate Certificates management completion Install shell completion script help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --debug (logging) Turn on debug logs [$K3S_DEBUG] --data-dir value, -d value (data) Folder to hold state (default: /var/lib/rancher/k3s or ${HOME}/.rancher/k3s if not root) --help, -h show help --version, -v print the version root@edgevpn1:~# k3s server --flannel-iface=edgevpn0 

root@edgevpn1:~# curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/bin/ && mkdir .kube && cp /etc/rancher/k3s/k3s.yaml /root/.kube/config root@edgevpn1:~# kubectl cluster-info Kubernetes control plane is running at https://127.0.0.1:6443 CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. root@edgevpn1:~# kubectl get po,svc -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 3m16s kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 3m16s kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 3m16s kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 3m16s kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 3m1s kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 3m2s kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 3m16s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 3m31s kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 3m27s kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 3m26s kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3 80:31735/TCP,443:30749/TCP 3m2s 

root@edgevpn2:~# edgevpn --help NAME: edgevpn - edgevpn --config /etc/edgevpn/config.yaml USAGE: [global options] command [command options] [arguments...] VERSION: v0.18.0 DESCRIPTION: edgevpn uses libp2p to build an immutable trusted blockchain addressable p2p network AUTHOR: Ettore Di Giacinto COMMANDS: start Start the network without activating any interface api Starts an http server to display network informations service-add, sa Expose a service to the network without creating a VPN service-connect, sc Connects to a service in the network without creating a VPN file-receive, fr Receive a file which is served from the network proxy Starts a local http proxy server to egress nodes file-send, fs Serve a file to the network dns Starts a local dns server peergater peergater ecdsa-genkey help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --key-otp-interval value Tweaks default otp interval (in seconds) when generating new tokens (default: 9000) -g Generates a new configuration and prints it on screen -b Encodes the new config in base64, so it can be used as a token --debug Starts API with pprof attached --api Starts also the API daemon locally for inspecting the network status [$API] --api-listen value API listening port (default: ":8080") [$APILISTEN] --dhcp Enables p2p ip negotiation (experimental) [$DHCP] --transient-conn Allow transient connections [$TRANSIENTCONN] --lease-dir value DHCP leases directory (default: "/root/.edgevpn/leases") [$DHCPLEASEDIR] --address value VPN virtual address (default: "10.1.0.1/24") [$ADDRESS] --dns value DNS listening address. Empty to disable dns server [$DNSADDRESS] --dns-forwarder Enables dns forwarding [$DNSFORWARD] --egress Enables nodes for egress [$EGRESS] --egress-announce-time value Egress announce time (s) (default: 200) [$EGRESSANNOUNCE] --dns-cache-size value DNS LRU cache size (default: 200) [$DNSCACHESIZE] --dns-forward-server value List of DNS forward server, e.g. 8.8.8.8:53, 192.168.1.1:53 ... (default: "8.8.8.8:53", "1.1.1.1:53") [$DNSFORWARDSERVER] --router value Sends all packets to this node [$ROUTER] --interface value Interface name (default: "edgevpn0") [$IFACE] --config value Specify a path to a edgevpn config file [$EDGEVPNCONFIG] --timeout value Specify a default timeout for connection stream (default: "15s") [$EDGEVPNTIMEOUT] --mtu value Specify a mtu (default: 1200) [$EDGEVPNMTU] --bootstrap-iface Setup interface on startup (need privileges) [$EDGEVPNBOOTSTRAPIFACE] --packet-mtu value Specify a mtu (default: 1420) [$EDGEVPNPACKETMTU] --channel-buffer-size value Specify a channel buffer size (default: 0) [$EDGEVPNCHANNELBUFFERSIZE] --discovery-interval value DHT discovery interval time (default: 720) [$EDGEVPNDHTINTERVAL] --ledger-announce-interval