DEV Community

Karim
Karim

Posted on • Originally published at deep75.Medium on

Blockchain : Création de réseaux privés décentralisés avec EdgeVPN et application à l’opérateur…

Focus sur EdgeVPN qui utilise libp2p pour construire des réseaux privés décentralisés auxquels on peut accéder via des secrets partagés. Il est notamment entièrement décentralisé. immuable. portable et facile à utiliser.

Il permet de :

  • Créer un VPN : VPN sécurisé entre pairs P2P.
  • Assigner automatiquement des IPs aux noeuds.
  • Intégrer un petit serveur DNS pour résoudre les adresses IP internes/externes.
  • Créer des zones de confiance pour empêcher l’accès au réseau en cas de fuite du jeton.
  • Agir comme un proxy inverse : partager un service tcp comme vous le feriez avec ngrok. EdgeVPN permet d’exposer des services TCP aux nœuds du réseau p2p sans établir de connexion VPN etcrée un reverse proxy en “tunnelisant” le trafic dans le réseau P2P.
  • Envoyer des fichiers via P2P entre les nœuds sans établir de connexion VPN.
  • Être utilisé comme une bibliothèque : branchez facilement un Ledger P2P distribué dans votre code écrit en Go ! …

EdgeVPN

Lancement de deux noeuds dans Hetzner Cloud en illustration où EdgeVPN va être lancé :


root@edgevpn1:~# wget -c https://github.com/mudler/edgevpn/releases/download/v0.18.0/edgevpn-v0.18.0-Linux-x86_64.tar.gz
root@edgevpn1:~# tar xvzf edgevpn-v0.18.0-Linux-x86_64.tar.gz 
LICENSE
README.md
edgevpn
root@edgevpn1:~# chmod +x edgevpn
root@edgevpn1:~# mv edgevpn /usr/bin/

root@edgevpn1:~# edgevpn -g > vpn.yaml
root@edgevpn1:~# cat vpn.yaml 
otp:
  dht:
    interval: 9000
    key: pvRp0ugVkdRe9A5B67sgY7P2ZyUyRhdg5r9j4Z4bi8R
    length: 43
  crypto:
    interval: 9000
    key: 5028y7IEQL4R8dnRXrf5PfDVd3mlhtDRy46o32ramHg
    length: 43
room: ojK0uZeHM2FFyU0nOUiLAi4w5iPZTrcqGmnisKyyfwN
rendezvous: CzRNPu1ivKbqXld6HqkkNy50FoxoFINtMehn2bKxfrA
mdns: 5kfQxOqEMupaFOwfROp17e3hze9Y5cmfuaFolNcxZVN
max_message_size: 20971520
Enter fullscreen mode Exit fullscreen mode

Je lance EdgeVPN sur ce premier noeud :

root@edgevpn1:~# IFACE=edgevpn0 ADDRESS=10.1.0.3/24 EDGEVPNCONFIG=vpn.yaml edgevpn

{"level":"INFO","time":"2022-11-20T12:27:10.563Z","caller":"cmd/util.go:333","message":" \tedgevpn Copyright (C) 2021-2022 Ettore Di Giacinto\nThis program comes with ABSOLUTELY NO WARRANTY.\nThis is free software, and you are welcome to redistribute it\nunder certain conditions."}
{"level":"INFO","time":"2022-11-20T12:27:10.563Z","caller":"cmd/util.go:335","message":"Version: v0.18.0 commit: 042b7b2d3037670da9cea9d2d3eae52d559016e6\n"}
{"level":"INFO","time":"2022-11-20T12:27:10.564Z","caller":"node/node.go:118","message":" Starting EdgeVPN network"}
2022/11/20 12:27:10 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
{"level":"INFO","time":"2022-11-20T12:27:10.575Z","caller":"node/node.go:172","message":" Node ID: 12D3KooWJoNbdmp7deTm7oqbjNV1x6Fe123RvAUds4eq53VZUvdR"}
{"level":"INFO","time":"2022-11-20T12:27:10.575Z","caller":"node/node.go:173","message":" Node Addresses: [/ip4/65.21.189.254/tcp/45281 /ip4/127.0.0.1/tcp/45281 /ip4/65.21.189.254/udp/53929/quic /ip4/127.0.0.1/udp/53929/quic /ip6/2a01:4f9:c012:5f57::1/tcp/37131 /ip6/::1/tcp/37131 /ip6/2a01:4f9:c012:5f57::1/udp/40467/quic /ip6/::1/udp/40467/quic]"}
{"level":"INFO","time":"2022-11-20T12:27:10.576Z","caller":"discovery/dht.go:104","message":" Bootstrapping DHT"}
Enter fullscreen mode Exit fullscreen mode

et l’interface réseau virtuelle est présente avec l’adresse IP pré-définie auparavant :

root@edgevpn1:~# ifconfig -a
edgevpn0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1200
        inet 10.1.0.3 netmask 255.255.255.0 destination 10.1.0.3
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 0 bytes 0 (0.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 65.21.189.254 netmask 255.255.255.255 broadcast 0.0.0.0
        inet6 2a01:4f9:c012:5f57::1 prefixlen 64 scopeid 0x0<global>
        inet6 fe80::9400:1ff:feae:5b76 prefixlen 64 scopeid 0x20<link>
        ether 96:00:01:ae:5b:76 txqueuelen 1000 (Ethernet)
        RX packets 21611 bytes 17359594 (17.3 MB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 22066 bytes 7546282 (7.5 MB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10<host>
        loop txqueuelen 1000 (Local Loopback)
        RX packets 6925 bytes 4179081 (4.1 MB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 6925 bytes 4179081 (4.1 MB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Enter fullscreen mode Exit fullscreen mode

Je peux y lancer k3s en mode contrôleur sur ce noeud :

root@edgevpn1:~# wget -c https://github.com/k3s-io/k3s/releases/download/v1.25.3%2Bk3s1/k3s && chmod +x k3s && mv k3s /usr/bin/
root@edgevpn1:~# k3s
NAME:
   k3s - Kubernetes, but small and simple

USAGE:
   k3s [global options] command [command options] [arguments...]

