next-hat / nanocl Goto Github PK
View Code? Open in Web Editor NEWDistributed System that simplifies the management of containers and virtual machines.
Home Page: https://next-hat.com/nanocl
License: Apache License 2.0
Distributed System that simplifies the management of containers and virtual machines.
Home Page: https://next-hat.com/nanocl
License: Apache License 2.0
Is your feature request related to a problem? Please describe.
I'm change how nanocl is setup, right now the daemon start the required services with different configuration depending on if we are in development, test or release. This is now done with a docker compose for development and tests.
For production the nanocl setup
command will start required services with the ability to override settings before starting the daemon.
After this change. Even in development, docker compose will have to be used.
Describe the solution you'd like
Add a new query parameter to filter cargoes on GET /cargoes
:
This will be usefull on the dashboard for example to enable data on scroll.
You can see an example on GET /namespaces
.
We could also add filter parameters to the cli
Is your feature request related to a problem? Please describe.
To make it less confusing we should considere renaming nanocl state revert
into nanocl state remove
Is your feature request related to a problem? Please describe.
When creating a namespace, we should take extra optionnal parameters to be abble to setup some network options.
Options to add are relation to options for create a network that can be found there
This is a DAEMON and CLI change.
A command like this should be considered:
nanocl namespace create my-namespace --attachable --gateway 172.25.0.1
Is your feature request related to a problem? Please describe.
When creating a namespace we also are creating a network.
The created network should have ipv6 enabled and actually maybe we should only support ipv6
That will allow us to manage more cargo/container inside a single network
Is your feature request related to a problem? Please describe.
I should definitely work on a good developer documentation so people will contribute more easily
Is your feature request related to a problem? Please describe.
Like for cargoes we should be able to create set a virtual machine from a state file
Describe the solution you'd like
Create a new VirtualMachineState
model with a new type and accept it inside our state service to create
, patch
and delete
them. The model should be added inside crates/nanocl_stubs/src/state.rs
the function to create
, patch
and delete
a virtual machine already exists inside bin/nanocld/src/utils/vm.rs
Is your feature request related to a problem? Please describe.
Create a workflow to release the proxy
, ctrl-proxy
, dns
and ctrl-dns
Is your feature request related to a problem? Please describe.
We should add utoipa
to the project and generate the openapi specification when the dev
feature is enabled
Is your feature request related to a problem? Please describe.
It could be nice to try to improve the code coverage as much as possible.
Arround 75% would be really nice !
You should be able to go on this website to see what is covered or not !
I'll keep this issue open till the goal of 75% is reached.
I am opening this issue to decide or set a goal of which license to use for our project.
A license determines how our code can be used, modified, and distributed by others. We need to consider factors such as the goals of the project, the level of openness we want to provide, and any legal requirements that may apply.
Is your feature request related to a problem? Please describe.
A command to list and follow http logs should exists.
An options should be added to force remove a cargo,
Something like
nanocl cargo rm -f my-cargo
These change include stubs, client, cli and daemon update
Trying to execute both command just produce no output and never end :
nanocl cargo --namespace system exec proxy -- cat /var/log/nginx/error.log
docker exec system-proxy cat /var/log/nginx/error.log
Is your feature request related to a problem? Please describe.
When deleting a namespace we should add a force
option in the query to delete all cargoes and virtual machine existing in the namespace.
Additional context
The command should look like this:
nanocl namespace rm -f my-namespace
We should be able to create cargoes
and resources
directly from configuration file see examples
.
A command on the CLI should be created something like:
nanocl state apply -f examples/resource_example.yml
On the Daemon side the route should directly accept configuration file from examples
folder.
We should have an extra parameter to know if we want delete them for example a query paramater.
If the delete parameter is not set we create or update our data based on the configuration file received.