value Ledger announce interval time (default: 10) [$EDGEVPNLEDGERINTERVAL] --autorelay-discovery-interval value Autorelay discovery interval (default: "5m") [$EDGEVPNAUTORELAYDISCOVERYINTERVAL] --autorelay-static-only Use only defined static relays [$EDGEVPNAUTORELAYSTATICONLY] --ledger-syncronization-interval value Ledger syncronization interval time (default: 10) [$EDGEVPNLEDGERSYNCINTERVAL] --nat-ratelimit-global value Rate limit global requests (default: 10) [$EDGEVPNNATRATELIMITGLOBAL] --nat-ratelimit-peer value Rate limit perr requests (default: 10) [$EDGEVPNNATRATELIMITPEER] --nat-ratelimit-interval value Rate limit interval (default: 60) [$EDGEVPNNATRATELIMITINTERVAL] --nat-ratelimit Changes the default rate limiting configured in helping other peers determine their reachability status [$EDGEVPNNATRATELIMIT] --max-connections value Max connections (default: 0) [$EDGEVPNMAXCONNS] --ledger-state value Specify a ledger state directory [$EDGEVPNLEDGERSTATE] --mdns Enable mDNS for peer discovery [$EDGEVPNMDNS] --autorelay Automatically act as a relay if the node can accept inbound connections [$EDGEVPNAUTORELAY] --autorelay-v1 Enable autorelay v1 circuits [$EDGEVPNAUTORELAYV1] --concurrency value Number of concurrent requests to serve (default: 2) --holepunch Automatically try holepunching when possible [$EDGEVPNHOLEPUNCH] --natservice Tries to determine reachability status of nodes [$EDGEVPNNATSERVICE] --natmap Tries to open a port in the firewall via upnp [$EDGEVPNNATMAP] --dht Enable DHT for peer discovery [$EDGEVPNDHT] --low-profile Enable low profile. Lowers connections usage [$EDGEVPNLOWPROFILE] --mplex-multiplexer Enable mplex multiplexer. [$EDGEVPNMPLEX] --aliveness-healthcheck-interval value Healthcheck interval (default: 120) [$HEALTHCHECKINTERVAL] --aliveness-healthcheck-scrub-interval value Healthcheck scrub interval (default: 600) [$HEALTHCHECKSCRUBINTERVAL] --aliveness-healthcheck-max-interval value Healthcheck max interval. Threshold after a node is determined offline (default: 900) [$HEALTHCHECKMAXINTERVAL] --log-level value Specify loglevel (default: "info") [$EDGEVPNLOGLEVEL] --libp2p-log-level value Specify libp2p loglevel (default: "fatal") [$EDGEVPNLIBP2PLOGLEVEL] --discovery-bootstrap-peers value List of discovery peers to use [$EDGEVPNBOOTSTRAPPEERS] --autorelay-static-peer value List of autorelay static peers to use [$EDGEVPNAUTORELAYPEERS] --blacklist value List of peers/cidr to gate [$EDGEVPNBLACKLIST] --token value Specify an edgevpn token in place of a config file [$EDGEVPNTOKEN] --limit-file value Specify an limit config (json) [$LIMITFILE] --limit-scope value Specify a limit scope (default: "system") [$LIMITSCOPE] --limit-config Enable inline resource limit configuration [$LIMITCONFIG] --limit-enable Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled [$LIMITENABLE] --limit-config-streams value Streams resource limit configuration (default: 200) [$LIMITCONFIGSTREAMS] --limit-config-streams-inbound value Inbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSINBOUND] --limit-config-streams-outbound value Outbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSOUTBOUND] --limit-config-conn value Connections resource limit configuration (default: 200) [$LIMITCONFIGCONNS] --limit-config-conn-inbound value Inbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSINBOUND] --limit-config-conn-outbound value Outbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSOUTBOUND] --limit-config-fd value Max fd resource limit configuration (default: 30) [$LIMITCONFIGFD] --peerguard Enable peerguard. (Experimental) [$PEERGUARD] --peergate Enable peergating. (Experimental) [$PEERGATE] --peergate-autoclean Enable peergating autoclean. (Experimental) [$PEERGATE_AUTOCLEAN] --peergate-relaxed Enable peergating relaxation. (Experimental) [$PEERGATE_RELAXED] --peergate-auth value Peergate auth [$PEERGATE_AUTH] --peergate-interval value Peergater interval time (default: 120) [$EDGEVPNPEERGATEINTERVAL] --help, -h show help --version, -v print the version COPYRIGHT: edgevpn Copyright (C) 2021-2022 Ettore Di Giacinto This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. 

