WIP rework networking

Author: NathanFlurry

docs/getting_started/INTERNAL_DASHBOARDS.md

@@ -11,4 +11,3 @@ docker ps | grep k3d
 ## I'm getting `Empty reply from server`
 
 This means Traefik hasn't started yet. Make sure the deployment works.
-

docs/infrastructure/k3s/TROUBLESHOOTING.md

@@ -2,48 +2,15 @@
 
 See [`lib/bolt/core/src/dep/terraform/net.rs`](../../../lib/bolt/core/src/dep/terraform/net.rs)
 
-## VLAN (Class B)
+## VLAN (Class A)
 
 Allowed range:
 
-```
-172.16.0.0/12
-```
+| Name                          | Netmask     | Subnet count | Node count       |
+| ----------------------------- | ----------- | ------------ | ---------------- |
+| Entire VLAN                   | 10.0.0.0/8  | ~            | ~                |
+| Region                        | 10.0.0.0/16 | 256          | ~                |
+| Supporting services (GG, ATS) | 10.0.0.0/26 | 16           | 64 - 2           |
+| Job                           | 10.0.4.0/16 | ~            | 65536 - 1024 - 2 |
 
-Region netmask: 18
-Allows for 64 regions
-
-Pool netmask: 24
-Allows for 64 pools
-Allows for 254 hosts (since we can't allocate the network or broadcast address)
-
-Pool netmasks can be flexible to take up multiple pools if there needs to be more than 254 nodes in a pool
-
-## Nebula (Class A)
-
-Allowed range:
-
-```
-10.0.0.0/8
-```
-
-### svc
-
-Allowed range:
-
-```
-10.0.0.0/12
-```
-
-Region netmask: 18 (see above)
-Pool netmask: 24 (see above)
-
-### job
-
-```
-10.16.0.0/12
-```
-
-Allows for 1,048,576 game server nodes
-
-We'll build an IP address allocator for each node that gets created
+We can't allocate the network or broadcast address, so we subtract 2 from each node count.

docs/infrastructure/networking/IP_RANGES.md

@@ -20,7 +20,6 @@ module "server" {
 		provider = "linode"
 		provider_region = "us-southeast"
 		netnum = 0
-		supports_vlan = false
 	}
 
 	size = "g6-standard-4"

infra/tests/standalone/main.tf

@@ -90,23 +90,14 @@ resource "linode_instance_config" "server_boot_config" {
 		}
 	}
 
-	dynamic "interface" {
-		# TODO: Document why this is only included when has a VPC
-		for_each = var.vpc != null ? [null] : []
-
-		content {
-			purpose = "public"
-		}
+	interafce {
+		purpose = "public"
 	}
 
-	dynamic "interface" {
-		for_each = var.vpc != null ? [null] : []
-
-		content {
-			purpose = "vlan"
-			label = "vpc"
-			ipam_address = "${var.vpc.ip}/${var.vpc.netmask}"
-		}
+	interface {
+		purpose = "vlan"
+		label = "vpc"
+		ipam_address = "${var.vpc.ip}/${var.region.netmask}"
 	}
 }
 

infra/tf/modules/generic_server/linode.tf

@@ -26,3 +26,4 @@ locals {
 		],
 	])
 }
+

infra/tf/modules/generic_server/main.tf

@@ -12,8 +12,10 @@ variable "region" {
 	type = object({
 		provider = string
 		provider_region = string
-		netnum = number
-		supports_vlan = bool
+		vlan = object({
+			address = string
+			prefix_len = number
+		})
 	})
 }
 
@@ -41,15 +43,6 @@ variable "volumes" {
 	default = {}
 }
 
-variable "vpc" {
-    type = object({
-		ip = string
-		netmask = number
-	})
-	nullable = true
-	default = null
-}
-
 variable "firewall_inbound" {
 	type = list(object({
 		label = string

infra/tf/modules/generic_server/vars.tf

@@ -10,7 +10,9 @@ module "servers" {
 	size = each.value.size
 	label = each.value.name
 	tags = each.value.tags
-	vpc = var.pools[each.value.pool_id].vpc ? { ip = each.value.vpc_ip, netmask = var.svc_region_netmask } : null
+	vlan = {
+		ip = each.value.vlan_ip
+	}
 	volumes = each.value.volumes
 	firewall_inbound = var.pools[each.value.pool_id].firewall_inbound
 }

infra/tf/pools/servers.tf

@@ -33,17 +33,17 @@ variable "regions" {
 		id = string
 		provider = string
 		provider_region = string
-		netnum = number
-		supports_vlan = bool
-		preferred_subnets = list(string)
+		vlan = object({
+			address = string
+			prefix_len = number
+		})
 	}))
 }
 
 # MARK: Pools
 variable "pools" {
 	type = map(object({
 		roles = list(string)
-		vpc = bool
 		tunnels = map(object({
 			name = string
 			service = string
@@ -76,6 +76,9 @@ variable "servers" {
 		name = string
 		size = string
 		netnum = number
+		vlan = object({
+			ip = string
+		})
 		volumes = map(object({
 			size = number
 		}))

infra/tf/pools/vars.tf

@@ -6,82 +6,71 @@ id = "54c60ee9-ae31-4a3f-b5ff-06aa5639310f"
 provider = "linode"
 provider_region = "us-southeast"
 netnum = 0
-preferred_subnets = ["192.168.128.0/17"]
 supports_vlan = true
 