We should be able to browser history of Cargoes and Resources
A method GET /cargoes/{id}/histories
and GET /resources/{id}/histories
should be implemented to be able to browse them in the CLI
using those commands :
nanocl cargo history id
nanocl resource history id
Then a method to reset them you be implemented PATCH /cargoes/{cargo_id}/reset/{history_id}}
and PATCH /resources/{cargo_id}/reset/{history_id}
That will create a new config from the history id it's basically like a patch but with a config from our history
Then add command like this:
nanocl cargo reset id history_id
nanocl cargo reset id history_id
Is your feature request related to a problem? Please describe.
The ncdproxy log everything, even if you send credentials for example a login form.
If you don't disable loggin for this specific path the credentials of the user aka login and password, will be in clear text inside the logs.
I want to have loggin enable by default as zero trust policy
, but we should give the ability to disable it.
A configuration like this should be considered:
Kind: Deployment
ApiVersion: v0.7
Namespace: global
Resources:
- Name: deploy-example.com
Kind: ProxyRule
Version: v0.4
Config:
Watch:
- deploy-example.global
- deploy-example2.global
Rules:
- Domain: deploy-example.com
Network: Public
Locations:
- Path: /
Target:
CargoKey: deploy-example.global
CargoPort: 9000
- Path: /users/login
Target:
CargoKey: deploy-example.global
CargoPort: 9000
Path: /users/login
DisableLoggin: true
Cargoes:
- Name: deploy-example
Container:
Image: nexthat/nanocl-get-started:latest
Env:
- APP=GET_STARTED1
Where Path
and DisableLoggin
are optinal values.
You have to take a look at nginx.
Is your feature request related to a problem? Please describe.
We have to refactor the way Custom Resource
can be created.
Currently we can create custom resource using this method:
Type: Resource
ApiVersion: v0.6
Resources:
- Name: VpnUser
Kind: Custom
Version: v0.1
Config:
title: VpnUser
description: Create a new vpn user
type: object
required:
- Username
properties:
Username:
description: Cargo to watch for changes
type: string
I want to refactor it so we can add an extra url along the custom schema.
Note: the schema use json schema to be defined.
The refactor i want should access this configuration:
Type: Resource
ApiVersion: v0.6
Resources:
- Name: VpnUser
Kind: Kind
Version: v0.1
Config:
Url: my-custom-url.com
Schema:
title: VpnUser
description: Create a new vpn user
type: object
required:
- Username
properties:
Username:
description: Cargo to watch for changes
type: string
By changing this configuration, ProxyRule
and DnsRule
should now be defined as Resources and we should ensure they exist during boot time of the daemon. By default they just have and Url
property pointing to the url already existing in the project starting with unix://
Note that both Url
and Schema
property can be optional but if both are unset on the creation of the new Ressource Kind
we should return an error.
We should create a custom structure for example ResourceKind
.
pub struct ResourceKind {
pub url: Option<String>,
pub schema: Option<serde_json::Value>,
}
Describe the bug
The namespace global
and system
can be deleted but it shouldn't be allowed.
To Reproduce
Run:
nanocl namespace rm global
When no cargoes are created in the global namespace.
Expected behavior
This should return an error maybe a 401
because if both of this namespace doesn't exist it can cause unexpected behavior.
This is just a daemon/api change.
Is your feature request related to a problem? Please describe.
Considering docker have a restart endpoint, we should implement it aswell for our cargoes,
This is an api / cli change
Is your feature request related to a problem? Please describe.
This is wrong we should have two different structure StateApplyOpts
and StateRevertOpts
or StateDestroyOpts
.
I just found out nanocl
and I'm still speechless. Thanks for your work!
Since I'm not very experienced I ask you:
is it conceivable today to use nanocl
instead of kubernetes
? (I'm referring to a very simple use of kubernetes
: nginx as a reverse-proxy and a few pods (deployments) of simple web applications);
are there any dashboards that can be used (even very simple ones)?
are there online tutorials/guides?
Is your feature request related to a problem? Please describe.
Error handling with IoError and HttpError on nanocld_client and nanocl
Describe the solution you'd like
Use a new query parameter for cargo logs to enable these features:
These options should be passed to bollard docker logs function.