root@edgevpn2:~# IFACE=edgevpn0 ADDRESS=10.1.0.4/24 EDGEVPNCONFIG=vpn.yaml edgevpn {"level":"INFO","time":"2022-11-20T12:41:45.511Z","caller":"cmd/util.go:333","message":" \tedgevpn Copyright (C) 2021-2022 Ettore Di Giacinto\nThis program comes with ABSOLUTELY NO WARRANTY.\nThis is free software, and you are welcome to redistribute it\nunder certain conditions."} {"level":"INFO","time":"2022-11-20T12:41:45.512Z","caller":"cmd/util.go:335","message":"Version: v0.18.0 commit: 042b7b2d3037670da9cea9d2d3eae52d559016e6\n"} {"level":"INFO","time":"2022-11-20T12:41:45.512Z","caller":"node/node.go:118","message":" Starting EdgeVPN network"} 2022/11/20 12:41:45 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details. {"level":"INFO","time":"2022-11-20T12:41:45.520Z","caller":"node/node.go:172","message":" Node ID: 12D3KooWNc3LEQZ2evuLwQLkeg6ns7A7MGpnwTjfnNHiXcA9awyZ"} {"level":"INFO","time":"2022-11-20T12:41:45.520Z","caller":"node/node.go:173","message":" Node Addresses: [/ip4/167.235.131.166/tcp/33079 /ip4/127.0.0.1/tcp/33079 /ip4/167.235.131.166/udp/48960/quic /ip4/127.0.0.1/udp/48960/quic /ip6/2a01:4f8:c2c:4092::1/tcp/44625 /ip6/::1/tcp/44625 /ip6/2a01:4f8:c2c:4092::1/udp/59652/quic /ip6/::1/udp/59652/quic]"} {"level":"INFO","time":"2022-11-20T12:41:45.521Z","caller":"discovery/dht.go:104","message":" Bootstrapping DHT"} 

root@edgevpn2:~# ifconfig -a edgevpn0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1200 inet 10.1.0.4 netmask 255.255.255.0 destination 10.1.0.4 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 4469 (4.4 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 167.235.131.166 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::9400:1ff:feae:5b8a prefixlen 64 scopeid 0x20<link> inet6 2a01:4f8:c2c:4092::1 prefixlen 64 scopeid 0x0<global> ether 96:00:01:ae:5b:8a txqueuelen 1000 (Ethernet) RX packets 12746 bytes 14304008 (14.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11823 bytes 3524646 (3.5 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 3255 bytes 1962530 (1.9 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3255 bytes 1962530 (1.9 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 root@edgevpn2:~# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:33079 0.0.0.0:* LISTEN 976/edgevpn tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 694/sshd: /usr/sbin tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 566/systemd-resolve tcp6 0 0 :::22 :::* LISTEN 694/sshd: /usr/sbin tcp6 0 0 :::44625 :::* LISTEN 976/edgevpn udp 0 0 0.0.0.0:46214 0.0.0.0:* 976/edgevpn udp 0 0 0.0.0.0:5353 0.0.0.0:* 976/edgevpn udp 0 0 0.0.0.0:5353 0.0.0.0:* 976/edgevpn udp 0 0 0.0.0.0:48960 0.0.0.0:* 976/edgevpn udp 0 0 127.0.0.53:53 0.0.0.0:* 566/systemd-resolve udp 0 0 167.235.131.166:68 0.0.0.0:* 564/systemd-network udp6 0 0 :::5353 :::* 976/edgevpn udp6 0 0 :::5353 :::* 976/edgevpn udp6 0 0 :::59652 :::* 976/edgevpn 

root@edgevpn2:~# ping -c 5 10.1.0.3 PING 10.1.0.3 (10.1.0.3) 56(84) bytes of data. 64 bytes from 10.1.0.3: icmp_seq=1 ttl=64 time=25.2 ms 64 bytes from 10.1.0.3: icmp_seq=2 ttl=64 time=24.8 ms 64 bytes from 10.1.0.3: icmp_seq=3 ttl=64 time=24.8 ms 64 bytes from 10.1.0.3: icmp_seq=4 ttl=64 time=25.1 ms 64 bytes from 10.1.0.3: icmp_seq=5 ttl=64 time=25.2 ms --- 10.1.0.3 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 24.766/25.032/25.249/0.193 ms 

