gateway: Add support for multiple nodes using the same domain #412
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Change from /wavekv/status to /prpc/Admin.WaveKvStatus - Add field name compatibility for both snake_case and camelCase - Add error message display for debugging
When gateway restarts, persistent store recovers its peer list from WAL, but ephemeral store is created fresh with empty peers. This causes ephemeral store to miss peers that were added after initial startup. Fix by reading peers from persistent store after WAL recovery and including them when creating the ephemeral store.
When a CVM re-registers on a different gateway node and gets a new IP, the old IP was not being released when other nodes sync the update. This caused IP addresses to leak and never be reclaimed. Fix by checking if IP changed during reload_instances_from_kv_store() and releasing the old IP before inserting the new one.
When gateway config changes and client_ip_range is modified, existing CVMs may have IPs outside the new range. The valid_ip() function now checks if IP is within client_ip_range, causing re-registration to allocate a new IP within the valid range.
When adding a ZT domain with "Use Default" DNS credential selected, the frontend sends an empty string for dns_cred_id. The backend now normalizes empty string to None, allowing the domain to use the default DNS credential instead of failing with "credential not found".
Change the default port value from 0 to 443 when adding a new ZT domain, as 443 is the standard HTTPS port and the most common use case.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
… fields - Add ForceReleaseCertLock admin RPC to manually release stuck certificate renewal locks in WaveKV - Add dns_txt_ttl and max_dns_wait fields to DnsCredentialInfo proto message so these values are returned when querying DNS credentials - Update dns_cred_to_proto to populate the new fields
Move WG IP calculation and certbot configuration from CVM entrypoint to deploy script. Add bootstrap_admin function to auto-configure gateway after deployment (certbot, DNS credentials, ZT-domain). Changes: - entrypoint.sh: remove hardcoded values, make all config via env vars - deploy-to-vmm.sh: calculate WG IPs, add vmm_curl/get_vm_id helpers, add get_admin_addr for bridge mode guest IP discovery, add bootstrap - docker-compose.yaml: add configurable env vars with defaults for proxy workers, max connections, sync settings, timeouts, admin addr
Change WG IP calculation to use 10.{240+SUBNET_INDEX}.0.0/12 range,
providing larger address space per gateway node (/16 client range).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces WaveKV, a simple distributed KVDB, as the gateway storage backend, replacing direct JSON disk dumps.
Key benefits include:
WaveKV is specifically designed for dstack-gateway.