VERSION:
   v1.25.3+k3s1 (f2585c16)

COMMANDS:
   server Run management server
   agent Run node agent
   kubectl Run kubectl
   crictl Run crictl
   ctr Run ctr
   check-config Run config check
   etcd-snapshot Trigger an immediate etcd snapshot
   secrets-encrypt Control secrets encryption and keys rotation
   certificate Certificates management
   completion Install shell completion script
   help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug (logging) Turn on debug logs [$K3S_DEBUG]
   --data-dir value, -d value (data) Folder to hold state (default: /var/lib/rancher/k3s or ${HOME}/.rancher/k3s if not root)
   --help, -h show help
   --version, -v print the version

root@edgevpn1:~# k3s server --flannel-iface=edgevpn0
Enter fullscreen mode Exit fullscreen mode

Et k3s est accessible via l’interface virtuelle en écoute avec l’Ingress Controller fourni par défaut avec Traefik :

root@edgevpn1:~# curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/bin/ && mkdir .kube && cp /etc/rancher/k3s/k3s.yaml /root/.kube/config

root@edgevpn1:~# kubectl cluster-info
Kubernetes control plane is running at https://127.0.0.1:6443
CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

root@edgevpn1:~# kubectl get po,svc -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 3m16s
kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 3m16s
kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 3m16s
kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 3m16s
kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 3m1s
kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 3m2s
kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 3m16s

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 3m31s
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 3m27s
kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 3m26s
kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3 80:31735/TCP,443:30749/TCP 3m2s
Enter fullscreen mode Exit fullscreen mode

J’installe également EdgeVPN sur le second noeud situé dans une autre région d’Hetzner Cloud :

root@edgevpn2:~# edgevpn --help
NAME:
   edgevpn - edgevpn --config /etc/edgevpn/config.yaml

USAGE:
    [global options] command [command options] [arguments...]

VERSION:
   v0.18.0

DESCRIPTION:
   edgevpn uses libp2p to build an immutable trusted blockchain addressable p2p network