root@edgevpn1:~# cat /var/lib/rancher/k3s/server/node-token K102d685aef0648346d32649047e76d1f1a32fba6711d620e32a214ecaf3b60404d::server:e232ab947b5d06950138a1a6df9ef796 root@edgevpn2:~# K3S_URL=https://10.1.0.3:6443 K3S_TOKEN=K102d685aef0648346d32649047e76d1f1a32fba6711d620e32a214ecaf3b60404d::server:e232ab947b5d06950138a1a6df9ef796 k3s agent --f lannel-iface=edgevpn0 --node-ip 10.1.0.4 

root@edgevpn1:~# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME edgevpn1 Ready control-plane,master 15m v1.25.3+k3s1 10.1.0.3 <none> Ubuntu 22.04.1 LTS 5.15.0-47-generic containerd://1.6.8-k3s1 edgevpn2 Ready <none> 62s v1.25.3+k3s1 10.1.0.4 <none> Ubuntu 22.04.1 LTS 5.15.0-46-generic containerd://1.6.8-k3s1 root@edgevpn1:~# kubectl get po,svc -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 15m kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 15m kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 15m kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 15m kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 15m kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 15m kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 15m kube-system pod/svclb-traefik-eedbcbde-sb8h9 2/2 Running 0 83s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 16m kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 16m kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 16m kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3,10.1.0.4 80:31735/TCP,443:30749/TCP 15m 

root@edgevpn1:~# kube-explorer --help NAME: kube-explorer USAGE: kube-explorer [global options] command [command options] [arguments...] VERSION: v0.2.13 (d242828) COMMANDS: help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --kubeconfig value [$KUBECONFIG] --context value [$CONTEXT] --ui-path value --https-listen-port value (default: 9443) --http-listen-port value (default: 9080) --insecure-skip-tls-verify --webhook-auth [$WEBHOOK_AUTH] --webhook-kubeconfig value [$WEBHOOK_KUBECONFIG] --webhook-url value [$WEBHOOK_URL] --webhook-cache-ttl value (default: 0) [$WEBHOOK_CACHE_TTL] --debug --debug-level value (default: 7) --help, -h show help --version, -v print the version root@edgevpn1:~# kube-explorer --kubeconfig=/root/.kube/config --http-listen-port=9898 --https-listen-port=0 INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=Role controller INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=RoleBinding controller INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRole controller INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding controller INFO[0000] Starting apiregistration.k8s.io/v1, Kind=APIService controller INFO[0000] Listening on :9898 