We should also add CLI options to use them for example:
nanocl cargo logs my-cargo -f -t 100 --timestamps
We should configure cockroachdb to be ready for multinode.
Remove his unsecure mode with a generated SSL certificat.
We should generate the certificate in the nanocl setup
command or in nanocld boot.
Is your feature request related to a problem? Please describe.
Since the refactor of the cargo logs endpoint nanocl state apply -a
don't follow logs anymore and it's should.
We need to add the parameters follow
to our request.
By default when creating a namespace it will create an associated network and all cargo created will use this network.
End-User may want to create other custom network ?
A command like :
nanocl namespace global network create my-network
or
nanocl network create --namespace global my-network
could be implemented. With associated list
remove
and inspect
methods.
This can improove container network isolation.
Could be nice to brainstorm about how we can define a cargo replication.
We should be able to :
x
defined instances in all nodex
defined instances in targeted nodesx
defined instances in one nodeWhat else we should be able to do ?
And how we define the data ?
Example of the enum that came in my mind:
/// Auto is used to automatically define that the number of replicas in the cluster
/// Number is used to manually set the number of replicas
/// Note: auto will ensure at least 1 replica exists in the cluster
#[derive(Debug, Clone)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
#[cfg_attr(feature = "serde", serde(rename_all = "PascalCase"))]
#[cfg_attr(feature = "dev", derive(ToSchema))]
pub enum ReplicationMode {
/// Auto is used to automatically define that the number of replicas in the cluster
/// This will ensure at least 1 replica exists in the cluster
/// And automatically add more replicas in the cluster if needed for redundancy
Auto,
/// Unique is used to ensure that only one replica exists in the cluster
Unique,
/// UniqueByNode is used to ensure one replica is running on each node
UniqueByNode,
/// UniqueByNodeGroups is used to ensure one replica is running on each node group
UniqueByNodeGroups { groups: Vec<String> },
/// UniqueByNodeNames is used to ensure one replica is running on each node name
UniqueByNodeNames { names: Vec<String> },
/// Number is used to manually set the number of replicas in one node
Number(i64),
/// NumberByNodes is used to manually set the number of replicas in each node
NumberByNodes(i64),
/// NumberByNodeGroups is used to manually set the number of replicas in each node group
NumberByNodeGroups { groups: Vec<String>, number: i64 },
/// NumberByNodeNames is used to manually set the number of replicas in each node name
NumberByNodeNames { names: Vec<String>, number: i64 },
}
Is your feature request related to a problem? Please describe.
We should be able to create, patch and delete virtual machine from a state file
Describe the solution you'd like
Add and Vector
of VmConfigPartial
inside the DeploymentState
model and update the state service to create, patch or delete them the DeploymentState
model exists inside crates/nanocl_stubs/src/state.rs
the VmConfigPartial
models is inside crates/nanocl_stubs/src/vm_config.rs
Is your feature request related to a problem? Please describe.
To make it more matching with docker i we should rename nanocl cargo image create
into nanocl cargo image pull
.
Is your feature request related to a problem? Please describe.
To fully unlock the control of the network, we need to think about a spec for the dns controller.
By default we use DNSMASQ
First the data type :
Type: Resource
ApiVersion: v0.5
Resources:
- Name: resource-example
Kind: DnsRule
Version: v0.1
Config:
Network: "Public" | "Private" | "Nsp.{namespace_name}" # To bind to specific namespace ip address
Entries:
- Name: test.com
IpAddress: "127.0.0.1" | "Nsp.{namespace_name}" # To redirect to specific namespace ip address
We should handle two methods:
PUT /rules
to create new / update a DnsRuleDELETE /rules/{Name}
to delete the DnsRuleCreating a rule mean creating a file in this case, nothing have to be stored in database.
That mean we have to create specific dnsmasq config for given resource.
The service should generate an openapi spec aswell.
Feel free to share any though about the config spec for the DnsRule
Describe the bug
Nanocl doesn't compile with the latest version of Tabled
see #221
To Reproduce
Upgrade Tabled
and try to build
Expected behavior
We expect to build with last version
Additional context
It's basically a refactor of the print_table
in bin/nanocl/src/utils/print.rs
We should have a command to run command inside containers.