AUTHOR:
   Ettore Di Giacinto

COMMANDS:
   start Start the network without activating any interface
   api Starts an http server to display network informations
   service-add, sa Expose a service to the network without creating a VPN
   service-connect, sc Connects to a service in the network without creating a VPN
   file-receive, fr Receive a file which is served from the network
   proxy Starts a local http proxy server to egress nodes
   file-send, fs Serve a file to the network
   dns Starts a local dns server
   peergater peergater ecdsa-genkey
   help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --key-otp-interval value Tweaks default otp interval (in seconds) when generating new tokens (default: 9000)
   -g Generates a new configuration and prints it on screen
   -b Encodes the new config in base64, so it can be used as a token
   --debug Starts API with pprof attached
   --api Starts also the API daemon locally for inspecting the network status [$API]
   --api-listen value API listening port (default: ":8080") [$APILISTEN]
   --dhcp Enables p2p ip negotiation (experimental) [$DHCP]
   --transient-conn Allow transient connections [$TRANSIENTCONN]
   --lease-dir value DHCP leases directory (default: "/root/.edgevpn/leases") [$DHCPLEASEDIR]
   --address value VPN virtual address (default: "10.1.0.1/24") [$ADDRESS]
   --dns value DNS listening address. Empty to disable dns server [$DNSADDRESS]
   --dns-forwarder Enables dns forwarding [$DNSFORWARD]
   --egress Enables nodes for egress [$EGRESS]
   --egress-announce-time value Egress announce time (s) (default: 200) [$EGRESSANNOUNCE]
   --dns-cache-size value DNS LRU cache size (default: 200) [$DNSCACHESIZE]
   --dns-forward-server value List of DNS forward server, e.g. 8.8.8.8:53, 192.168.1.1:53 ... (default: "8.8.8.8:53", "1.1.1.1:53") [$DNSFORWARDSERVER]
   --router value Sends all packets to this node [$ROUTER]
   --interface value Interface name (default: "edgevpn0") [$IFACE]
   --config value Specify a path to a edgevpn config file [$EDGEVPNCONFIG]
   --timeout value Specify a default timeout for connection stream (default: "15s") [$EDGEVPNTIMEOUT]
   --mtu value Specify a mtu (default: 1200) [$EDGEVPNMTU]
   --bootstrap-iface Setup interface on startup (need privileges) [$EDGEVPNBOOTSTRAPIFACE]
   --packet-mtu value Specify a mtu (default: 1420) [$EDGEVPNPACKETMTU]
   --channel-buffer-size value Specify a channel buffer size (default: 0) [$EDGEVPNCHANNELBUFFERSIZE]
   --discovery-interval value DHT discovery interval time (default: 720) [$EDGEVPNDHTINTERVAL]
   --ledger-announce-interval value Ledger announce interval time (default: 10) [$EDGEVPNLEDGERINTERVAL]
   --autorelay-discovery-interval value Autorelay discovery interval (default: "5m") [$EDGEVPNAUTORELAYDISCOVERYINTERVAL]
   --autorelay-static-only Use only defined static relays [$EDGEVPNAUTORELAYSTATICONLY]
   --ledger-syncronization-interval value Ledger syncronization interval time (default: 10) [$EDGEVPNLEDGERSYNCINTERVAL]
   --nat-ratelimit-global value Rate limit global requests (default: 10) [$EDGEVPNNATRATELIMITGLOBAL]
   --nat-ratelimit-peer value Rate limit perr requests (default: 10) [$EDGEVPNNATRATELIMITPEER]
   --nat-ratelimit-interval value Rate limit interval (default: 60) [$EDGEVPNNATRATELIMITINTERVAL]
   --nat-ratelimit Changes the default rate limiting configured in helping other peers determine their reachability status [$EDGEVPNNATRATELIMIT]
   --max-connections value Max connections (default: 0) [$EDGEVPNMAXCONNS]
   --ledger-state value Specify a ledger state directory [$EDGEVPNLEDGERSTATE]
   --mdns Enable mDNS for peer discovery [$EDGEVPNMDNS]
   --autorelay Automatically act as a relay if the node can accept inbound connections [$EDGEVPNAUTORELAY]
   --autorelay-v1 Enable autorelay v1 circuits [$EDGEVPNAUTORELAYV1]
   --concurrency value Number of concurrent requests to serve (default: 2)
   --holepunch Automatically try holepunching when possible [$EDGEVPNHOLEPUNCH]
   --natservice Tries to determine reachability status of nodes [$EDGEVPNNATSERVICE]
   --natmap Tries to open a port in the firewall via upnp [$EDGEVPNNATMAP]
   --dht Enable DHT for peer discovery [$EDGEVPNDHT]
   --low-profile Enable low profile. Lowers connections usage [$EDGEVPNLOWPROFILE]
   --mplex-multiplexer Enable mplex multiplexer. [$EDGEVPNMPLEX]
   --aliveness-healthcheck-interval value Healthcheck interval (default: 120) [$HEALTHCHECKINTERVAL]
   --aliveness-healthcheck-scrub-interval value Healthcheck scrub interval (default: 600) [$HEALTHCHECKSCRUBINTERVAL]
   --aliveness-healthcheck-max-interval value Healthcheck max interval. Threshold after a node is determined offline (default: 900) [$HEALTHCHECKMAXINTERVAL]
   --log-level value Specify loglevel (default: "info") [$EDGEVPNLOGLEVEL]
   --libp2p-log-level value Specify libp2p loglevel (default: "fatal") [$EDGEVPNLIBP2PLOGLEVEL]
   --discovery-bootstrap-peers value List of discovery peers to use [$EDGEVPNBOOTSTRAPPEERS]
   --autorelay-static-peer value List of autorelay static peers to use [$EDGEVPNAUTORELAYPEERS]
   --blacklist value List of peers/cidr to gate [$EDGEVPNBLACKLIST]
   --token value Specify an edgevpn token in place of a config file [$EDGEVPNTOKEN]
   --limit-file value Specify an limit config (json) [$LIMITFILE]
   --limit-scope value Specify a limit scope (default: "system") [$LIMITSCOPE]
   --limit-config Enable inline resource limit configuration [$LIMITCONFIG]
   --limit-enable Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled [$LIMITENABLE]
   --limit-config-streams value Streams resource limit configuration (default: 200) [$LIMITCONFIGSTREAMS]
   --limit-config-streams-inbound value Inbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSINBOUND]
   --limit-config-streams-outbound value Outbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSOUTBOUND]
   --limit-config-conn value Connections resource limit configuration (default: 200) [$LIMITCONFIGCONNS]
   --limit-config-conn-inbound value Inbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSINBOUND]
   --limit-config-conn-outbound value Outbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSOUTBOUND]
   --limit-config-fd value Max fd resource limit configuration (default: 30) [$LIMITCONFIGFD]
   --peerguard Enable peerguard. (Experimental) [$PEERGUARD]
   --peergate Enable peergating. (Experimental) [$PEERGATE]
   --peergate-autoclean Enable peergating autoclean. (Experimental) [$PEERGATE_AUTOCLEAN]
   --peergate-relaxed Enable peergating relaxation. (Experimental) [$PEERGATE_RELAXED]
   --peergate-auth value Peergate auth [$PEERGATE_AUTH]
   --peergate-interval value Peergater interval time (default: 120) [$EDGEVPNPEERGATEINTERVAL]
   --help, -h show help
   --version, -v print the version

COPYRIGHT:
     edgevpn Copyright (C) 2021-2022 Ettore Di Giacinto
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
Enter fullscreen mode Exit fullscreen mode

En réutilisant le fichier YAML généré dans le noaud précédent :

root@edgevpn2:~# IFACE=edgevpn0 ADDRESS=10.1.0.4/24 EDGEVPNCONFIG=vpn.yaml edgevpn

{"level":"INFO","time":"2022-11-20T12:41:45.511Z","caller":"cmd/util.go:333","message":" \tedgevpn Copyright (C) 2021-2022 Ettore Di Giacinto\nThis program comes with ABSOLUTELY NO WARRANTY.\nThis is free software, and you are welcome to redistribute it\nunder certain conditions."}
{"level":"INFO","time":"2022-11-20T12:41:45.512Z","caller":"cmd/util.go:335","message":"Version: v0.18.0 commit: 042b7b2d3037670da9cea9d2d3eae52d559016e6\n"}
{"level":"INFO","time":"2022-11-20T12:41:45.512Z","caller":"node/node.go:118","message":" Starting EdgeVPN network"}
2022/11/20 12:41:45 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
{"level":"INFO","time":"2022-11-20T12:41:45.520Z","caller":"node/node.go:172","message":" Node ID: 12D3KooWNc3LEQZ2evuLwQLkeg6ns7A7MGpnwTjfnNHiXcA9awyZ"}
{"level":"INFO","time":"2022-11-20T12:41:45.520Z","caller":"node/node.go:173","message":" Node Addresses: [/ip4/167.235.131.166/tcp/33079 /ip4/127.0.0.1/tcp/33079 /ip4/167.235.131.166/udp/48960/quic /ip4/127.0.0.1/udp/48960/quic /ip6/2a01:4f8:c2c:4092::1/tcp/44625 /ip6/::1/tcp/44625 /ip6/2a01:4f8:c2c:4092::1/udp/59652/quic /ip6/::1/udp/59652/quic]"}
{"level":"INFO","time":"2022-11-20T12:41:45.521Z","caller":"discovery/dht.go:104","message":" Bootstrapping DHT"}
Enter fullscreen mode Exit fullscreen mode