 [lnd-sfo]
 id = "19f1b737-0ff1-4676-a834-1af8c4e9890f"
 provider = "linode"
 provider_region = "us-west"
 netnum = 1
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-fra]
 id = "37aeb24a-12f6-45ea-ba7e-d2589588d7db"
 provider = "linode"
 provider_region = "eu-central"
 netnum = 2
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-syd]
 id = "6041893e-7a35-4ab7-a31d-9fd4d6f9dee2"
 provider = "linode"
 provider_region = "ap-southeast"
 netnum = 3
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-tok]
 id = "1f34955f-c0a5-472f-b1c6-1912698141eb"
 provider = "linode"
 provider_region = "ap-northeast"
 netnum = 4
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-mba]
 id = "a699aff0-9d2d-4cad-bef4-b929a78d430e"
 provider = "linode"
 provider_region = "ap-west"
 netnum = 5
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-tor]
 id = "33eaba37-0f06-4dc0-959a-2267481e63df"
 provider = "linode"
 provider_region = "ca-central"
 netnum = 6
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-dca]
 id = "732757b5-51dd-464f-a673-6ae40502c832"
 provider = "linode"
 provider_region = "us-iad"
 netnum = 7
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-dfw]
 id = "06e30e05-cd47-4cc7-adeb-8cb4a1a189b7"
 provider = "linode"
 provider_region = "us-central"
 netnum = 8
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-ewr]
 id = "ed6dac28-c16d-4c03-8daa-98adfbae4758"
 provider = "linode"
 provider_region = "us-east"
 netnum = 9
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-lon]
 id = "161e738d-f7ed-4d43-af64-7731e39835ef"
 provider = "linode"
 provider_region = "eu-west"
 netnum = 10
-preferred_subnets = ["192.168.128.0/17"]
 
 [lnd-sgp]
 id = "4baddf3d-3a70-4139-aed7-21e06a74b9f4"
 provider = "linode"
 provider_region = "ap-south"
 netnum = 11
-preferred_subnets = ["192.168.128.0/17"]
+

lib/bolt/config/default_regions.toml

@@ -66,8 +66,6 @@ pub enum ClusterKind {
 	#[serde(rename = "single_node")]
 	SingleNode {
 		public_ip: String,
-		#[serde(default)]
-		preferred_subnets: Vec<String>,
 
 		/// Restricts the resources of the core services so there are more resources availble for
 		/// compiling code.
@@ -100,10 +98,6 @@ pub struct Region {
 	pub provider: String,
 	pub provider_region: String,
 	pub netnum: usize,
-	#[serde(default)]
-	pub supports_vlan: bool,
-	#[serde(default)]
-	pub preferred_subnets: Vec<String>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Debug)]

lib/bolt/config/src/ns.rs

@@ -147,15 +147,10 @@ async fn vars(ctx: &ProjectContext) {
 	vars.insert("namespace".into(), json!(ns));
 
 	match &config.cluster.kind {
-		ns::ClusterKind::SingleNode {
-			public_ip,
-			preferred_subnets,
-			..
-		} => {
+		ns::ClusterKind::SingleNode { public_ip, .. } => {
 			vars.insert("deploy_method_local".into(), json!(true));
 			vars.insert("deploy_method_cluster".into(), json!(false));
 			vars.insert("public_ip".into(), json!(public_ip));
-			vars.insert("local_preferred_subnets".into(), json!(preferred_subnets));
 		}
 		ns::ClusterKind::Distributed {} => {
 			vars.insert("deploy_method_local".into(), json!(false));
@@ -189,18 +184,6 @@ async fn vars(ctx: &ProjectContext) {
 	vars.insert("domain_cdn".into(), json!(ctx.domain_cdn()));
 	vars.insert("domain_job".into(), json!(ctx.domain_job()));
 
-	// Net
-	vars.insert("svc_region_netmask".into(), json!(net::svc::REGION_NETMASK));
-	vars.insert("svc_pool_netmask".into(), json!(net::svc::POOL_NETMASK));
-	vars.insert("vpc_subnet".into(), json!(net::vpc::SUBNET));
-	vars.insert("vpc_netmask".into(), json!(net::vpc::NETMASK));
-	vars.insert("nebula_subnet".into(), json!(net::nebula::SUBNET));
-	vars.insert("nebula_netmask".into(), json!(net::nebula::NETMASK));
-	vars.insert("nebula_subnet_svc".into(), json!(net::nebula::SUBNET_SVC));
-	vars.insert("nebula_netmask_svc".into(), json!(net::nebula::NETMASK_SVC));
-	vars.insert("nebula_subnet_job".into(), json!(net::nebula::SUBNET_JOB));
-	vars.insert("nebula_netmask_job".into(), json!(net::nebula::NETMASK_JOB));
-
 	// Cloudflare
 	match &config.dns.provider {
 		ns::DnsProvider::Cloudflare {

lib/bolt/core/src/dep/terraform/gen.rs

@@ -1,6 +1,5 @@
 pub mod cli;
 pub mod gen;
-pub mod nebula_firewall_rules;
 pub mod net;
 pub mod output;
 pub mod pools;