root@edgevpn1:~# edgevpn api --help NAME: api - Starts an http server to display network informations USAGE: edgevpn api DESCRIPTION: Start listening locally, providing an API for the network. A simple UI interface is available to display network data. OPTIONS: --config value Specify a path to a edgevpn config file [$EDGEVPNCONFIG] --timeout value Specify a default timeout for connection stream (default: "15s") [$EDGEVPNTIMEOUT] --mtu value Specify a mtu (default: 1200) [$EDGEVPNMTU] --bootstrap-iface Setup interface on startup (need privileges) [$EDGEVPNBOOTSTRAPIFACE] --packet-mtu value Specify a mtu (default: 1420) [$EDGEVPNPACKETMTU] --channel-buffer-size value Specify a channel buffer size (default: 0) [$EDGEVPNCHANNELBUFFERSIZE] --discovery-interval value DHT discovery interval time (default: 720) [$EDGEVPNDHTINTERVAL] --ledger-announce-interval value Ledger announce interval time (default: 10) [$EDGEVPNLEDGERINTERVAL] --autorelay-discovery-interval value Autorelay discovery interval (default: "5m") [$EDGEVPNAUTORELAYDISCOVERYINTERVAL] --autorelay-static-only Use only defined static relays [$EDGEVPNAUTORELAYSTATICONLY] --ledger-syncronization-interval value Ledger syncronization interval time (default: 10) [$EDGEVPNLEDGERSYNCINTERVAL] --nat-ratelimit-global value Rate limit global requests (default: 10) [$EDGEVPNNATRATELIMITGLOBAL] --nat-ratelimit-peer value Rate limit perr requests (default: 10) [$EDGEVPNNATRATELIMITPEER] --nat-ratelimit-interval value Rate limit interval (default: 60) [$EDGEVPNNATRATELIMITINTERVAL] --nat-ratelimit Changes the default rate limiting configured in helping other peers determine their reachability status [$EDGEVPNNATRATELIMIT] --max-connections value Max connections (default: 0) [$EDGEVPNMAXCONNS] --ledger-state value Specify a ledger state directory [$EDGEVPNLEDGERSTATE] --mdns Enable mDNS for peer discovery [$EDGEVPNMDNS] --autorelay Automatically act as a relay if the node can accept inbound connections [$EDGEVPNAUTORELAY] --autorelay-v1 Enable autorelay v1 circuits [$EDGEVPNAUTORELAYV1] --concurrency value Number of concurrent requests to serve (default: 2) --holepunch Automatically try holepunching when possible [$EDGEVPNHOLEPUNCH] --natservice Tries to determine reachability status of nodes [$EDGEVPNNATSERVICE] --natmap Tries to open a port in the firewall via upnp [$EDGEVPNNATMAP] --dht Enable DHT for peer discovery [$EDGEVPNDHT] --low-profile Enable low profile. Lowers connections usage [$EDGEVPNLOWPROFILE] --mplex-multiplexer Enable mplex multiplexer. [$EDGEVPNMPLEX] --aliveness-healthcheck-interval value Healthcheck interval (default: 120) [$HEALTHCHECKINTERVAL] --aliveness-healthcheck-scrub-interval value Healthcheck scrub interval (default: 600) [$HEALTHCHECKSCRUBINTERVAL] --aliveness-healthcheck-max-interval value Healthcheck max interval. Threshold after a node is determined offline (default: 900) [$HEALTHCHECKMAXINTERVAL] --log-level value Specify loglevel (default: "info") [$EDGEVPNLOGLEVEL] --libp2p-log-level value Specify libp2p loglevel (default: "fatal") [$EDGEVPNLIBP2PLOGLEVEL] --discovery-bootstrap-peers value List of discovery peers to use [$EDGEVPNBOOTSTRAPPEERS] --autorelay-static-peer value List of autorelay static peers to use [$EDGEVPNAUTORELAYPEERS] --blacklist value List of peers/cidr to gate [$EDGEVPNBLACKLIST] --token value Specify an edgevpn token in place of a config file [$EDGEVPNTOKEN] --limit-file value Specify an limit config (json) [$LIMITFILE] --limit-scope value Specify a limit scope (default: "system") [$LIMITSCOPE] --limit-config Enable inline resource limit configuration [$LIMITCONFIG] --limit-enable Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled [$LIMITENABLE] --limit-config-streams value Streams resource limit configuration (default: 200) [$LIMITCONFIGSTREAMS] --limit-config-streams-inbound value Inbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSINBOUND] --limit-config-streams-outbound value Outbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSOUTBOUND] --limit-config-conn value Connections resource limit configuration (default: 200) [$LIMITCONFIGCONNS] --limit-config-conn-inbound value Inbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSINBOUND] --limit-config-conn-outbound value Outbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSOUTBOUND] --limit-config-fd value Max fd resource limit configuration (default: 30) [$LIMITCONFIGFD] --peerguard Enable peerguard. (Experimental) [$PEERGUARD] --peergate Enable peergating. (Experimental) [$PEERGATE] --peergate-autoclean Enable peergating autoclean. (Experimental) [$PEERGATE_AUTOCLEAN] --peergate-relaxed Enable peergating relaxation. (Experimental) [$PEERGATE_RELAXED] --peergate-auth value Peergate auth [$PEERGATE_AUTH] --peergate-interval value Peergater interval time (default: 120) [$EDGEVPNPEERGATEINTERVAL] --debug --listen value Listening address. To listen to a socket, prefix with unix://, e.g. unix:///socket.path (default: ":8080") root@edgevpn1:~# EDGEVPNCONFIG=vpn.yaml edgevpn api --listen :10000 {"level":"INFO","time":"2022-11-20T13:04:37.466Z","caller":"cmd/util.go:333","message":" \tedgevpn Copyright (C) 2021-2022 Ettore Di Giacinto\nThis program comes with ABSOLUTELY NO WARRANTY.\nThis is free software, and you are welcome to redistribute it\nunder certain conditions."} {"level":"INFO","time":"2022-11-20T13:04:37.466Z","caller":"cmd/util.go:335","message":"Version: v0.18.0 commit: 042b7b2d3037670da9cea9d2d3eae52d559016e6\n"} {"level":"INFO","time":"2022-11-20T13:04:37.466Z","caller":"node/node.go:118","message":" Starting EdgeVPN network"} 2022/11/20 13:04:37 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details. {"level":"INFO","time":"2022-11-20T13:04:37.485Z","caller":"node/node.go:172","message":" Node ID: 12D3KooWJZz5MiSL9LQMt96mCufYBs2q9jXaNDyfFBsEX5NNDz2C"} {"level":"INFO","time":"2022-11-20T13:04:37.507Z","caller":"node/node.go:173","message":" Node Addresses: [/ip6/2a01:4f9:c012:5f57::1/udp/55208/quic /ip6/::1/udp/55208/quic /ip4/65.21.189.254/tcp/45321 /ip4/127.0.0.1/tcp/45321 /ip4/65.21.189.254/udp/43275/quic /ip4/127.0.0.1/udp/43275/quic /ip6/2a01:4f9:c012:5f57::1/tcp/43219 /ip6/::1/tcp/43219]"} {"level":"INFO","time":"2022-11-20T13:04:37.508Z","caller":"discovery/dht.go:104","message":" Bootstrapping DHT"} ⇨ http server started on [::]:10000 