L’interface réseau virtuelle est également présente :

root@edgevpn2:~# ifconfig -a
edgevpn0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1200
        inet 10.1.0.4 netmask 255.255.255.0 destination 10.1.0.4
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 14 bytes 4469 (4.4 KB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 167.235.131.166 netmask 255.255.255.255 broadcast 0.0.0.0
        inet6 fe80::9400:1ff:feae:5b8a prefixlen 64 scopeid 0x20<link>
        inet6 2a01:4f8:c2c:4092::1 prefixlen 64 scopeid 0x0<global>
        ether 96:00:01:ae:5b:8a txqueuelen 1000 (Ethernet)
        RX packets 12746 bytes 14304008 (14.3 MB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 11823 bytes 3524646 (3.5 MB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10<host>
        loop txqueuelen 1000 (Local Loopback)
        RX packets 3255 bytes 1962530 (1.9 MB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 3255 bytes 1962530 (1.9 MB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

root@edgevpn2:~# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name    
tcp 0 0 0.0.0.0:33079 0.0.0.0:* LISTEN 976/edgevpn         
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 694/sshd: /usr/sbin 
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 566/systemd-resolve 
tcp6 0 0 :::22 :::* LISTEN 694/sshd: /usr/sbin 
tcp6 0 0 :::44625 :::* LISTEN 976/edgevpn         
udp 0 0 0.0.0.0:46214 0.0.0.0:* 976/edgevpn         
udp 0 0 0.0.0.0:5353 0.0.0.0:* 976/edgevpn         
udp 0 0 0.0.0.0:5353 0.0.0.0:* 976/edgevpn         
udp 0 0 0.0.0.0:48960 0.0.0.0:* 976/edgevpn         
udp 0 0 127.0.0.53:53 0.0.0.0:* 566/systemd-resolve 
udp 0 0 167.235.131.166:68 0.0.0.0:* 564/systemd-network 
udp6 0 0 :::5353 :::* 976/edgevpn         
udp6 0 0 :::5353 :::* 976/edgevpn         
udp6 0 0 :::59652 :::* 976/edgevpn 
Enter fullscreen mode Exit fullscreen mode

et je peux communiquer avec l’autre noeud :

root@edgevpn2:~# ping -c 5 10.1.0.3
PING 10.1.0.3 (10.1.0.3) 56(84) bytes of data.
64 bytes from 10.1.0.3: icmp_seq=1 ttl=64 time=25.2 ms
64 bytes from 10.1.0.3: icmp_seq=2 ttl=64 time=24.8 ms
64 bytes from 10.1.0.3: icmp_seq=3 ttl=64 time=24.8 ms
64 bytes from 10.1.0.3: icmp_seq=4 ttl=64 time=25.1 ms
64 bytes from 10.1.0.3: icmp_seq=5 ttl=64 time=25.2 ms

--- 10.1.0.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 24.766/25.032/25.249/0.193 ms
Enter fullscreen mode Exit fullscreen mode

Installation de k3s en mode worker sur ce noeud et liaison avec le contrôleur k3s du premier noeud :

root@edgevpn1:~# cat /var/lib/rancher/k3s/server/node-token 
K102d685aef0648346d32649047e76d1f1a32fba6711d620e32a214ecaf3b60404d::server:e232ab947b5d06950138a1a6df9ef796

root@edgevpn2:~# K3S_URL=https://10.1.0.3:6443 K3S_TOKEN=K102d685aef0648346d32649047e76d1f1a32fba6711d620e32a214ecaf3b60404d::server:e232ab947b5d06950138a1a6df9ef796 k3s agent --f
lannel-iface=edgevpn0 --node-ip 10.1.0.4
Enter fullscreen mode Exit fullscreen mode

Le worker apparaît bien dans le cluster k3s avec l’adresse IP définie avec EdgeVPN :

root@edgevpn1:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
edgevpn1 Ready control-plane,master 15m v1.25.3+k3s1 10.1.0.3 <none> Ubuntu 22.04.1 LTS 5.15.0-47-generic containerd://1.6.8-k3s1
edgevpn2 Ready <none> 62s v1.25.3+k3s1 10.1.0.4 <none> Ubuntu 22.04.1 LTS 5.15.0-46-generic containerd://1.6.8-k3s1

root@edgevpn1:~# kubectl get po,svc -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 15m
kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 15m
kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 15m
kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 15m
kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 15m
kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 15m
kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 15m
kube-system pod/svclb-traefik-eedbcbde-sb8h9 2/2 Running 0 83s

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 16m
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 16m
kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 16m
kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3,10.1.0.4 80:31735/TCP,443:30749/TCP 15m
Enter fullscreen mode Exit fullscreen mode

Je peux le visualiser avec kube-explorer, un explorateur portable pour Kubernetes sans aucune dépendance :

GitHub - cnrancher/kube-explorer: A portable explorer for Kubernetes, without any dependency.

root@edgevpn1:~# kube-explorer --help
NAME:
   kube-explorer

USAGE:
   kube-explorer [global options] command [command options] [arguments...]