Something like:
nanocl cargo exec my-container -- my-command
or
nanocl exec my-container -- my-command
This feature include to create a method in the daemon
We should be able to import image from tarball.
Something like:
nanocl cargo image import my-image.tar
That require to add a route in the Daemon and the command in the CLI
You can already generate an SSL Cert from Certbot using this command :
nanocl exec system-nano-proxy -- certbot --nginx --email [email protected] --agree-tos -d your-domain.com
But it maybe nice to be able to generate self signed certificate for authentication.
I'll need to update the developer documentation with better description in case of docker installed using docker desktop
Is your feature request related to a problem? Please describe.
On docker we can do a command like this docker rm -f $(docker ps -aq)
to delete everything.
It could be nice to be able to do the same thing using for example:
nanocl cargo rm -f $(nanocl cargo ls -q)
We should build all man page and have automatic update into the documentation.
Is your feature request related to a problem? Please describe.
It's already done for http request, we should do it aswell for tcp and udp stream.
This is a daemon change you can see how i did it for inside bin/nanocld/src/utils/proxy.rs
You basically have to create a database model with diesel then create the data when you receive it.
The receive process is already done. The ncdproxy
should print a line starting with #STREAM
when a tcp / udp request is fired.
Describe the bug
I'm unable to use self generated certificate to connect to the database
To Reproduce
Following this tutorial
I generate certificate for the node and the client, but after copying client.root.crt
and client.root.key
to ~/.postgresql
folder i have an connection ssl error
Expected behavior
I expect a connection between my client and my server using a ssl/tls connection
Additional context
You can find the function to connect to the store and the config can be found at:
./bin/nanocld/src/utils/store
./bin/nanocld/specs/store.yml
To generate the ssl certificate you can do it using docker:
docker -v /var/lib/nanocl/store/certs:/certs -v /var/lib/nanocl/store/ca:/ca -it --rm cockroachdb/cockroach:v22.2.6 cockroach cert [...] --certs-dir=/certs --ca-key=/ca/ca.key
Is your feature request related to a problem? Please describe.
We should save nginx logs inside the database with a TTL of 4 months ?
The logs have to be well save so we can sort them and be able to generate some statistics
Describe the solution you'd like
We should spawn a thread and watch for logs of our proxy
container to save them in the database, we should also change nginx
config in order to logs tcp/udp request, right now only http request are logged.
Is your feature request related to a problem? Please describe.
Workflow start to take time since we moved to monorepo and are building a lot of stuff.
The image for the proxy and the dns could be build and cached using buildx
so speed up the process
Is your feature request related to a problem? Please describe.
We should remove the need of mustache
in favor of liquid
that will unlock more feature in the future
We should also make the option -f
optional and try to look for a StateFile.yml or StateFile.yaml in the current directory !
Could be nice to brainstorm about how the resource ProxyRule should be defined.
We should be able to :
What else should we have ?
This is for now how look look like http and https to target a cargo at specific location:
Http
Resources:
- Name: resource-example
Kind: ProxyRule
Config:
# List of cargo to watch updates
Watch:
- get-started@global
Http:
Domain: get-started.com
Network: Public
# Optional SSL config
Ssl:
Certificate: /path/to/cert
CertificateKey: /path/to/cert
DhParam: /path/to/dhparam
# Http location
Locations:
- Path: /
Target:
# The cargo to target for the location
Key: get-started@global
Port: 9000
Stream
Resources:
- Name: resource-example
Kind: ProxyRule
Config:
# List of cargo to watch updates
Watch:
- get-started@global
Stream:
Network: Public
# The protocol to use Tcp | Udp
Protocol: Tcp
Port: 8888
# Optional SSL config
Ssl:
Certificate: /path/to/cert
CertificateKey: /path/to/cert
DhParam: /path/to/dhparam
# Http location
Target:
# The cargo to target for the location
Key: get-started@global
Port: 9000
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.