On a best-effort basis, store the state on the disk periodically and on shutdown & restore it from the disk on startup.
Additionally, bump Go version, deps & rekres.
Closessiderolabs/discovery-service#54.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Update removing multiple old middlewares, rework
the way data is passed through the context, logging fields, etc.
Fix minimum keepalive interval enforcement.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
No real functional changes, some small cleanups, using generic
functions, refactoring some code.
Use the actual address instead of string for the IP rate limiter
(smaller map key).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows to launch discovery service with a flag like
`--redirect-endpoint=example.com:443`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
enforce rate limits and a maximum burst size per IP address
Signed-off-by: Philipp Sauter <sauterp@protonmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
- Added additional interceptors function to log the address
- Tests to cover the client IP address case
Signed-off-by: Rohit Dandamudi <rohit.dandamudi@siderolabs.com>
Do not store versions like `v0.14.0-alpha.0-7-gf7d9f211-dirty` to avoid
a combinatorial explosion in Prometheus.
Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@talos-systems.com>
This addresses a pretty race case when cluster GC runs while the cluster
just got created without any affiliates, but with a subscription.
Client first watches cluster state, then adds an affiliate, so there
might be a case when GC runs and sees a fresh cluster without any
affiliates and GCes it.
This also fixes test instability.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
I somehow assumes AES block size is equal to key size (32 bytes), but
that is not the fact. AES block size is always 16 bytes, so for IPv6
endpoints (and longer endpoints in general) we have to encrypt every
block.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6
This wrapper handles protobuf marshaling, encryption, etc. on the client
data so that service doesn't have a way to see the data.
Client handles data refresh on TTL, updates, discovery of other
affiliates, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#5
Batch watch responses in a single batch so that client can quickly know
that initial snapshot got delivered.
Bump go.mod deps.
Implement more limits.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