root@edgevpn1:~# kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created namespace/cert-manager created serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrole.rbac.authorization.k8s.io/cert-manager-view created clusterrole.rbac.authorization.k8s.io/cert-manager-edit created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created role.rbac.authorization.k8s.io/cert-manager:leaderelection created role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created 

root@edgevpn1:~# kubectl apply -f https://github.com/kotalco/kotal/releases/download/v0.1-alpha.6/kotal.yaml namespace/kotal created customresourcedefinition.apiextensions.k8s.io/beaconnodes.ethereum2.kotal.io created customresourcedefinition.apiextensions.k8s.io/clusterpeers.ipfs.kotal.io created customresourcedefinition.apiextensions.k8s.io/nodes.chainlink.kotal.io created customresourcedefinition.apiextensions.k8s.io/nodes.ethereum.kotal.io created customresourcedefinition.apiextensions.k8s.io/nodes.filecoin.kotal.io created customresourcedefinition.apiextensions.k8s.io/nodes.polkadot.kotal.io created customresourcedefinition.apiextensions.k8s.io/peers.ipfs.kotal.io created customresourcedefinition.apiextensions.k8s.io/validators.ethereum2.kotal.io created mutatingwebhookconfiguration.admissionregistration.k8s.io/mutating-webhook-configuration created role.rbac.authorization.k8s.io/leader-election-role created clusterrole.rbac.authorization.k8s.io/manager-role created clusterrole.rbac.authorization.k8s.io/metrics-reader created clusterrole.rbac.authorization.k8s.io/proxy-role created rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/manager-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/proxy-rolebinding created service/controller-manager-metrics-service created service/webhook-service created deployment.apps/controller-manager created certificate.cert-manager.io/serving-cert created issuer.cert-manager.io/selfsigned-issuer created validatingwebhookconfiguration.admissionregistration.k8s.io/validating-webhook-configuration created root@edgevpn1:~# kubectl get po,svc -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 48m kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 48m kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 48m kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 48m kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 48m kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 48m kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 48m kube-system pod/svclb-traefik-eedbcbde-sb8h9 2/2 Running 0 33m cert-manager pod/cert-manager-77f9f95c5c-fk98d 1/1 Running 0 3m39s cert-manager pod/cert-manager-webhook-765b6f5ffc-fzj5p 1/1 Running 0 3m39s cert-manager pod/cert-manager-cainjector-769c877458-4wxmb 1/1 Running 2 (71s ago) 3m39s kotal pod/controller-manager-5784dc84d5-kbr58 2/2 Running 0 71s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 48m kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 48m kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 48m kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3,10.1.0.4 80:31735/TCP,443:30749/TCP 48m cert-manager service/cert-manager ClusterIP 10.43.12.233 <none> 9402/TCP 3m39s cert-manager service/cert-manager-webhook ClusterIP 10.43.217.216 <none> 443/TCP 3m39s kotal service/controller-manager-metrics-service ClusterIP 10.43.188.129 <none> 8443/TCP 71s kotal service/webhook-service ClusterIP 10.43.142.211 <none> 443/TCP 71s 

apiVersion: ipfs.kotal.io/v1alpha1 kind: Peer metadata: name: simple-peer spec: {} 