VERSION:
   v0.2.13 (d242828)

COMMANDS:
   help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --kubeconfig value [$KUBECONFIG]
   --context value [$CONTEXT]
   --ui-path value             
   --https-listen-port value (default: 9443)
   --http-listen-port value (default: 9080)
   --insecure-skip-tls-verify  
   --webhook-auth [$WEBHOOK_AUTH]
   --webhook-kubeconfig value [$WEBHOOK_KUBECONFIG]
   --webhook-url value [$WEBHOOK_URL]
   --webhook-cache-ttl value (default: 0) [$WEBHOOK_CACHE_TTL]
   --debug                     
   --debug-level value (default: 7)
   --help, -h show help
   --version, -v print the version

root@edgevpn1:~# kube-explorer --kubeconfig=/root/.kube/config --http-listen-port=9898 --https-listen-port=0

INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=Role controller 
INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=RoleBinding controller 
INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRole controller 
INFO[0000] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding controller 
INFO[0000] Starting apiregistration.k8s.io/v1, Kind=APIService controller 
INFO[0000] Listening on :9898     
Enter fullscreen mode Exit fullscreen mode

Il intègre le framework steve de Rancher et son tableau de bord, et est recompilé, empaqueté, compressé, et fournit un gestionnaire de ressources Kubernetes presque entièrement sans état :

EdgeVPN fournit également une interface Web :

WebUI and API

root@edgevpn1:~# edgevpn api --help

NAME:
    api - Starts an http server to display network informations

USAGE:
   edgevpn api

DESCRIPTION:
   Start listening locally, providing an API for the network.
A simple UI interface is available to display network data.

OPTIONS:
   --config value Specify a path to a edgevpn config file [$EDGEVPNCONFIG]
   --timeout value Specify a default timeout for connection stream (default: "15s") [$EDGEVPNTIMEOUT]
   --mtu value Specify a mtu (default: 1200) [$EDGEVPNMTU]
   --bootstrap-iface Setup interface on startup (need privileges) [$EDGEVPNBOOTSTRAPIFACE]
   --packet-mtu value Specify a mtu (default: 1420) [$EDGEVPNPACKETMTU]
   --channel-buffer-size value Specify a channel buffer size (default: 0) [$EDGEVPNCHANNELBUFFERSIZE]
   --discovery-interval value DHT discovery interval time (default: 720) [$EDGEVPNDHTINTERVAL]
   --ledger-announce-interval value Ledger announce interval time (default: 10) [$EDGEVPNLEDGERINTERVAL]
   --autorelay-discovery-interval value Autorelay discovery interval (default: "5m") [$EDGEVPNAUTORELAYDISCOVERYINTERVAL]
   --autorelay-static-only Use only defined static relays [$EDGEVPNAUTORELAYSTATICONLY]
   --ledger-syncronization-interval value Ledger syncronization interval time (default: 10) [$EDGEVPNLEDGERSYNCINTERVAL]
   --nat-ratelimit-global value Rate limit global requests (default: 10) [$EDGEVPNNATRATELIMITGLOBAL]
   --nat-ratelimit-peer value Rate limit perr requests (default: 10) [$EDGEVPNNATRATELIMITPEER]
   --nat-ratelimit-interval value Rate limit interval (default: 60) [$EDGEVPNNATRATELIMITINTERVAL]
   --nat-ratelimit Changes the default rate limiting configured in helping other peers determine their reachability status [$EDGEVPNNATRATELIMIT]
   --max-connections value Max connections (default: 0) [$EDGEVPNMAXCONNS]
   --ledger-state value Specify a ledger state directory [$EDGEVPNLEDGERSTATE]
   --mdns Enable mDNS for peer discovery [$EDGEVPNMDNS]
   --autorelay Automatically act as a relay if the node can accept inbound connections [$EDGEVPNAUTORELAY]
   --autorelay-v1 Enable autorelay v1 circuits [$EDGEVPNAUTORELAYV1]
   --concurrency value Number of concurrent requests to serve (default: 2)
   --holepunch Automatically try holepunching when possible [$EDGEVPNHOLEPUNCH]
   --natservice Tries to determine reachability status of nodes [$EDGEVPNNATSERVICE]
   --natmap Tries to open a port in the firewall via upnp [$EDGEVPNNATMAP]
   --dht Enable DHT for peer discovery [$EDGEVPNDHT]
   --low-profile Enable low profile. Lowers connections usage [$EDGEVPNLOWPROFILE]
   --mplex-multiplexer Enable mplex multiplexer. [$EDGEVPNMPLEX]
   --aliveness-healthcheck-interval value Healthcheck interval (default: 120) [$HEALTHCHECKINTERVAL]
   --aliveness-healthcheck-scrub-interval value Healthcheck scrub interval (default: 600) [$HEALTHCHECKSCRUBINTERVAL]
   --aliveness-healthcheck-max-interval value Healthcheck max interval. Threshold after a node is determined offline (default: 900) [$HEALTHCHECKMAXINTERVAL]
   --log-level value Specify loglevel (default: "info") [$EDGEVPNLOGLEVEL]
   --libp2p-log-level value Specify libp2p loglevel (default: "fatal") [$EDGEVPNLIBP2PLOGLEVEL]
   --discovery-bootstrap-peers value List of discovery peers to use [$EDGEVPNBOOTSTRAPPEERS]
   --autorelay-static-peer value List of autorelay static peers to use [$EDGEVPNAUTORELAYPEERS]
   --blacklist value List of peers/cidr to gate [$EDGEVPNBLACKLIST]
   --token value Specify an edgevpn token in place of a config file [$EDGEVPNTOKEN]
   --limit-file value Specify an limit config (json) [$LIMITFILE]
   --limit-scope value Specify a limit scope (default: "system") [$LIMITSCOPE]
   --limit-config Enable inline resource limit configuration [$LIMITCONFIG]
   --limit-enable Enable resource manager. (Experimental) All options prefixed with limit requires resource manager to be enabled [$LIMITENABLE]
   --limit-config-streams value Streams resource limit configuration (default: 200) [$LIMITCONFIGSTREAMS]
   --limit-config-streams-inbound value Inbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSINBOUND]
   --limit-config-streams-outbound value Outbound streams resource limit configuration (default: 30) [$LIMITCONFIGSTREAMSOUTBOUND]
   --limit-config-conn value Connections resource limit configuration (default: 200) [$LIMITCONFIGCONNS]
   --limit-config-conn-inbound value Inbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSINBOUND]
   --limit-config-conn-outbound value Outbound connections resource limit configuration (default: 30) [$LIMITCONFIGCONNSOUTBOUND]
   --limit-config-fd value Max fd resource limit configuration (default: 30) [$LIMITCONFIGFD]
   --peerguard Enable peerguard. (Experimental) [$PEERGUARD]
   --peergate Enable peergating. (Experimental) [$PEERGATE]
   --peergate-autoclean Enable peergating autoclean. (Experimental) [$PEERGATE_AUTOCLEAN]
   --peergate-relaxed Enable peergating relaxation. (Experimental) [$PEERGATE_RELAXED]
   --peergate-auth value Peergate auth [$PEERGATE_AUTH]
   --peergate-interval value Peergater interval time (default: 120) [$EDGEVPNPEERGATEINTERVAL]
   --debug                                       
   --listen value Listening address. To listen to a socket, prefix with unix://, e.g. unix:///socket.path (default: ":8080")

