diff --git a/Dockerfile.bridge b/Dockerfile.bridge new file mode 100644 index 0000000..6f3eb02 --- /dev/null +++ b/Dockerfile.bridge @@ -0,0 +1,15 @@ +FROM zyclonite/zerotier:latest + +RUN apk add --no-cache --purge --clean-protected --update supervisor iptables \ + && mkdir -p /var/log/supervisor \ + && rm -rf /var/cache/apk/* + +ENV LOG_PATH=/var/log/supervisor + +COPY conf scripts /opt + +EXPOSE 9993/udp + +ENTRYPOINT ["/opt/entrypoint.sh"] + +CMD ["-U"] diff --git a/README.md b/README.md index 4e46832..c240c2c 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,15 @@ or create an empty file with the network as name /var/lib/zerotier-one/networks.d/8056c2e21c000001.conf +#### Bridge mode +It is the implementation of the local network bridge [paper](https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/Bridge+your+ZeroTier+and+local+network+with+a+RaspberryPi) + + docker run --name zerotier-one --device=/dev/net/tun \ + --cap-add=NET_ADMIN --cap-add=SYS_ADMIN \ + -v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotier:bridge + +That will start the zero-one, establish connection and build the bridge once the `zt` interface is up. + #### Source https://github.com/zyclonite/zerotier-docker diff --git a/conf/supervisord.conf b/conf/supervisord.conf new file mode 100644 index 0000000..b36c1b3 --- /dev/null +++ b/conf/supervisord.conf @@ -0,0 +1,15 @@ +[supervisord] +nodaemon=true +user=root +logfile=%(ENV_LOG_PATH)s/supervisord.log +childlogdir=%(ENV_LOG_PATH)s +priority=1 + +[program:bridge] +command=/opt/bridge.sh +stdout_logfile=%(ENV_LOG_PATH)s/bridge.stdout.log +stderr_logfile=%(ENV_LOG_PATH)s/bridge.stderr.log +startsecs=0 +autorestart=false +exitcodes=0 +priority=1 \ No newline at end of file diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml new file mode 100644 index 0000000..790f0d2 --- /dev/null +++ b/k8s/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zerotier +spec: + selector: + matchLabels: + app: zerotier + template: + metadata: + labels: + app: zerotier + spec: + initContainers: + - name: network-joiner + image: busybox + env: + - name: NETWORK_ID + value: "" + command: [ "sh", "-c", "mkdir -p /mnt/networks.d && touch /mnt/networks.d/$(NETWORK_ID).conf" ] + volumeMounts: + - name: vol + subPath: config + mountPath: /mnt + + containers: + - name: zerotier + image: zyclonite/zerotier:bridge + resources: + limits: + memory: "128Mi" + cpu: "500m" + ports: + - name: net + containerPort: 9993 + volumeMounts: + - name: vol + subPath: config + mountPath: /var/lib/zerotier-one + - name: tun + readOnly: true + mountPath: /dev/net/tun + + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_ADMIN + + dnsPolicy: "None" + dnsConfig: + nameservers: + - 1.1.1.1 + - 8.8.8.8 + + volumes: + - name: vol + persistentVolumeClaim: + claimName: zerotier + - name: tun + hostPath: + path: /dev/net/tun + type: '' \ No newline at end of file diff --git a/scripts/bridge.sh b/scripts/bridge.sh new file mode 100755 index 0000000..5ed3bd3 --- /dev/null +++ b/scripts/bridge.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env sh + +set -o errexit +set -o pipefail +set -o nounset +# set -o xtrace + +echo "Waiting for network interface to be ready..." + +while ! ifconfig | grep -q zt; do + echo -n "." + sleep 1 +done + +echo "Network interface is ready. Starting bridge..." + +PHY_IFACE=eth0 +ZT_IFACE=$(ifconfig | grep zt | awk '{print $1}') +iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE +iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT +iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT + +echo "Bridge started." \ No newline at end of file diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh new file mode 100755 index 0000000..6a89126 --- /dev/null +++ b/scripts/entrypoint.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env sh + +/usr/bin/supervisord --configuration /opt/supervisord.conf & +zerotier-one $@ \ No newline at end of file