root@edgevpn1:~# kubectl apply -f peer.yaml peer.ipfs.kotal.io/simple-peer created root@edgevpn1:~# kubectl get peers NAME CLIENT simple-peer go-ipfs root@edgevpn1:~# kubectl get po,svc -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 55m kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 55m kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 55m kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 55m kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 55m kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 55m kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 55m kube-system pod/svclb-traefik-eedbcbde-sb8h9 2/2 Running 0 41m cert-manager pod/cert-manager-77f9f95c5c-fk98d 1/1 Running 0 10m cert-manager pod/cert-manager-webhook-765b6f5ffc-fzj5p 1/1 Running 0 10m kotal pod/controller-manager-5784dc84d5-kbr58 2/2 Running 0 8m15s default pod/simple-peer-0 1/1 Running 0 3m29s cert-manager pod/cert-manager-cainjector-769c877458-4wxmb 1/1 Running 5 (112s ago) 10m NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 55m kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 55m kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 55m kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3,10.1.0.4 80:31735/TCP,443:30749/TCP 55m cert-manager service/cert-manager ClusterIP 10.43.12.233 <none> 9402/TCP 10m cert-manager service/cert-manager-webhook ClusterIP 10.43.217.216 <none> 443/TCP 10m kotal service/controller-manager-metrics-service ClusterIP 10.43.188.129 <none> 8443/TCP 8m15s kotal service/webhook-service ClusterIP 10.43.142.211 <none> 443/TCP 8m15s default service/simple-peer ClusterIP 10.43.2.246 <none> 4001/TCP,4001/UDP,5001/TCP,8080/TCP 3m29s root@edgevpn1:~# kubectl logs -f simple-peer-0 Defaulted container "peer" out of: peer, init-ipfs (init), config-ipfs (init) Initializing daemon... go-ipfs version: 0.11.0-25efe3f Repo version: 11 System version: amd64/linux Golang version: go1.16.7 2022/11/20 13:26:22 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details. 2022/11/20 13:26:22 [zeroconf] no suitable IPv6 interface: udp6: failed to join any of these interfaces: [{2 1150 eth0 ba:77:78:26:4a:0c up|broadcast|multicast}] Swarm listening on /ip4/10.42.0.10/tcp/4001 Swarm listening on /ip4/10.42.0.10/udp/4001/quic Swarm listening on /ip4/127.0.0.1/tcp/4001 Swarm listening on /ip4/127.0.0.1/udp/4001/quic Swarm listening on /ip6/::1/tcp/4001 Swarm listening on /ip6/::1/udp/4001/quic Swarm listening on /p2p-circuit Swarm announcing /ip4/10.42.0.10/tcp/4001 Swarm announcing /ip4/10.42.0.10/udp/4001/quic Swarm announcing /ip4/127.0.0.1/tcp/4001 Swarm announcing /ip4/127.0.0.1/udp/4001/quic Swarm announcing /ip6/::1/tcp/4001 Swarm announcing /ip6/::1/udp/4001/quic API server listening on /ip4/0.0.0.0/tcp/5001 WebUI: http://0.0.0.0:5001/webui Gateway (readonly) server listening on /ip4/0.0.0.0/tcp/8080 Daemon is ready 

root@edgevpn1:~# kubectl port-forward simple-peer-0 5001 Forwarding from 127.0.0.1:5001 -> 5001 Forwarding from [::1]:5001 -> 5001 

root@edgevpn1:~# curl -X POST "http://127.0.0.1:5001/api/v0/cat?arg=QmQPeNsJPyVWPFDVHb77w8G42Fvo15z4bG2X8D2GhfbSXc/readme" Hello and Welcome to IPFS! ██╗██████╗ ███████╗███████╗ ██║██╔══██╗██╔════╝██╔════╝ ██║██████╔╝█████╗ ███████╗ ██║██╔═══╝ ██╔══╝ ╚════██║ ██║██║ ██║ ███████║ ╚═╝╚═╝ ╚═╝ ╚══════╝ If you're seeing this, you have successfully installed IPFS and are now interfacing with the ipfs merkledag! ------------------------------------------------------- | Warning: | | This is alpha software. Use at your own discretion! | | Much is missing or lacking polish. There are bugs. | | Not yet secure. Read the security notes for more. | ------------------------------------------------------- Check out some of the other files in this directory: ./about ./help ./quick-start <-- usage examples ./readme <-- this file ./security-notes