root@edgevpn1:~# EDGEVPNCONFIG=vpn.yaml edgevpn api --listen :10000

{"level":"INFO","time":"2022-11-20T13:04:37.466Z","caller":"cmd/util.go:333","message":" \tedgevpn Copyright (C) 2021-2022 Ettore Di Giacinto\nThis program comes with ABSOLUTELY NO WARRANTY.\nThis is free software, and you are welcome to redistribute it\nunder certain conditions."}
{"level":"INFO","time":"2022-11-20T13:04:37.466Z","caller":"cmd/util.go:335","message":"Version: v0.18.0 commit: 042b7b2d3037670da9cea9d2d3eae52d559016e6\n"}
{"level":"INFO","time":"2022-11-20T13:04:37.466Z","caller":"node/node.go:118","message":" Starting EdgeVPN network"}
2022/11/20 13:04:37 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
{"level":"INFO","time":"2022-11-20T13:04:37.485Z","caller":"node/node.go:172","message":" Node ID: 12D3KooWJZz5MiSL9LQMt96mCufYBs2q9jXaNDyfFBsEX5NNDz2C"}
{"level":"INFO","time":"2022-11-20T13:04:37.507Z","caller":"node/node.go:173","message":" Node Addresses: [/ip6/2a01:4f9:c012:5f57::1/udp/55208/quic /ip6/::1/udp/55208/quic /ip4/65.21.189.254/tcp/45321 /ip4/127.0.0.1/tcp/45321 /ip4/65.21.189.254/udp/43275/quic /ip4/127.0.0.1/udp/43275/quic /ip6/2a01:4f9:c012:5f57::1/tcp/43219 /ip6/::1/tcp/43219]"}
{"level":"INFO","time":"2022-11-20T13:04:37.508Z","caller":"discovery/dht.go:104","message":" Bootstrapping DHT"}
⇨ http server started on [::]:10000
Enter fullscreen mode Exit fullscreen mode

J’en profite pour déployer dans ce cluster k3s, Kotal operator qui est un déployeur de blockchain agnostique sur n’importe quel cloud.

Kotal

GitHub - kotalco/kotal: Blockchain Kubernetes Operator

Que puis-je faire avec Kotal Operator selon la documentation officielle ?

  • Déployer des nœuds rpc Bitcoin
  • Déployer des pairs IPFS et des pairs de cluster
  • Déployer des essaims IPFS
  • Déploiement de nœuds de transaction et de minage Ethereum
  • Déploiement de nœuds de validation et de balises Ethereum
  • Déploiement de réseaux Ethereum privés
  • Déploiement de nœuds RPC, d’archives et de validation NEAR
  • Déploiement de nœuds RPC et de validation Polkadot
  • Déploiement de nœuds Chainlink
  • Déploiement de nœuds Filecoin
  • Déploiement de services d’épinglage soutenus par Filecoin (FPS)
  • Déploiement de nœuds RPC et API Stacks
  • Déploiement de nœuds complets et de validateurs Aptos

J’installe pour cela cert-manager :

cert-manager

root@edgevpn1:~# kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml

customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
namespace/cert-manager created
serviceaccount/cert-manager-cainjector created
serviceaccount/cert-manager created
serviceaccount/cert-manager-webhook created
clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrole.rbac.authorization.k8s.io/cert-manager-view created
clusterrole.rbac.authorization.k8s.io/cert-manager-edit created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created
clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created
role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
role.rbac.authorization.k8s.io/cert-manager:leaderelection created
role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created
rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created
service/cert-manager created
service/cert-manager-webhook created
deployment.apps/cert-manager-cainjector created
deployment.apps/cert-manager created
deployment.apps/cert-manager-webhook created
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
Enter fullscreen mode Exit fullscreen mode

et déploiement des ressources et contrôleurs personnalisés de Kotal :

root@edgevpn1:~# kubectl apply -f https://github.com/kotalco/kotal/releases/download/v0.1-alpha.6/kotal.yaml

namespace/kotal created
customresourcedefinition.apiextensions.k8s.io/beaconnodes.ethereum2.kotal.io created
customresourcedefinition.apiextensions.k8s.io/clusterpeers.ipfs.kotal.io created
customresourcedefinition.apiextensions.k8s.io/nodes.chainlink.kotal.io created
customresourcedefinition.apiextensions.k8s.io/nodes.ethereum.kotal.io created
customresourcedefinition.apiextensions.k8s.io/nodes.filecoin.kotal.io created
customresourcedefinition.apiextensions.k8s.io/nodes.polkadot.kotal.io created
customresourcedefinition.apiextensions.k8s.io/peers.ipfs.kotal.io created
customresourcedefinition.apiextensions.k8s.io/validators.ethereum2.kotal.io created
mutatingwebhookconfiguration.admissionregistration.k8s.io/mutating-webhook-configuration created
role.rbac.authorization.k8s.io/leader-election-role created
clusterrole.rbac.authorization.k8s.io/manager-role created
clusterrole.rbac.authorization.k8s.io/metrics-reader created
clusterrole.rbac.authorization.k8s.io/proxy-role created
rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/proxy-rolebinding created
service/controller-manager-metrics-service created
service/webhook-service created
deployment.apps/controller-manager created
certificate.cert-manager.io/serving-cert created
issuer.cert-manager.io/selfsigned-issuer created
validatingwebhookconfiguration.admissionregistration.k8s.io/validating-webhook-configuration created

root@edgevpn1:~# kubectl get po,svc -A

NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 48m
kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 48m
kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 48m
kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 48m
kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 48m
kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 48m
kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 48m
kube-system pod/svclb-traefik-eedbcbde-sb8h9 2/2 Running 0 33m
cert-manager pod/cert-manager-77f9f95c5c-fk98d 1/1 Running 0 3m39s
cert-manager pod/cert-manager-webhook-765b6f5ffc-fzj5p 1/1 Running 0 3m39s
cert-manager pod/cert-manager-cainjector-769c877458-4wxmb 1/1 Running 2 (71s ago) 3m39s
kotal pod/controller-manager-5784dc84d5-kbr58 2/2 Running 0 71s

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 48m
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 48m
kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 48m
kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3,10.1.0.4 80:31735/TCP,443:30749/TCP 48m
cert-manager service/cert-manager ClusterIP 10.43.12.233 <none> 9402/TCP 3m39s
cert-manager service/cert-manager-webhook ClusterIP 10.43.217.216 <none> 443/TCP 3m39s
kotal service/controller-manager-metrics-service ClusterIP 10.43.188.129 <none> 8443/TCP 71s
kotal service/webhook-service ClusterIP 10.43.142.211 <none> 443/TCP 71s
Enter fullscreen mode Exit fullscreen mode

IPFS est un système distribué de fichiers pair à pair qui ne dépend pas de serveurs centralisés. IPFS (InterPlanetary File System), est un protocole hypermédia peer-to-peer (P2P) créé dans l’objectif de “révolutionner Internet”.

Il s’agit d’un système distribué qui permet aux utilisateurs de stocker et d’accéder à des fichiers, des applications et des sites web. Son but est de connecter un ensemble d’équipements informatiques avec le même système de fichiers. D’une certaine manière IPFS est similaire au World Wide Web, à la différence qu’il peut être vu comme un essaim (Swarm) BitTorrent unique, qui échange des objets au sein d’un dépôt Git.

IPFS Powers the Distributed Web

Tout comme les réseaux blockchain qui utilisent des nœuds pour obtenir la puissance de calcul nécessaire à la validation des données, IPFS stocke les informations en utilisant la bande passante de centaines de milliers de nœuds. À l’image des autres réseaux blockchain, IPFS est immuable, ce qui signifie que le contenu des fichiers ne peut pas être modifié. Par conséquent, si vous altérez ou modifiez un fichier ou son contenu, son hachage changera de façon automatique …

Avec Kotal, création d’un pair IPFS avec ce manifest YAML :

apiVersion: ipfs.kotal.io/v1alpha1
kind: Peer
metadata:
  name: simple-peer
spec: {}
Enter fullscreen mode Exit fullscreen mode

Il s’agit d’un simple pair IPFS qui rejoint l’essaim public ipfs, et qui démarre avec tous les paramètres par défaut, ce qui est similaire à l’exécution de ipfs init puis ipfs daemon

root@edgevpn1:~# kubectl apply -f peer.yaml
peer.ipfs.kotal.io/simple-peer created

root@edgevpn1:~# kubectl get peers
NAME CLIENT
simple-peer go-ipfs

root@edgevpn1:~# kubectl get po,svc -A

NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/local-path-provisioner-5b5579c644-pv9cj 1/1 Running 0 55m
kube-system pod/coredns-75fc8f8fff-clcz6 1/1 Running 0 55m
kube-system pod/helm-install-traefik-crd-tz9t9 0/1 Completed 0 55m
kube-system pod/helm-install-traefik-bwc74 0/1 Completed 1 55m
kube-system pod/svclb-traefik-eedbcbde-dj69n 2/2 Running 0 55m
kube-system pod/traefik-9c6dc6686-nckxj 1/1 Running 0 55m
kube-system pod/metrics-server-5c8978b444-ggqg7 1/1 Running 0 55m
kube-system pod/svclb-traefik-eedbcbde-sb8h9 2/2 Running 0 41m
cert-manager pod/cert-manager-77f9f95c5c-fk98d 1/1 Running 0 10m
cert-manager pod/cert-manager-webhook-765b6f5ffc-fzj5p 1/1 Running 0 10m
kotal pod/controller-manager-5784dc84d5-kbr58 2/2 Running 0 8m15s
default pod/simple-peer-0 1/1 Running 0 3m29s
cert-manager pod/cert-manager-cainjector-769c877458-4wxmb 1/1 Running 5 (112s ago) 10m

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 55m
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 55m
kube-system service/metrics-server ClusterIP 10.43.26.165 <none> 443/TCP 55m
kube-system service/traefik LoadBalancer 10.43.243.18 10.1.0.3,10.1.0.4 80:31735/TCP,443:30749/TCP 55m
cert-manager service/cert-manager ClusterIP 10.43.12.233 <none> 9402/TCP 10m
cert-manager service/cert-manager-webhook ClusterIP 10.43.217.216 <none> 443/TCP 10m
kotal service/controller-manager-metrics-service ClusterIP 10.43.188.129 <none> 8443/TCP 8m15s
kotal service/webhook-service ClusterIP 10.43.142.211 <none> 443/TCP 8m15s
default service/simple-peer ClusterIP 10.43.2.246 <none> 4001/TCP,4001/UDP,5001/TCP,8080/TCP 3m29s

root@edgevpn1:~# kubectl logs -f simple-peer-0

Defaulted container "peer" out of: peer, init-ipfs (init), config-ipfs (init)
Initializing daemon...
go-ipfs version: 0.11.0-25efe3f
Repo version: 11
System version: amd64/linux
Golang version: go1.16.7
2022/11/20 13:26:22 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/11/20 13:26:22 [zeroconf] no suitable IPv6 interface: udp6: failed to join any of these interfaces: [{2 1150 eth0 ba:77:78:26:4a:0c up|broadcast|multicast}]
Swarm listening on /ip4/10.42.0.10/tcp/4001
Swarm listening on /ip4/10.42.0.10/udp/4001/quic
Swarm listening on /ip4/127.0.0.1/tcp/4001
Swarm listening on /ip4/127.0.0.1/udp/4001/quic
Swarm listening on /ip6/::1/tcp/4001
Swarm listening on /ip6/::1/udp/4001/quic
Swarm listening on /p2p-circuit
Swarm announcing /ip4/10.42.0.10/tcp/4001
Swarm announcing /ip4/10.42.0.10/udp/4001/quic
Swarm announcing /ip4/127.0.0.1/tcp/4001
Swarm announcing /ip4/127.0.0.1/udp/4001/quic
Swarm announcing /ip6/::1/tcp/4001
Swarm announcing /ip6/::1/udp/4001/quic
API server listening on /ip4/0.0.0.0/tcp/5001
WebUI: http://0.0.0.0:5001/webui
Gateway (readonly) server listening on /ip4/0.0.0.0/tcp/8080
Daemon is ready
Enter fullscreen mode Exit fullscreen mode

Le pair avec IPFS est opérationnel et prêt à recevoir des appels API :

root@edgevpn1:~# kubectl port-forward simple-peer-0 5001
Forwarding from 127.0.0.1:5001 -> 5001
Forwarding from [::1]:5001 -> 5001
Enter fullscreen mode Exit fullscreen mode


root@edgevpn1:~# curl -X POST "http://127.0.0.1:5001/api/v0/cat?arg=QmQPeNsJPyVWPFDVHb77w8G42Fvo15z4bG2X8D2GhfbSXc/readme"

Hello and Welcome to IPFS!

██╗██████╗ ███████╗███████╗
██║██╔══██╗██╔════╝██╔════╝
██║██████╔╝█████╗ ███████╗
██║██╔═══╝ ██╔══╝ ╚════██║
██║██║ ██║ ███████║
╚═╝╚═╝ ╚═╝ ╚══════╝

If you're seeing this, you have successfully installed
IPFS and are now interfacing with the ipfs merkledag!

 -------------------------------------------------------
| Warning: |
| This is alpha software. Use at your own discretion! |
| Much is missing or lacking polish. There are bugs. |
| Not yet secure. Read the security notes for more. |
 -------------------------------------------------------

Check out some of the other files in this directory:

  ./about
  ./help
  ./quick-start <-- usage examples
  ./readme <-- this file
  ./security-notes
Enter fullscreen mode Exit fullscreen mode

Je peux charger une image et la publier en mode P2P et de manière décentralisée avec IPFS :

Je vérifie sa présence sur les différentes passerelles publiques IPFS :

Public Gateway Checker | IPFS

Avec ceci, on peut déployer un pair de cluster IPFS. Le cluster IPFS permet l’orchestration des données à travers un essaim de démons IPFS en allouant, répliquant et suivant un jeu d’épingles global distribué entre plusieurs pairs :

IPFS Cluster

Deploy IPFS cluster peer

ou bien avec l’opérateur IPFS :

GitHub - ipfs-cluster/ipfs-operator

Comme on a pu le voir ici, Kotal est un opérateur Blockchain Kubernetes opensource multi-client et agnostique au cloud qui facilite le déploiement d’une infrastructure blockchain hautement disponible, autogérée et auto-réparatrice (réseaux, nœuds, clusters de stockage…) sur n’importe quel cloud pour devenir sa propre plateforme Infura. Et ceci en conjonction avec un cluster Kubernetes et EdgeVPN par exemple …

Ethereum API | IPFS API & Gateway | ETH Nodes as a Service

À suivre !

Top comments (1)

Collapse
 
yasir2000 profile image
Yasir Karam

Thanks for the implementation, have you managed to test ngrok in the demo, what Linux distro you've used here?